Date: Sat, 10 Nov 2018 14:10:27 +0100 From: "H. Schmalzbauer - OmniLAN" <h.schmalzbauer@omnilan.de> To: Eugene Grosbein <eugen@freebsd.org>, "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>, James Gritton <jamie@freebsd.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r340319 - head/usr.sbin/jail Message-ID: <7c4c38c5-1eb0-6e3b-adce-f5caf482281e@omnilan.de> In-Reply-To: <882c5796-6e36-8acc-95ba-af90b9ee3bf8@freebsd.org> References: <201811101203.wAAC3vov082259@repo.freebsd.org> <871CB649-7A64-490B-A81E-F68A575A8BA4@lists.zabbadoz.net> <882c5796-6e36-8acc-95ba-af90b9ee3bf8@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 10.11.2018 um 13:33 schrieb Eugene Grosbein: > 10.11.2018 19:12, Bjoern A. Zeeb wrote: > >>> Author: eugen >>> Date: Sat Nov 10 12:03:57 2018 >>> New Revision: 340319 >>> URL: https://svnweb.freebsd.org/changeset/base/340319 >>> >>> Log: >>> jail(8): introduce new command option -e to exhibit >>> a list of configured non-wildcard jails with their parameters, >>> no matter running or not. >>> >>> The option -e takes separator argument that is used >>> to separate printed parameters. It will be used with following >>> additions to system periodic scripts to differentiate parts >>> of directory tree belonging jails as opposed to host's. >> From reading this and the man page changes I have a hard time to understand what this does. >> >> What is a “wildcard jail” or a “non-wildcard jail”? > Modern jail configuration style assumes usage of jail.conf file I was quiet unhappy with the single jail.conf(5) in /etc, so I extended jail rc(8) to support /etc/jail.conf.d/ Probably some others would welcome jail.conf.d/ too. Unfortunately I don't have enough time to stay focused with one feature, so all my extensions are somewhat hackish. In this case, it's part of a jail setup script (I'm aware that there are many ports out ther which claim to ease jail management, but all to much more and nothing I could get a start point with satisfaction, so I wrote my own, wich _only_ utilizes base tools). Essentialy, it's about +++ /etc/rc.d/jail 2017-09-28 13:55:35.109528000 +0000 @@ -127,6 +128,9 @@ if [ -r "$_jconf" ]; then _conf="$_jconf" return 0 + elif [ -r /etc/jail.conf.d/${_j} ]; then + _conf="/etc/jail.conf.d/${_j}" + return 0 elif [ -r "$jail_conf" ]; then _conf="$jail_conf" return 0' fi Do you think that jail.conf.d/ should be considered as future extension? The setup script itself is also a handler for mounted md_images, so in case it's found, the diff is a little bigger in order to take care to attach/detach md(4). Here's the correspondig rc-patch function - happy to mail the whole script on request: patch_rc_jail(){ :verbosemsg "patch_rc_jail() ${1:+called with $@}" local PATCH line patchfile PATCH=$(which patch 2>/dev/null) [ -n "${PATCH}" ] || return patchfile="$(mktemp)" if [ -x /usr/sbin/jailsetup ]; then abtvar='--- /etc/rc.d/jail.orig 2017-09-28 13:45:35.213478000 +0000 +++ /etc/rc.d/jail 2017-09-28 13:55:35.109528000 +0000 @@ -26,6 +26,7 @@ : ${jail_consolecmd:=/usr/bin/login -f root} : ${jail_jexec:=/usr/sbin/jexec} : ${jail_jls:=/usr/sbin/jls} +: ${jail_setup:=/usr/sbin/jailsetup} need_dad_wait= @@ -127,6 +128,9 @@ if [ -r "$_jconf" ]; then _conf="$_jconf" return 0 + elif [ -r /etc/jail.conf.d/${_j} ]; then + _conf="/etc/jail.conf.d/${_j}" + return 0 elif [ -r "$jail_conf" ]; then _conf="$jail_conf" return 0 @@ -476,6 +480,7 @@ # jail_parallel_start is YES. # for _j in $@; do + [ -x $jail_setup ] && $jail_setup mdattach -n ${_j} _j=$(echo $_j | tr /. _) _jv=$(echo -n $_j | tr -c '"'"[:alnum:]"'"' _) parse_options $_j $_jv || continue @@ -504,6 +509,7 @@ # Start jails one-by-one when jail_parallel_start is NO. # for _j in $@; do + [ -x $jail_setup ] && $jail_setup mdattach -n ${_j} _j=$(echo $_j | tr /. _) _jv=$(echo -n $_j | tr -c '"'"[:alnum:]"'"' _) parse_options $_j $_jv || continue @@ -556,6 +562,7 @@ fi rm -f $_tmp done + [ -x $jail_setup ] && $jail_setup mddetach echo '"'"."'"' return ;; @@ -578,6 +585,7 @@ rm -f /var/run/jail_${_j}.id fi rm -f $_tmp + [ -x $jail_setup ] && $jail_setup mddetach -n ${_j} done echo '"'"."'"' }' else abtvar='--- /etc/rc.d/jail.orig 2017-09-28 13:45:35.213478000 +0000 +++ /etc/rc.d/jail 2017-09-28 13:55:35.109528000 +0000 @@ -127,6 +128,9 @@ if [ -r "$_jconf" ]; then _conf="$_jconf" return 0 + elif [ -r /etc/jail.conf.d/${_j} ]; then + _conf="/etc/jail.conf.d/${_j}" + return 0 elif [ -r "$jail_conf" ]; then _conf="$jail_conf" return 0' fi echo "${abtvar}" > "${patchfile}" ${PATCH} -p 0 -C -i "${patchfile}" >/dev/null 2>&1 || return ${PATCH} -p 0 -i "${patchfile}" >/dev/null 2>&1 && cp /etc/rc.d/jail.orig /var/backups 2>/dev/null [ -e /etc/rc.d/jail.rej ] && unlink /etc/rc.d/jail.rej rm /etc/rc.d/jail.orig "${patchfile}" 2>/dev/null } #patch_rc_jail
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7c4c38c5-1eb0-6e3b-adce-f5caf482281e>