From owner-freebsd-jail@FreeBSD.ORG Mon Jul 4 21:58:09 2011 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D6CE8106566B for ; Mon, 4 Jul 2011 21:58:09 +0000 (UTC) (envelope-from jamesbrandongooch@gmail.com) Received: from mail-wy0-f182.google.com (mail-wy0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id 6C7FA8FC15 for ; Mon, 4 Jul 2011 21:58:09 +0000 (UTC) Received: by wyg24 with SMTP id 24so4998365wyg.13 for ; Mon, 04 Jul 2011 14:58:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=0nriHlC37lE1c6l4XSZgDBtKIJP/hDvlcoreVbNzqm4=; b=jruVaWQ8hJMf/gkTONh42Lfu7/82YousNGC099CYrBqKbukS0pyW/utmTlZ9u+7K54 N59akSgk5va/8XAxCldlogUmz7wS0M4GfX2BfPuKnfzBPaZJiXkRjXiDIAnatlgAgeDI lx1p120tFS+HaQ37dhE1tr4jhuGTDaK1rdSB4= MIME-Version: 1.0 Received: by 10.216.78.212 with SMTP id g62mr5697054wee.22.1309815376268; Mon, 04 Jul 2011 14:36:16 -0700 (PDT) Received: by 10.217.5.197 with HTTP; Mon, 4 Jul 2011 14:36:16 -0700 (PDT) In-Reply-To: <4E114EA9.4000605@FreeBSD.org> References: <4E114EA9.4000605@FreeBSD.org> Date: Mon, 4 Jul 2011 16:36:16 -0500 Message-ID: From: Brandon Gooch To: Jamie Gritton Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-jail@freebsd.org Subject: Re: New jail(8) with configuration files, not yet in head X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Jul 2011 21:58:10 -0000 On Mon, Jul 4, 2011 at 12:24 AM, Jamie Gritton wrote: > I'm hoping to get the latest version of jail(8) in before the door slams > shut on 9.0. =A0If anyone wants to take a look at the new code and give i= t a > spin, it may help to ease RE's mind about my tardiness. =A0The included d= iff > applies to the current usr.sbin/jail directory. =A0In addition to the new > program, it adds a jail.conf(5) man page that explains the config file > format (hint: it's a typical C-style block config). > > For anyone that caught my EuroBSDCon presentation last year, it's pretty > much what I presented there. =A0Unfortunately it doesn't have the suggest= ions > that were given then, which remain on the to-do list. =A0What little time= I've > devoted to this project since then has gone into cleaning things up and > fixing the error handling. =A0Other bits will still go in later, but firs= t I'd > like to move this from "project" to "real" status. > > The new program does two things. =A0First, it works the same way the curr= ent > jail(8) does, to add jails from the command line - or change their > parameters, or remove them. =A0Then it adds the ability to to the same th= ing > from a config file, including running the start-up commands that are > currently done by the rc.d/jail script. =A0Details of that are in the new > jail(8) and jail.conf(5) man pages. > > Bugs: there shouldn't be any, of course :-). =A0But please let me know if= you > see any! > > - Jamie > This is great! I have had a great experience testing this out, I'm sure others will find this really satisfying, particularly those also testing VIMAGE kernels, since the new jail config framework has vnet capability built-in. I did however notice a minor nit in the output when removing a jail. Here's the scenario: I set out with a new jail.conf(5) file: exec.start =3D "/bin/sh /etc/rc"; exec.stop =3D "/bin/sh /etc/rc.shutdown"; exec.clean; mount.devfs; ports { path =3D "/usr/jails/$name"; ip4.addr =3D 10.1.1.1; } I run the jail creation command: # jail -c ports ports: created /etc/rc: WARNING: $hostname is not set -- see rc.conf(5). Creating and/or trimming log files. ln: /dev/log: Operation not permitted Starting syslogd. ELF ldconfig path: /lib /usr/lib /usr/lib/compat 32-bit compatibility ldconfig path: /usr/lib32 Clearing /tmp (X related). Updating motd:. Starting sshd. Starting cron. Starting ftpd. Mon Jul 4 21:21:30 UTC 2011 ...and the jail is running: # jls JID IP Address Hostname Path 3 10.1.1.1 /usr/jails/ports Now, when I go to remove the jail: # jail -r ports Stopping cron. Waiting for PIDS: 29824. Terminated . jail: ports: (null): failed I don't think it's anything to worry about, as the jail does indeed get removed. I wonder though if this might be a indicator of some underlying problem I haven't ran into yet with my simplistic testing. All-in-all, I'm loving it -- thanks Jamie! -Brandon