From owner-freebsd-jail@FreeBSD.ORG Sat Jun 27 12:08:17 2009 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CD3781065677 for ; Sat, 27 Jun 2009 12:08:17 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from mail.ebusiness-leidinger.de (mail.ebusiness-leidinger.de [217.11.53.44]) by mx1.freebsd.org (Postfix) with ESMTP id 84C6A8FC12 for ; Sat, 27 Jun 2009 12:08:17 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from outgoing.leidinger.net (pD954FA84.dip.t-dialin.net [217.84.250.132]) by mail.ebusiness-leidinger.de (Postfix) with ESMTPSA id BC314844020; Sat, 27 Jun 2009 14:08:10 +0200 (CEST) Received: from unknown (unknown [192.168.2.1]) by outgoing.leidinger.net (Postfix) with ESMTP id 6B901143642; Sat, 27 Jun 2009 14:08:07 +0200 (CEST) Date: Sat, 27 Jun 2009 14:08:03 +0200 From: Alexander Leidinger To: "Bjoern A. Zeeb" Message-ID: <20090627140803.00006830@unknown> In-Reply-To: <20090627104704.Y22887@maildrop.int.zabbadoz.net> References: <20090627122519.00002b84@unknown> <20090627104704.Y22887@maildrop.int.zabbadoz.net> X-Mailer: Claws Mail 3.7.1 (GTK+ 2.10.13; i586-pc-mingw32msvc) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-EBL-MailScanner-Information: Please contact the ISP for more information X-EBL-MailScanner-ID: BC314844020.82EAA X-EBL-MailScanner: Found to be clean X-EBL-MailScanner-SpamCheck: not spam, spamhaus-ZEN, SpamAssassin (not cached, score=-0.84, required 6, autolearn=disabled, ALL_TRUSTED -1.44, J_CHICKENPOX_57 0.60) X-EBL-MailScanner-From: alexander@leidinger.net X-EBL-MailScanner-Watermark: 1246709292.68105@QXfYuBGYk2EcYztLXQEGsw X-EBL-Spam-Status: No Cc: jail@freebsd.org Subject: Re: Switching /etc/rc.d/jail to new syntax (+ new features) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jun 2009 12:08:18 -0000 On Sat, 27 Jun 2009 10:47:47 +0000 (UTC) "Bjoern A. Zeeb" wrote: > On Sat, 27 Jun 2009, Alexander Leidinger wrote: > > > at http://www.leidinger.net/FreeBSD/current-patches/jail.diff I > > have a patch to switch the jail rc script to the new jail > > (8-current) syntax. This includes new config options for a jail > > (see etc/defaults/rc.conf after patching). The patch also contains > > my X-in-a-jail stuff (feel free to ignore this part, it's disabled > > by default). > > > > If you do not make any config change, you will be able to see all > > mounted filesystems of the entire machine. To get back to the > > previous behavior, you have to add a config option: > > jail_XXX_startparams="enforce_statfs=2" > > > > This config option can also take other jail parameters like > > allow.sysvipc and other ones described in the jail man-page > > (additional parameters need to be space separated). > > > > Feedback welcome. > > 1) it break various things that will no longer work As mentioned, it "breaks" the statfs part. If there's anything else, be more specific please. > 2) it's not a poper solution The proper solution for the statfs part would be, that jail(8) defaults to =2 if nothing is specified. Alternatively I can get convinced that we should do a default for it in defaults/rc.conf if nothing is specied for startparams for a particular jail (like we have for some other things), but this would not be as good as if jail(8) would handle it itself. If you do not talk about the statfs part but in a more generic way, what would be a proper solution in your eyes? Bye, Alexander.