From owner-freebsd-jail@FreeBSD.ORG Sat Oct 19 16:22:06 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id CC6D9ED3 for ; Sat, 19 Oct 2013 16:22:06 +0000 (UTC) (envelope-from jamie@gritton.org) Received: from m2.gritton.org (gritton.org [199.192.164.235]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id AD7D222B4 for ; Sat, 19 Oct 2013 16:22:06 +0000 (UTC) Received: from [192.168.0.34] (c-50-168-192-61.hsd1.ut.comcast.net [50.168.192.61]) (authenticated bits=0) by m2.gritton.org (8.14.7/8.14.7) with ESMTP id r9JG0w1p090011; Sat, 19 Oct 2013 10:00:58 -0600 (MDT) (envelope-from jamie@gritton.org) Message-ID: <5262ACBB.1040609@gritton.org> Date: Sat, 19 Oct 2013 10:00:59 -0600 From: James Gritton User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 MIME-Version: 1.0 To: Dirk Engling Subject: Re: Allowing meta-namespace in jail.conf References: <52619D1B.9040408@erdgeist.org> In-Reply-To: <52619D1B.9040408@erdgeist.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Oct 2013 16:22:06 -0000 On 10/18/2013 2:42 PM, Dirk Engling wrote: > Dear jail enthusiasts, > > in order to move forward with my jail management project ezjail, and > make it support the new jail.conf way of managing jail configs, I need a > way to add properties to jails that are currently not in the list of > allowed parameters. I was thinking of something like > > web-jail { > name = 'www.test.com'; > meta.ezjail.imagetype = 'zfs'; > meta.ezjail.zfsdataset = 'tank/ezjail/www.test.com-data'; > } > > Alternatively, I could keep a shadow tree of config options and generate > jail configs on the fly, but that would mean not using the power of the > new jail config format. This can also lead to conflicting settings (e.g. > from wildcard jails or global options) and unexpected parts of the > system to look for configs. > > Another issue is the complexity of the jail.conf format which makes it > hard to automatically manipulate entries. I've started working on a > parser/generator in shell, but wondered if there are any plans to add a > way to remove jail blocks (adding is easier) and add/modify/delete > parameters in jail blocks. Some standardized way to get the result from > jail(8)'s parser would of course be a nice start. > > Any thoughts on that? I'd been thinking of a similar thing, but at a different level. A "jail environment" where these arbitrary parameters are visible inside the kernel (and thus also via jls(8)). I was considering a single "env" parameter formatted like an environ(7) string, but I like your presentation as separate parameters (though I would probably call them "env.*" instead of "meta.*"). Regarding the jail.conf format, it would make sense to move its parsing into libjail. Then if we want we could add features like the extra manipulation you mention. - Jamie