Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 08 Mar 2023 15:21:01 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 260248] jails: depend parameter does not work in modular jail files (conf.d)
Message-ID:  <bug-260248-227-b1Blldmzy8@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-260248-227@https.bugs.freebsd.org/bugzilla/>
References:  <bug-260248-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D260248

Mark Felder <feld@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |feld@FreeBSD.org

--- Comment #4 from Mark Felder <feld@FreeBSD.org> ---
(In reply to Antranig Vartanian from comment #3)

I've tested both cases and they fail. If you run it as

sh -x /etc/rc.d/jail start JAILNAME

you can see what it's doing.

At no point does it attempt to read in any other jail configurations before
processing the target jail.

This is a bit of a chicken-and-egg scenario as the code handling the startu=
p of
jails is shell script which guesses where the jail configs are, and the act=
ual
processing of the jail config parameters is done by the C code. A bad hack
could be implemented in /etc/rc.d/jail to actually read the contents of the=
se
files and look for a "depend =3D" or "depend +=3D", parse it, and then try =
to load
/etc/jail.JAILNAME.conf or /etc/jail.conf.d/JAILNAME.conf so it can be merg=
ed
together and the jail will be discovered. However, this opens a new can of
worms as there won't be any isolation of configuration between the jails an=
d if
the configs are simply concatenated together to be presented to jail(8) you
will have issues with one jail config declaring settings outside the JAILNA=
ME {
} section and leaking into the config of the jail that was appended.

The correct way to solve this would be to move more logic into jail(8) so it
does all of this work for us and /etc/rc.d/jail is stripped down to simply
passing start/stop/restart commands to jail(8) similar to how docker works.

I will gladly contribute to a bounty to overhaul jail(8) if anyone out ther=
e is
willing and capable.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-260248-227-b1Blldmzy8>