From nobody Sun Feb 20 17:19:28 2022 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 09B3119EC4A0 for ; Sun, 20 Feb 2022 17:19:41 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4K1scX6mFxz3vtg; Sun, 20 Feb 2022 17:19:40 +0000 (UTC) (envelope-from kevans@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1645377581; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=osupNedvEGnStpVJnMIcqbFZzdV4jXJ6+8iTjZcW5JQ=; b=a+euAApsFIcFiIaQFgxv0wM6h0mzLucL3i70CFzwN91l5+kr8gOIkj/8KgVR0bYiaZm1t1 YdPWW/zSeG/O+CbHQJBC8JJVgIrZofeTxs9wOpvx7p6EvonZCE1xRTjP09DrxpswvX7V+f wNPmKNaZ4N2pIL4IFUUvDzlIrkHqD1EJ6epAUiZR0Ai8BmMx5507DnEdY82NfEwRs0psBY nflaz27NgucQDnxMgWItUiT6F8a6jk9r97pW6QqG6F71jNuoRfSj+jJyzSkc2f23DQkuvj zlhwMUwQUx82H5de29j7HlT/RNoEGARxeGTadMB5vMiYMOotlQJbPtVnkTq2kg== Received: from mail-qk1-f177.google.com (mail-qk1-f177.google.com [209.85.222.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) (Authenticated sender: kevans) by smtp.freebsd.org (Postfix) with ESMTPSA id C290D2A9AA; Sun, 20 Feb 2022 17:19:40 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: by mail-qk1-f177.google.com with SMTP id c7so11460043qka.7; Sun, 20 Feb 2022 09:19:40 -0800 (PST) X-Gm-Message-State: AOAM533G7HynKukdRFTa/DhofXzqj0ZlpDiUoX4wnpW1YmJk4D5cQ8mf Qj5wi7fDuU3ESugaVC5ObygnN+pe0QydnTfUD+M= X-Google-Smtp-Source: ABdhPJz9C55QmJmivBLVZvSPsp77GlrAr4rRI/VjPyiSCGG4RcOAB9NeotkGrFJOMlqoJ1kq+4Kzg2eYkK/03ifVHC4= X-Received: by 2002:a37:a555:0:b0:508:2000:54c3 with SMTP id o82-20020a37a555000000b00508200054c3mr9814259qke.350.1645377580287; Sun, 20 Feb 2022 09:19:40 -0800 (PST) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 References: <20220219092824.6qmzo33es3w73nj5@c02qx0.local> <20220220111925.zv6c3cceivzkshax@c02qx0.local> In-Reply-To: <20220220111925.zv6c3cceivzkshax@c02qx0.local> From: Kyle Evans Date: Sun, 20 Feb 2022 11:19:28 -0600 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: jail.$jailname.conf not directly in /etc/ ? To: Jon Clausen Cc: Kyle Evans , FreeBSD Mailing List Content-Type: text/plain; charset="UTF-8" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1645377581; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=osupNedvEGnStpVJnMIcqbFZzdV4jXJ6+8iTjZcW5JQ=; b=QfFmTe0F6ssl9jCvbW0TX+mR4hDGLIkYdqoecoZeITBhXS2xwiXPdOLxisgbSJFNKS0j88 mxnhmYj/C31V20U5ZVpX8ih9M0jmBfbwIiou8OMXDHocF/x2G8lySt+4Irz2Zv/GZ2ak5y FnP5M4v7+KCdXTqHswFl0cZcPkUoguil759NWWg+fOmL1qEhTmuKaGwCa2BupP2Ibab1LZ +QFMYYIIw5MfUBZ5N/jdb88agw9FmvWbIwGLYVeezavwpvejliAYhuJXZJXerayj2JTlsf ZA5mFPqrXe3xWNBFSbMnw3/500g2SjtOYyxLbRmEYMxjNheud4CiKSnsuo0n0w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1645377581; a=rsa-sha256; cv=none; b=HjZgfW/3iXZ9umPaxOLlzfexq2EjTe/5gmx6+7b3sX1bVdfS7PjpePzhogrzF7ct1VzICc bJub0AvHmZwVY+xKVttzOjSSibHHFpd8oD2/R4dNK+iVEIZHMHSmhrjQE57gWOPQr38DIf WMwy0ODAKGkXnahhZz9nYv/VEYFayu/ah0WIxGRv6nFjujuGahRC86VmgVRBttzHVTQGka dQ5SVRegbnpUmIR78KjiuK0UkszDvD/3fRqxQ+ppnIi6ynZUCahoYHIGQh0mtBjtKEB+ac 14ZdN3CaPVkxyBd8kBstj+E1Z71JXjfSHgmhEE2TkV8Ap+Bwhvw+Qq6EmG+pjA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N On Sun, Feb 20, 2022 at 5:19 AM Jon Clausen wrote: > > On 2022-02-19 11:03:08 (-0600), Kyle Evans wrote: > > On Sat, Feb 19, 2022 at 3:29 AM Jon Clausen wrote: > > > > Any ideas? > > > > > > > In main we've added a facility to organize jail confs a little > > differently: /etc/jail.conf.d/.conf. > > Right > > > I think, personally, if > > we're going to allow a flexible config here (which I think we should), > > we should just expand this latest form and leave the others be. > > I think I agree: Leave the old way as is, but add the new option. > > > I > > might've even brought this up in the review, because I had thought > > about it; maybe something like this: > > https://people.freebsd.org/~kevans/jail_conf_dirs.diff to search > > /etc/jail.conf.d and /usr/local/etc/jail.conf.d by default. > > > > That doesn't really solve the problem at hand, but it might be a clean > > solution for the future. > > Well, yes,and no. > > Combining the input I got from some of the other replies (and some off-list) > I came up with this "solution", which actually seems to be working > > [... snip ..,] > Hah, I like that. > So basically, by overwriting the parse_options() function with a patched > version, I can get the system to handle a jail_conf_dirs setting in rc.conf. > > Now, this is an acceptable situation for me, since this is all for my > personal little herd of jails, and it's only me messing with these systems. > But it's probably not something anyone would want to pursue in a real > production environment. > > As a proof of concept, however I'd say this does seem to work, and it's > actually pretty mush exactly what I was hoping for... so "yay!" :) > > Now I just have to remember to to watch out for updates to the system, so my > local version doesn't get in the way if /etc/rc.d/jail gets updated > upstream... :P > On the plus side, this rc script doesn't really see frequent fundamental changes. I'll go ahead and put my patch into review (+ manpage addition), because I can see the utility in having the rc script search $localbase as well. > But thanks everyone, for the responses :) > Glad we came up with a workable solution. :-) Thanks, Kyle Evans