From owner-freebsd-questions@FreeBSD.ORG Tue May 14 00:44:50 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 976BA251 for ; Tue, 14 May 2013 00:44:50 +0000 (UTC) (envelope-from fbsd8@a1poweruser.com) Received: from mail-03.name-services.com (mail-03.name-services.com [69.64.155.195]) by mx1.freebsd.org (Postfix) with ESMTP id 85AD634B for ; Tue, 14 May 2013 00:44:50 +0000 (UTC) Received: from [10.0.10.1] ([173.88.196.224]) by mail-03.name-services.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 13 May 2013 17:44:51 -0700 Message-ID: <519188FD.7010900@a1poweruser.com> Date: Mon, 13 May 2013 20:44:45 -0400 From: Joe User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: David Demelier Subject: Re: /etc/jail.conf for automatically started jails listed in /etc/rc.conf References: <11698066.Kggl9cS1ZD@melon> <51914DC1.1050207@a1poweruser.com> <1990818.dWVxsxnVR3@melon> In-Reply-To: <1990818.dWVxsxnVR3@melon> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-OriginalArrivalTime: 14 May 2013 00:44:51.0945 (UTC) FILETIME=[3EA2F590:01CE503C] X-Sender: fbsd8@a1poweruser.com X-Authenticated-Sender: fbsd8@a1poweruser.com X-EchoSenderHash: [fbsd8]-[a1poweruser*com] Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 May 2013 00:44:50 -0000 David Demelier wrote: > Le lundi 13 mai 2013 16:32:01 Joe a écrit : >> David Demelier wrote: >>> Hello dear, >>> >>> Does jail.conf(5) does not work for jails listed in the rc.conf ? >>> >>> I've added in /etc/jail.conf: >>> >>> foo { >>> >>> hostname=Foo; >>> path=/jails/foo; >>> allow.sysvipc=1; >>> >>> } >>> >>> And in /etc/rc.conf only foo in the jail_list parameter, but when I try to >>> start the jail it still complain about missing hostname. >>> >>> Regards, >> There are 2 methods for configuring jails. >> >> The legacy method which you put the jail config statements in the hosts >> /etc/rc.conf file and start and stop control is done by the hosts >> /etc/rc.d/jail script at boot time. >> >> The jail(8) method which has it's own jail config statements in the >> hosts /etc/jail.conf file and uses the jail(8) program for starting and >> stopping. You can create a jail.conf file for each jail(8) and start it >> using jail -c -f "/etc/jailname.jail.conf" and stop by issuing >> jail -f "/etc/jailname.jail.conf" -r jailname >> >> You can not mix the 2 methods. > > My real problem is that I wanted to add allow.sysvipc only for *one* jail and > I can't find a real solution by jail_* flags in /etc/rc.conf > > There is jail_allow_sysvipc but it enable it for all jails. > > The jail(8) method does have a allow_sysvipc on a per jail basis. To use it you have to use the jail(8) method. The 9.1-RELEASE legacy method is a work in process to incorporate the jail(8) parameters into the rc.conf config statements. About the allow_sysvipc parameter, this breaks the security the jail is designed to provide and should NOT be used on any jails having public internet access. What are you trying to do that you think you need to use the allow_sysvipc parameter?