From owner-freebsd-current@FreeBSD.ORG Fri Mar 26 14:59:05 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B380616A4CE for ; Fri, 26 Mar 2004 14:59:05 -0800 (PST) Received: from deliver.epitech.net (deliver.epitech.net [163.5.0.25]) by mx1.FreeBSD.org (Postfix) with SMTP id 35A2543D31 for ; Fri, 26 Mar 2004 14:59:05 -0800 (PST) (envelope-from le-hen_j@epita.fr) Received: from epita.fr ([10.42.1.60]) by deliver.epitech.net (SAVSMTP 3.1.2.35) with SMTP id M2004032623560513382 for ; Fri, 26 Mar 2004 23:56:05 +0100 Received: from rocco (rocco.epita.fr [10.42.14.9]) by epita.fr id i2QMvgh03741 for current@freebsd.org EPITA Paris France Fri, 26 Mar 2004 23:59:02 +0100 (CET) Date: Fri, 26 Mar 2004 23:57:40 +0100 From: jeremie le-hen To: current@freebsd.org Message-ID: <20040326225740.GA3567@rocco.epita.fr> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="3V7upXqbjpZ4EhLz" Content-Disposition: inline User-Agent: Mutt/1.4i Subject: New jail related rc.conf variable X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2004 22:59:05 -0000 --3V7upXqbjpZ4EhLz Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi, while setting up a jail using rc.conf variables, I noticed that although there were some variables controlling whether or not I want to mount devfs or procfs, I did not found any simple way to use some nullfs or unionfs mounts inside it. Therefore, I though that the jail rc script was laking of flexibility in sense that there is no simple way to do some unusual configuration before starting the jail and I decided to add a `jail_example_pre_exec' variable in rc.conf which is simply a command to execute before jailing. The scrawny patch is attached. Regards, -- Jeremie LE HEN aka ttz jeremie.le-hen@epita.fr ttz@epita.fr Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread! --3V7upXqbjpZ4EhLz Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="jail_pre_exec.patch" Index: etc/defaults/rc.conf =================================================================== RCS file: /home/cvs/FreeBSD/src/etc/defaults/rc.conf,v retrieving revision 1.202 diff -u -r1.202 rc.conf --- etc/defaults/rc.conf 23 Mar 2004 23:22:34 -0000 1.202 +++ etc/defaults/rc.conf 26 Mar 2004 21:31:47 -0000 @@ -473,6 +473,8 @@ #jail_example_rootdir="/usr/jail/default" # Jail's root directory #jail_example_hostname="default.domain.com" # Jail's hostname #jail_example_ip="192.168.0.10" # Jail's IP number +#jail_example_pre_exec="" # command to execute just + # before jailing. #jail_example_exec="/bin/sh /etc/rc" # command to execute in jail #jail_example_devfs_enable="NO" # mount devfs in the jail #jail_example_fdescfs_enable="NO" # mount fdescfs in the jail Index: etc/rc.d/jail =================================================================== RCS file: /home/cvs/FreeBSD/src/etc/rc.d/jail,v retrieving revision 1.14 diff -u -r1.14 jail --- etc/rc.d/jail 8 Mar 2004 12:25:05 -0000 1.14 +++ etc/rc.d/jail 26 Mar 2004 22:44:21 -0000 @@ -33,6 +33,7 @@ jail_procdir="${jail_rootdir}/proc" eval jail_hostname=\"\$jail_${_j}_hostname\" eval jail_ip=\"\$jail_${_j}_ip\" + eval jail_pre_exec=\"\$jail_${_j}_pre_exec\" eval jail_exec=\"\$jail_${_j}_exec\" [ -z "${jail_exec}" ] && jail_exec="/bin/sh /etc/rc" @@ -155,6 +156,7 @@ mount -t procfs proc "${jail_procdir}" fi fi + [ -n "${jail_pre_exec}" ] && ${jail_pre_exec} _tmp_jail=/tmp/jail.$$ jail -i ${jail_rootdir} ${jail_hostname} \ ${jail_ip} ${jail_exec} > ${_tmp_jail} 2>&1 --3V7upXqbjpZ4EhLz--