From owner-freebsd-jail@FreeBSD.ORG  Mon Apr  1 02:02:06 2013
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id B87694DF
 for <freebsd-jail@freebsd.org>; Mon,  1 Apr 2013 02:02:06 +0000 (UTC)
 (envelope-from freebsd@psconsult.nl)
Received: from mx1.psconsult.nl (unknown [IPv6:2001:7b8:30f:e0::5059:ee8a])
 by mx1.freebsd.org (Postfix) with ESMTP id 72721CE4
 for <freebsd-jail@freebsd.org>; Mon,  1 Apr 2013 02:02:06 +0000 (UTC)
Received: from mx1.psconsult.nl (mx1.hvnu.psconsult.nl [46.44.189.154])
 by mx1.psconsult.nl (8.14.5/8.14.4) with ESMTP id r3121xxM012932
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
 for <freebsd-jail@freebsd.org>; Mon, 1 Apr 2013 04:02:04 +0200 (CEST)
 (envelope-from freebsd@psconsult.nl)
Received: (from paul@localhost)
 by mx1.psconsult.nl (8.14.5/8.14.4/Submit) id r3121wrR012931
 for freebsd-jail@freebsd.org; Mon, 1 Apr 2013 04:01:58 +0200 (CEST)
 (envelope-from freebsd@psconsult.nl)
X-Authentication-Warning: mx1.psconsult.nl: paul set sender to
 freebsd@psconsult.nl using -f
Date: Mon, 1 Apr 2013 04:01:58 +0200
From: Paul Schenkeveld <freebsd@psconsult.nl>
To: freebsd-jail@freebsd.org
Subject: Re: rc.d/jail and jail.conf
Message-ID: <20130401020158.GA5500@psconsult.nl>
References: <AA7CA531-5197-4BBC-B260-A3EC8B7A1024@inbox.im>
 <alpine.BSF.2.00.1303302157010.85469@erdgeist.org>
 <515847AF.8070808@FreeBSD.org> <5158526A.4020400@quip.cz>
 <51586419.5090207@FreeBSD.org> <51586DC8.7030500@quip.cz>
 <515880F3.1050300@FreeBSD.org> <5158874C.2060701@erdgeist.org>
 <515888BA.8060804@FreeBSD.org>
 <alpine.BSF.2.00.1303312112370.85469@erdgeist.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <alpine.BSF.2.00.1303312112370.85469@erdgeist.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Apr 2013 02:02:06 -0000

On Sun, Mar 31, 2013 at 09:14:23PM +0200, Dirk Engling wrote:
> 
> On Sun, 31 Mar 2013, Jamie Gritton wrote:
> 
> > If you don't mind some slightly difficult error messages, you can always
> > "disable" a jail with exec.prestart="false". jail(8) requires all
> > commands to succeed, and in particular won't even create a jail when one
> > of the prestart commands fails.
> 
> This violates POLA, but failing with
> 
> exec.prestart="echo skipping jail; exit 1"
> 
> might work. Even though this is not a good marker from a scripting 
> perspective.

Will this prevent all preparations from happening, i.e. will filesystems
be mounted for jails disabled this way?

Although this may work, I think that this looks dirty.  I'd really prefer
a "disabled" or "noauto" keyword instead.

-- Paul Schenkeveld