From owner-svn-src-all@freebsd.org Sat Nov 10 13:10:37 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EA9B21133B51; Sat, 10 Nov 2018 13:10:36 +0000 (UTC) (envelope-from h.schmalzbauer@omnilan.de) Received: from mx0.gentlemail.de (mx0.gentlemail.de [IPv6:2a00:e10:2800::a130]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BAAAA6B534; Sat, 10 Nov 2018 13:10:30 +0000 (UTC) (envelope-from h.schmalzbauer@omnilan.de) Received: from mh0.gentlemail.de (mh0.gentlemail.de [78.138.80.135]) by mx0.gentlemail.de (8.14.5/8.14.5) with ESMTP id wAADASq2047720; Sat, 10 Nov 2018 14:10:28 +0100 (CET) (envelope-from h.schmalzbauer@omnilan.de) Received: from titan.inop.mo1.omnilan.net (s1.omnilan.de [217.91.127.234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mh0.gentlemail.de (Postfix) with ESMTPSA id C384621A; Sat, 10 Nov 2018 14:10:27 +0100 (CET) Subject: Re: svn commit: r340319 - head/usr.sbin/jail To: Eugene Grosbein , "Bjoern A. Zeeb" , James Gritton Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org References: <201811101203.wAAC3vov082259@repo.freebsd.org> <871CB649-7A64-490B-A81E-F68A575A8BA4@lists.zabbadoz.net> <882c5796-6e36-8acc-95ba-af90b9ee3bf8@freebsd.org> From: "H. Schmalzbauer - OmniLAN" Message-ID: <7c4c38c5-1eb0-6e3b-adce-f5caf482281e@omnilan.de> Date: Sat, 10 Nov 2018 14:10:27 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <882c5796-6e36-8acc-95ba-af90b9ee3bf8@freebsd.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Greylist: ACL 130 matched, not delayed by milter-greylist-4.2.7 (mx0.gentlemail.de [78.138.80.130]); Sat, 10 Nov 2018 14:10:28 +0100 (CET) X-Milter: Spamilter (Reciever: mx0.gentlemail.de; Sender-ip: 78.138.80.135; Sender-helo: mh0.gentlemail.de; ) X-Rspamd-Queue-Id: BAAAA6B534 X-Spamd-Result: default: False [-6.18 / 200.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[omnilan.de]; RCPT_COUNT_FIVE(0.00)[6]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[mx0.gentlemail.de]; NEURAL_HAM_SHORT(-0.94)[-0.940,0]; IP_SCORE(-2.93)[ip: (-7.69), ipnet: 2a00:e10:2800::/38(-3.85), asn: 25074(-3.08), country: DE(-0.02)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:25074, ipnet:2a00:e10:2800::/38, country:DE]; MID_RHS_MATCH_FROM(0.00)[] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Nov 2018 13:10:37 -0000 Am 10.11.2018 um 13:33 schrieb Eugene Grosbein: > 10.11.2018 19:12, Bjoern A. Zeeb wrote: > >>> Author: eugen >>> Date: Sat Nov 10 12:03:57 2018 >>> New Revision: 340319 >>> URL: https://svnweb.freebsd.org/changeset/base/340319 >>> >>> Log: >>> jail(8): introduce new command option -e to exhibit >>> a list of configured non-wildcard jails with their parameters, >>> no matter running or not. >>> >>> The option -e takes separator argument that is used >>> to separate printed parameters. It will be used with following >>> additions to system periodic scripts to differentiate parts >>> of directory tree belonging jails as opposed to host's. >> From reading this and the man page changes I have a hard time to understand what this does. >> >> What is a “wildcard jail” or a “non-wildcard jail”? > Modern jail configuration style assumes usage of jail.conf file I was quiet unhappy with the single jail.conf(5) in /etc, so I extended jail rc(8) to support /etc/jail.conf.d/ Probably some others would welcome jail.conf.d/ too.  