From owner-freebsd-current@FreeBSD.ORG  Thu Jul 28 16:25:32 2011
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A1BAE106566C;
	Thu, 28 Jul 2011 16:25:32 +0000 (UTC)
	(envelope-from jamie@FreeBSD.org)
Received: from m2.gritton.org (gritton.org [64.34.175.71])
	by mx1.freebsd.org (Postfix) with ESMTP id 629828FC15;
	Thu, 28 Jul 2011 16:25:32 +0000 (UTC)
Received: from guppy.corp.verio.net (fw.oremut02.us.wh.verio.net
	[198.65.168.24]) (authenticated bits=0)
	by m2.gritton.org (8.14.4/8.14.4) with ESMTP id p6SGPVpF048742;
	Thu, 28 Jul 2011 10:25:31 -0600 (MDT)
	(envelope-from jamie@FreeBSD.org)
Message-ID: <4E318D75.608@FreeBSD.org>
Date: Thu, 28 Jul 2011 10:25:25 -0600
From: Jamie Gritton <jamie@FreeBSD.org>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
	rv:5.0) Gecko/20110727 Thunderbird/5.0
MIME-Version: 1.0
To: FreeBSD Current <freebsd-current@FreeBSD.org>
References: <4E316E19.9040309@FreeBSD.org>
In-Reply-To: <4E316E19.9040309@FreeBSD.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Martin Matuska <mm@FreeBSD.org>
Subject: Re: [PATCH] updated /etc/rc.d/jail and added ZFS support
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jul 2011 16:25:32 -0000

Since I missed the 9.0 boat with jail config file capability, something
like this seems necessary; rc.d/jail has long been unable to handle the
full scale of what jail(8) can do.

I gather that setting persist is necessary for the ZFS operation. As
long as we're making the parameter setting more generic from rc, we
should handle the case where persist is specified in ${_params}, and not
always set/reset it around the jail creation unless ZFS is used.

Also, why the specific inclusion of the security-related parameters?
They could just be folded into ${_params}, and if left unspecified then
jail(8) should by default do the right thing.

- Jamie


On 07/28/11 08:11, Martin Matuska wrote:
> The attached patch allows better fine-tuning of jails started via
> /etc/rc.d, uses the new jail(8) flags (-c -m), the persist parameter and
> adds ZFS support.
> Patch is fully backward compatible.
>
> Please review, comment and/or test my attached patch.
>
> Cheers,
> mm