From nobody Sun Feb 20 11:19:25 2022 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id C1D9C19CDD7E for ; Sun, 20 Feb 2022 11:19:30 +0000 (UTC) (envelope-from freebsd-questions@ymmv.dk) Received: from mail01.ymmv.dk (193-106-164-141.ip4.fiberby.net [193.106.164.141]) by mx1.freebsd.org (Postfix) with ESMTP id 4K1jcx5Rrdz4dxt; Sun, 20 Feb 2022 11:19:29 +0000 (UTC) (envelope-from freebsd-questions@ymmv.dk) Received: from c02qx0.local (193-106-164-140.ip4.fiberby.net [193.106.164.140]) by mail01.ymmv.dk (Postfix) with ESMTPSA id 4EEC5100FE2; Sun, 20 Feb 2022 12:19:27 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ymmv.dk; s=ymmv-mail-dkim; t=1645355967; bh=hWMXnxS7iILBzzH9zJTw2KSDfiDDgQ9cbUPnbxX7yIE=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=M4XQofmbEpRmb6FPZxkKu/re1TqII60csPOErCBkxNhoz3CrQf4P+HzBzrWvZJjTw mzGUpQqScQbvYH/gaDnlvF8BkfnO48P+zf80PNhx1HcDVhEesTKNexErPxEbAZHmMT hzrZwP6uFFwP2vhKl6VKhMyxi1PY1ioBs/ytVYIBX4LXuwAouBGHw4ZFIyh6kyuv7e VDou0h8tIt35ylSCDtcTG3ymy2CBDAJUwquk4qKqkUp/1u1QrhRgmzCbMHPhV19fL5 EvjXGC4hM7f5BSVhcv8bL7l+rWBKSmx5UtpHX4gywt2mkEXDDr3W4sxuXR1Wi9cJ2b tFNtcuRGoaH0w== Date: Sun, 20 Feb 2022 12:19:25 +0100 From: Jon Clausen To: Kyle Evans Cc: FreeBSD Mailing List Subject: Re: jail.$jailname.conf not directly in /etc/ ? Message-ID: <20220220111925.zv6c3cceivzkshax@c02qx0.local> References: <20220219092824.6qmzo33es3w73nj5@c02qx0.local> List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: 4K1jcx5Rrdz4dxt X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=pass header.d=ymmv.dk header.s=ymmv-mail-dkim header.b=M4XQofmb; dmarc=none; spf=none (mx1.freebsd.org: domain of freebsd-questions@ymmv.dk has no SPF policy when checking 193.106.164.141) smtp.mailfrom=freebsd-questions@ymmv.dk X-Spamd-Result: default: False [0.83 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[ymmv.dk:s=ymmv-mail-dkim]; NEURAL_HAM_MEDIUM(-0.98)[-0.980]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-0.96)[-0.958]; MIME_GOOD(-0.10)[text/plain]; SUBJECT_HAS_CURRENCY(1.00)[]; DMARC_NA(0.00)[ymmv.dk]; NEURAL_SPAM_SHORT(0.96)[0.965]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[ymmv.dk:+]; RCPT_COUNT_TWO(0.00)[2]; MLMMJ_DEST(0.00)[freebsd-questions]; R_SPF_NA(0.00)[no SPF record]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:42541, ipnet:193.106.164.0/22, country:DK]; RCVD_COUNT_TWO(0.00)[2] X-ThisMailContainsUnwantedMimeParts: N On 2022-02-19 11:03:08 (-0600), Kyle Evans wrote: > On Sat, Feb 19, 2022 at 3:29 AM Jon Clausen wrote: > > Any ideas? > > > > In main we've added a facility to organize jail confs a little > differently: /etc/jail.conf.d/.conf. Right > I think, personally, if > we're going to allow a flexible config here (which I think we should), > we should just expand this latest form and leave the others be. I think I agree: Leave the old way as is, but add the new option. > I > might've even brought this up in the review, because I had thought > about it; maybe something like this: > https://people.freebsd.org/~kevans/jail_conf_dirs.diff to search > /etc/jail.conf.d and /usr/local/etc/jail.conf.d by default. > > That doesn't really solve the problem at hand, but it might be a clean > solution for the future. Well, yes,and no. Combining the input I got from some of the other replies (and some off-list) I came up with this "solution", which actually seems to be working 1: copy the parse_options() function from /etc/rc.d/jail into /usr/local/etc/rc.conf.d/jail/local_jail_functions 2: 'patch' the function as per the above diff. Which comes out something like this (on a 13.0-RELEASE system): +++ /usr/local/etc/rc.conf.d/jail/local_jail_functions 2022-02-20 11:31:51.675462000 +0100 @@ -29,14 +29,17 @@ if [ -r "$_jconf" ]; then _conf="$_jconf" return 0 - elif [ -r "$jail_conf" ]; then - _conf="$jail_conf" - return 0 - else - warn "Invalid configuration for $_j " \ - "(no jail.conf, no hostname, or no path). " \ - "Jail $_j was ignored." fi + for _jconf_dir in $jail_conf_dirs; do + _jconf="${_jconf_dir}/${_j}.conf" + if [ -r "$_jconf" ]; then + _conf="$_jconf" + return 0 + fi + done + warn "Invalid configuration for $_j " \ + "(no jail.conf, no hostname, or no path). " \ + "Jail $_j was ignored." return 1 fi eval _ip=\"\$jail_${_jv}_ip\" 3: Add this to /etc/rc.conf: jail_conf_dirs="/usr/local/etc/jails/" 4: Move jail config and fstab into /usr/local/etc/jails/ In this example, the jail is "J3", so the jail config becomes J3.conf with the accompanying J3.fstab root@jh03:~ # ls -l /usr/local/etc/jails/J3* -rw-r--r-- 1 root wheel 1375 Feb 20 11:37 /usr/local/etc/jails/J3.conf -rw-r--r-- 1 root wheel 151 Jan 9 17:12 /usr/local/etc/jails/J3.fstab 5: test things out: root@jh03:~ # jls JID IP Address Hostname Path root@jh03:~ # service jail start J3 Starting jails: J3. root@jh03:~ # jls JID IP Address Hostname Path 5 J3.ymmv.dk /usr/local/jails/J3 root@jh03:~ # So basically, by overwriting the parse_options() function with a patched version, I can get the system to handle a jail_conf_dirs setting in rc.conf. Now, this is an acceptable situation for me, since this is all for my personal little herd of jails, and it's only me messing with these systems. But it's probably not something anyone would want to pursue in a real production environment. As a proof of concept, however I'd say this does seem to work, and it's actually pretty mush exactly what I was hoping for... so "yay!" :) Now I just have to remember to to watch out for updates to the system, so my local version doesn't get in the way if /etc/rc.d/jail gets updated upstream... :P But thanks everyone, for the responses :) br /jon -- YMMV