Unfortunately I don't have enough time to stay focused with one feature, so all my extensions are somewhat hackish. In this case, it's part of a jail setup script (I'm aware that there are many ports out ther which claim to ease jail management, but all to much more and nothing I could get a start point with satisfaction, so I wrote my own, wich _only_ utilizes base tools). Essentialy, it's about +++ /etc/rc.d/jail    2017-09-28 13:55:35.109528000 +0000 @@ -127,6 +128,9 @@          if [ -r "$_jconf" ]; then              _conf="$_jconf"              return 0 +        elif [ -r /etc/jail.conf.d/${_j} ]; then +            _conf="/etc/jail.conf.d/${_j}" +            return 0          elif [ -r "$jail_conf" ]; then              _conf="$jail_conf"              return 0'   fi Do you think that jail.conf.d/ should be considered as future extension? The setup script itself is also a handler for mounted md_images, so in case it's found, the diff is a little bigger in order to take care to attach/detach md(4).  Here's the correspondig rc-patch function - happy to mail the whole script on request: patch_rc_jail(){   :verbosemsg "patch_rc_jail() ${1:+called with $@}"   local PATCH line patchfile   PATCH=$(which patch 2>/dev/null)   [ -n "${PATCH}" ] || return   patchfile="$(mktemp)"   if [ -x /usr/sbin/jailsetup ]; then     abtvar='--- /etc/rc.d/jail.orig    2017-09-28 13:45:35.213478000 +0000 +++ /etc/rc.d/jail    2017-09-28 13:55:35.109528000 +0000 @@ -26,6 +26,7 @@  : ${jail_consolecmd:=/usr/bin/login -f root}  : ${jail_jexec:=/usr/sbin/jexec}  : ${jail_jls:=/usr/sbin/jls} +: ${jail_setup:=/usr/sbin/jailsetup}  need_dad_wait= @@ -127,6 +128,9 @@          if [ -r "$_jconf" ]; then              _conf="$_jconf"              return 0 +        elif [ -r /etc/jail.conf.d/${_j} ]; then +            _conf="/etc/jail.conf.d/${_j}" +            return 0          elif [ -r "$jail_conf" ]; then              _conf="$jail_conf"              return 0 @@ -476,6 +480,7 @@          # jail_parallel_start is YES.          #          for _j in $@; do +            [ -x $jail_setup ] && $jail_setup mdattach -n ${_j}              _j=$(echo $_j | tr /. _)              _jv=$(echo -n $_j | tr -c '"'"[:alnum:]"'"' _)              parse_options $_j $_jv || continue @@ -504,6 +509,7 @@          # Start jails one-by-one when jail_parallel_start is NO.          #          for _j in $@; do +            [ -x $jail_setup ] && $jail_setup mdattach -n ${_j}              _j=$(echo $_j | tr /. _)              _jv=$(echo -n $_j | tr -c '"'"[:alnum:]"'"' _)              parse_options $_j $_jv || continue @@ -556,6 +562,7 @@              fi              rm -f $_tmp          done +        [ -x $jail_setup ] && $jail_setup mddetach          echo '"'"."'"'          return      ;; @@ -578,6 +585,7 @@              rm -f /var/run/jail_${_j}.id          fi          rm -f $_tmp +        [ -x $jail_setup ] && $jail_setup mddetach -n ${_j}      done      echo '"'"."'"'  }'   else     abtvar='--- /etc/rc.d/jail.orig    2017-09-28 13:45:35.213478000 +0000 +++ /etc/rc.d/jail    2017-09-28 13:55:35.109528000 +0000 @@ -127,6 +128,9 @@          if [ -r "$_jconf" ]; then              _conf="$_jconf"              return 0 +        elif [ -r /etc/jail.conf.d/${_j} ]; then +            _conf="/etc/jail.conf.d/${_j}" +            return 0          elif [ -r "$jail_conf" ]; then              _conf="$jail_conf"              return 0'   fi   echo "${abtvar}" > "${patchfile}"   ${PATCH} -p 0 -C -i "${patchfile}" >/dev/null 2>&1 || return   ${PATCH} -p 0 -i "${patchfile}" >/dev/null 2>&1 &&     cp /etc/rc.d/jail.orig /var/backups 2>/dev/null   [ -e /etc/rc.d/jail.rej ] && unlink /etc/rc.d/jail.rej   rm /etc/rc.d/jail.orig "${patchfile}" 2>/dev/null } #patch_rc_jail