From owner-freebsd-questions@FreeBSD.ORG Mon Jun 20 02:16:04 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5D2EE106564A for ; Mon, 20 Jun 2011 02:16:04 +0000 (UTC) (envelope-from fbsd8@a1poweruser.com) Received: from mail-03.name-services.com (mail-03.name-services.com [69.64.155.195]) by mx1.freebsd.org (Postfix) with ESMTP id 423DA8FC08 for ; Mon, 20 Jun 2011 02:16:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; q=dns/txt; s=DKIM-NAME-SERVICES; d=a1poweruser.com; h=From:To:Cc:Subject:Message-ID:X-Sender:X-Envelope-From; l=500; bh=eAquAR98FZesUtQu3GALvAk/13891N41BktdfKnDQXA=; b=RfBhFmFMcjK4ez8EpT7PAw75EiEM8af62KvpIChFJ6XKmWwZqabalV8uchXzz/3ccwSPB9nsMrZ2Wv9lmY3RXmvCBnuhbp23+C4AIiAxaIfTiSWaiNTj/hQ4VsCZhqq4P+Sk7FcWIY2morIL0cj44SQbCfagVFs9YBdZw95chWw= Received: from [192.168.1.64] ([76.240.47.196]) by mail-03.name-services.com with Microsoft SMTPSVC(6.0.3790.4675); Sun, 19 Jun 2011 19:16:03 -0700 Message-ID: <4DFEAD65.70306@a1poweruser.com> Date: Sun, 19 Jun 2011 22:16:05 -0400 From: Fbsd8 User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: Lars Kellogg-Stedman References: In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 20 Jun 2011 02:16:04.0026 (UTC) FILETIME=[0191C1A0:01CC2EF0] X-Sender: fbsd8@a1poweruser.com X-Envelope-From: fbsd8*a1poweruser.com Cc: freebsd-questions Subject: Re: /etc/rc.d/jail using new-style jail command? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jun 2011 02:16:04 -0000 Lars Kellogg-Stedman wrote: > Hello all, > > I'm curious if there's been any work done to make /etc/rc.d/jail use > the new-style jail command (jail -c path=... name=..., etc)...or if > there's been any work done to create a replacement? There are three > features I would love to see in the stock version that I've had to > implement myself: > > - The ability to reference jails by name. Passing the > name= argument means that jails can be referenced by name > when using, e.g., the jexec command, which is very convenient since > jail ids aren't (normally) persistent. > > - The ability to create jails without starting them. The "persist" > argument to the jail command is useful when attaching ZFS datasets to > a jail. A ZFS dataset can't be attached until a JID has been > allocated, but if with the existing implementation the jail will > probably have booted by the time you complete the ZFS assignment, > which impacts services that may need access to the jail. There are > workarounds (such as a busy-wait loop that checks for the filesystem), > but creating the jail with no processes, attaching the datasets, and > then starting the jail is much cleaner. > > - Somewhat more flexibility in setting up jail permissions (via the > enforce_statfs and allow.* arguments). > > Before I spend too much time making my own local changes, I was > wondering if there was anything I should be looking at. I've been > using ezjail recently, but since it relies on the stock /etc/rc.d/jail > to actually boot and configure jails it suffers from the same > limitations. > > Thanks, > > -- Lars > > Give the qjail port a try. It has the ability to reference jails by name and create jails without starting them. Though it does not use the new-style jail command.