Date: Tue, 30 Jun 2009 10:07:11 +0200 From: Alexander Leidinger <Alexander@Leidinger.net> To: Jamie Gritton <jamie@FreeBSD.org> Cc: jail@FreeBSD.org Subject: Re: Switching /etc/rc.d/jail to new syntax (+ new features) Message-ID: <20090630100711.18745yont7x1lcjk@webmail.leidinger.net> In-Reply-To: <4A48FA49.70600@FreeBSD.org> References: <20090627122519.00002b84@unknown> <20090627104704.Y22887@maildrop.int.zabbadoz.net> <20090627140803.00006830@unknown> <20090627121818.P22887@maildrop.int.zabbadoz.net> <20090627162424.00007289@unknown> <4A48FA49.70600@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Jamie Gritton <jamie@FreeBSD.org> (from Mon, 29 Jun 2009 11:30:49 -0600): > Alexander Leidinger wrote: > >>>>>> at http://www.leidinger.net/FreeBSD/current-patches/jail.diff I >>>>>> have a patch to switch the jail rc script to the new jail >>>>>> (8-current) syntax. This includes new config options for a jail >>>>>> (see etc/defaults/rc.conf after patching). The patch also contains >>>>>> my X-in-a-jail stuff (feel free to ignore this part, it's disabled >>>>>> by default). >>>>>> >>>>>> If you do not make any config change, you will be able to see all >>>>>> mounted filesystems of the entire machine. To get back to the >>>>>> previous behavior, you have to add a config option: >>>>>> jail_XXX_startparams="enforce_statfs=2" >>>>>> >>>>>> This config option can also take other jail parameters like >>>>>> allow.sysvipc and other ones described in the jail man-page >>>>>> (additional parameters need to be space separated). >>>>>> >>>>>> Feedback welcome. >>>>>> >>>>> 1) it break various things that will no longer work >>>>> >>>> As mentioned, it "breaks" the statfs part. If there's anything >>>> else, be more specific please. >>>> >>> v6, noIP, ... >>> >> >> I didn't change the IP handling in the rc script. Does this mean >> jail(8) works differently regarding the address parsing when called >> with the new parameters instead of the old options? >> >> I didn't test anything regarding ipv6, but as long as jail(8) doesn't >> behave differently with the new calling syntax compared with what we >> have in the tree, then the behavior is not differnt from what we have. >> If it behaves differently, this can be fixed in the script. >> > > There is a difference. Under the old options, IPv4 and IPv6 > addresses are mixed > into the single fixed argument, and then are parsed to determine > which kind they > are - both by jail(8) and rc.d/jail. Under the new parameter-based > command line, > IPv4 addresses and IPv6 address go with ip4.addr and ip6.addr respectively. But why are my jails (with only one ipv4 address) starting correctly then? > The rc.d/jail code that brings up addresses on an interface can be modified > to decide which argument the address goes with. > > I've given Bjoern a patch based on yours that handles this as well > as the allow.* > systctls (though I missed the statfs part). Do you mind making it available somewhere? Bye, Alexander. -- BOFH excuse #265: The mouse escaped http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090630100711.18745yont7x1lcjk>