Date: Thu, 21 Jan 2010 15:11:33 +0100 From: Philipp Wuensche <cryx-freebsd@h3q.com> To: David BERARD <david@nfrance.com> Cc: freebsd-jail@FreeBSD.org Subject: Re: conf/142972: [jail] [patch] Support JAILv2 and vnet in rc.d/jail Message-ID: <4B586095.8020109@h3q.com> In-Reply-To: <201001200940.o0K9e4lO032467@freefall.freebsd.org> References: <201001200940.o0K9e4lO032467@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------050408000308000102080304
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
David BERARD wrote:
> +
> + # Append address to list of addresses for the jail comman=
> d.
> + case "${_type}" in
> + "inet") case "${_addrlv4}" in
> + "") _addrlv4=3D"${_addr}" ;;
> + *) _addrlv4=3D"${_addrlv4},${_addr}" ;;
> + esac;;
> + "inet6") case "${_addrlv6}" in
> + "") _addrlv6=3D"${_addr}" ;;
> + *) _addrlv6=3D"${_addrlv6},${_addr}" ;;
> + esac;;
> + esac
> +
If you are converting the old-style ip-addresses into the new-style
format, why not ditch old-style jail stuff at all and do everything in
new-style?
And shouldn't we implement all the new-style features while we at it?
All the allow.* stuff, cpuset etc.
greeting,
philipp
--------------050408000308000102080304
Content-Type: text/plain; x-mac-type="0"; x-mac-creator="0";
name="newjail.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="newjail.patch"
--- /usr/src/etc/jail 2010-01-21 14:55:57.907587199 +0100
+++ /sur/src/etc/jail 2010-01-21 15:05:10.108010157 +0100
@@ -38,6 +38,7 @@
_fdescdir="${_devdir}/fd"
_procdir="${_rootdir}/proc"
eval _hostname=\"\$jail_${_j}_hostname\"
+ eval _name=\"\$jail_${_j}_name\"
eval _ip=\"\$jail_${_j}_ip\"
eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\"
eval _exec=\"\$jail_${_j}_exec\"
@@ -110,10 +111,11 @@
eval _fstab=\"\${jail_${_j}_fstab:-${jail_fstab}}\"
[ -z "${_fstab}" ] && _fstab="/etc/fstab.${_j}"
eval _flags=\"\${jail_${_j}_flags:-${jail_flags}}\"
- [ -z "${_flags}" ] && _flags="-l -U root"
+ [ -z "${_flags}" ] && _flags="-l -U root -c"
eval _consolelog=\"\${jail_${_j}_consolelog:-${jail_consolelog}}\"
[ -z "${_consolelog}" ] && _consolelog="/var/log/jail_${_j}_console.log"
eval _fib=\"\${jail_${_j}_fib:-${jail_fib}}\"
+ eval _vnet=\"\${jail_${_j}_vnet_enable:-"NO"}\"
# Debugging aid
#
@@ -121,7 +123,9 @@
debug "$_j fdescfs enable: $_fdescfs"
debug "$_j procfs enable: $_procfs"
debug "$_j mount enable: $_mount"
+ debug "$_j vnet enable: $_vnet"
debug "$_j hostname: $_hostname"
+ debug "$_j name: $_name"
debug "$_j ip: $_ip"
jail_show_addresses ${_j}
debug "$_j interface: $_interface"
@@ -481,10 +485,16 @@
*) ;;
esac
- # Append address to list of addresses for the jail command.
- case "${_addrl}" in
- "") _addrl="${_addr}" ;;
- *) _addrl="${_addrl},${_addr}" ;;
+ # Append address to list of addresses for the jail command.
+ case "${_type}" in
+ "inet") case "${_addrlv4}" in
+ "") _addrlv4="${_addr}" ;;
+ *) _addrlv4="${_addrlv4},${_addr}" ;;
+ esac;;
+ "inet6") case "${_addrlv6}" in
+ "") _addrlv6="${_addr}" ;;
+ *) _addrlv6="${_addrlv6},${_addr}" ;;
+ esac;;
esac
# Configure interface alias if requested by a given interface
@@ -566,7 +576,8 @@
echo -n " [${_hostname} already running (/var/run/jail_${_jail}.id exists)]"
continue;
fi
- _addrl=""
+ _addrlv4=""
+ _addrlv6=""
jail_ips "add"
if [ -n "${_fib}" ]; then
_setfib="setfib -F '${_fib}'"
@@ -635,11 +646,19 @@
i=$((i + 1))
done
- eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname} \
- \"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1
+ _start_cmd="${_setfib} jail -J ${_tmp_jail} ${_flags} path=${_rootdir} host.hostname=${_hostname} \
+ name=\"${_name}\""
+ if checkyesno _vnet; then
+ _start_cmd="${_start_cmd} vnet"
+ else
+ _start_cmd="${_start_cmd} ip4.addr=\"${_addrlv4}\" ip6.addr=\"${_addrlv6}\""
+ fi
+ _start_cmd="${_start_cmd} command=${_exec_start}"
+ eval ${_start_cmd} > /dev/null 2>&1
+
if [ "$?" -eq 0 ] ; then
- _jail_id=$(head -1 ${_tmp_jail})
+ _jail_id=$(awk -F '=| ' '{print $2}' ${_tmp_jail})
i=1
while : ; do
eval out=\"\${_exec_afterstart${i}:-''}\"
--------------050408000308000102080304--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B586095.8020109>