From owner-freebsd-jail@FreeBSD.ORG Sat Jul 4 06:35:37 2009 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 09E981065675; Sat, 4 Jul 2009 06:35:37 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from mail.ebusiness-leidinger.de (mail.ebusiness-leidinger.de [217.11.53.44]) by mx1.freebsd.org (Postfix) with ESMTP id 8AC798FC17; Sat, 4 Jul 2009 06:35:33 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from outgoing.leidinger.net (pD9E2C96E.dip.t-dialin.net [217.226.201.110]) by mail.ebusiness-leidinger.de (Postfix) with ESMTPSA id 66212844861; Sat, 4 Jul 2009 08:35:27 +0200 (CEST) Received: from webmail.leidinger.net (webmail.leidinger.net [192.168.1.102]) by outgoing.leidinger.net (Postfix) with ESMTP id E0E5F1CB538; Tue, 30 Jun 2009 10:07:16 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=Leidinger.net; s=outgoing-alex; t=1246349237; bh=09+0n3sviUsTCyNn4scsTzxBJ+IRanowlD08f/tz784=; h=Message-ID:Date:From:To:Cc:Subject:References:In-Reply-To: MIME-Version:Content-Type:Content-Transfer-Encoding; b=rQLMhSFGDFZklHcAnz/leObeoiBxtSyg6hPLLfj/crV+j//ChS2oxPcJcUC5dN2Jm H4Wygi2/5shST5z8a9m9Lv+q4v/Sy3Pmt7aYhJMRh0YOXluTKTG+UbEKuwxKcVhEOU PPB1oFubJ5mdhnM4EO0eigo50GGkoaZknZVTKtYGx0rILTPKk3iClWr+70qJcsPfun QAy3QdnUNS8xM+YHespGuCoCY2gsZ0JTsIg+5rU9gf8kS65HeK/70s+dCdzdJd/awp /REDIb8f5Hmy4PovLPjtapj6ofmhvFN/0R4ZKYKw+VzqCmOjhFiYuLDbMMFRdRQ4by sCZB0VJXhw0Pw== Received: (from www@localhost) by webmail.leidinger.net (8.14.3/8.13.8/Submit) id n5U87B7r047612; Tue, 30 Jun 2009 10:07:11 +0200 (CEST) (envelope-from Alexander@Leidinger.net) Received: from pslux.cec.eu.int (pslux.cec.eu.int [158.169.9.14]) by webmail.leidinger.net (Horde Framework) with HTTP; Tue, 30 Jun 2009 10:07:11 +0200 Message-ID: <20090630100711.18745yont7x1lcjk@webmail.leidinger.net> X-Priority: 3 (Normal) Date: Tue, 30 Jun 2009 10:07:11 +0200 From: Alexander Leidinger To: Jamie Gritton References: <20090627122519.00002b84@unknown> <20090627104704.Y22887@maildrop.int.zabbadoz.net> <20090627140803.00006830@unknown> <20090627121818.P22887@maildrop.int.zabbadoz.net> <20090627162424.00007289@unknown> <4A48FA49.70600@FreeBSD.org> In-Reply-To: <4A48FA49.70600@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) 4.3.3 / FreeBSD-8.0 X-EBL-MailScanner-Information: Please contact the ISP for more information X-EBL-MailScanner-ID: 66212844861.C63F8 X-EBL-MailScanner: Found to be clean X-EBL-MailScanner-SpamCheck: not spam, spamhaus-ZEN, SpamAssassin (not cached, score=-0.84, required 6, autolearn=disabled, ALL_TRUSTED -1.44, DKIM_SIGNED 0.00, DKIM_VERIFIED -0.00, J_CHICKENPOX_57 0.60) X-EBL-MailScanner-From: alexander@leidinger.net X-EBL-MailScanner-Watermark: 1247294128.68819@f0Yb1DgxR14VUpA+ux5pbA X-EBL-Spam-Status: No Cc: jail@FreeBSD.org Subject: Re: Switching /etc/rc.d/jail to new syntax (+ new features) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Jul 2009 06:35:37 -0000 Quoting Jamie Gritton (from Mon, 29 Jun 2009 11:30:49 -0600): > Alexander Leidinger wrote: > >>>>>> at http://www.leidinger.net/FreeBSD/current-patches/jail.diff I >>>>>> have a patch to switch the jail rc script to the new jail >>>>>> (8-current) syntax. This includes new config options for a jail >>>>>> (see etc/defaults/rc.conf after patching). The patch also contains >>>>>> my X-in-a-jail stuff (feel free to ignore this part, it's disabled >>>>>> by default). >>>>>> >>>>>> If you do not make any config change, you will be able to see all >>>>>> mounted filesystems of the entire machine. To get back to the >>>>>> previous behavior, you have to add a config option: >>>>>> jail_XXX_startparams="enforce_statfs=2" >>>>>> >>>>>> This config option can also take other jail parameters like >>>>>> allow.sysvipc and other ones described in the jail man-page >>>>>> (additional parameters need to be space separated). >>>>>> >>>>>> Feedback welcome. >>>>>> >>>>> 1) it break various things that will no longer work >>>>> >>>> As mentioned, it "breaks" the statfs part. If there's anything >>>> else, be more specific please. >>>> >>> v6, noIP, ... >>> >> >> I didn't change the IP handling in the rc script. Does this mean >> jail(8) works differently regarding the address parsing when called >> with the new parameters instead of the old options? >> >> I didn't test anything regarding ipv6, but as long as jail(8) doesn't >> behave differently with the new calling syntax compared with what we >> have in the tree, then the behavior is not differnt from what we have. >> If it behaves differently, this can be fixed in the script. >> > > There is a difference. Under the old options, IPv4 and IPv6 > addresses are mixed > into the single fixed argument, and then are parsed to determine > which kind they > are - both by jail(8) and rc.d/jail. Under the new parameter-based > command line, > IPv4 addresses and IPv6 address go with ip4.addr and ip6.addr respectively. But why are my jails (with only one ipv4 address) starting correctly then? > The rc.d/jail code that brings up addresses on an interface can be modified > to decide which argument the address goes with. > > I've given Bjoern a patch based on yours that handles this as well > as the allow.* > systctls (though I missed the statfs part). Do you mind making it available somewhere? Bye, Alexander. -- BOFH excuse #265: The mouse escaped http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137