From owner-freebsd-jail@FreeBSD.ORG Sat Jun 27 12:40:57 2009 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EE02E1065672 for ; Sat, 27 Jun 2009 12:40:57 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from mail.cksoft.de (mail.cksoft.de [195.88.108.3]) by mx1.freebsd.org (Postfix) with ESMTP id A67CE8FC2F for ; Sat, 27 Jun 2009 12:40:57 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 009BE41C648; Sat, 27 Jun 2009 14:25:05 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([195.88.108.3]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id ICSG8qS36emf; Sat, 27 Jun 2009 14:25:05 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 5A8BA41C677; Sat, 27 Jun 2009 14:25:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id A12C84448E6; Sat, 27 Jun 2009 12:21:09 +0000 (UTC) Date: Sat, 27 Jun 2009 12:21:09 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Alexander Leidinger In-Reply-To: <20090627140803.00006830@unknown> Message-ID: <20090627121818.P22887@maildrop.int.zabbadoz.net> References: <20090627122519.00002b84@unknown> <20090627104704.Y22887@maildrop.int.zabbadoz.net> <20090627140803.00006830@unknown> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: jail@freebsd.org Subject: Re: Switching /etc/rc.d/jail to new syntax (+ new features) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jun 2009 12:40:58 -0000 On Sat, 27 Jun 2009, Alexander Leidinger wrote: > On Sat, 27 Jun 2009 10:47:47 +0000 (UTC) "Bjoern A. Zeeb" > wrote: > > >> On Sat, 27 Jun 2009, Alexander Leidinger wrote: >> >>> at http://www.leidinger.net/FreeBSD/current-patches/jail.diff I >>> have a patch to switch the jail rc script to the new jail >>> (8-current) syntax. This includes new config options for a jail >>> (see etc/defaults/rc.conf after patching). The patch also contains >>> my X-in-a-jail stuff (feel free to ignore this part, it's disabled >>> by default). >>> >>> If you do not make any config change, you will be able to see all >>> mounted filesystems of the entire machine. To get back to the >>> previous behavior, you have to add a config option: >>> jail_XXX_startparams="enforce_statfs=2" >>> >>> This config option can also take other jail parameters like >>> allow.sysvipc and other ones described in the jail man-page >>> (additional parameters need to be space separated). >>> >>> Feedback welcome. >> >> 1) it break various things that will no longer work > > As mentioned, it "breaks" the statfs part. If there's anything else, be > more specific please. v6, noIP, ... >> 2) it's not a poper solution > > The proper solution for the statfs part would be, that jail(8) defaults > to =2 if nothing is specified. Alternatively I can get convinced that > we should do a default for it in defaults/rc.conf if nothing is specied > for startparams for a particular jail (like we have for some other > things), but this would not be as good as if jail(8) would handle it > itself. > > If you do not talk about the statfs part but in a more generic way, > what would be a proper solution in your eyes? A proper solution would be a proper mgmt system ready for the future instead of continuting to hack up rc.d/jail via option fo bar baz and another 17000 of them. But this is nothing I'll discuss today while things aren't fully shaken out yet. For now what used to work should continue to work and not break. Everything else on top of that needs to be done properly and not in a rainy-midnight-drive-by. /bz -- Bjoern A. Zeeb The greatest risk is not taking one.