From owner-freebsd-jail@FreeBSD.ORG Sat Jun 27 14:24:36 2009 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C9546106566C for ; Sat, 27 Jun 2009 14:24:36 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from mail.ebusiness-leidinger.de (mail.ebusiness-leidinger.de [217.11.53.44]) by mx1.freebsd.org (Postfix) with ESMTP id 469D38FC08 for ; Sat, 27 Jun 2009 14:24:36 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from outgoing.leidinger.net (pD954FA84.dip.t-dialin.net [217.84.250.132]) by mail.ebusiness-leidinger.de (Postfix) with ESMTPSA id EED12844020; Sat, 27 Jun 2009 16:24:30 +0200 (CEST) Received: from unknown (unknown [192.168.2.1]) by outgoing.leidinger.net (Postfix) with ESMTP id D7C7B1BC7F3; Sat, 27 Jun 2009 16:24:27 +0200 (CEST) Date: Sat, 27 Jun 2009 16:24:24 +0200 From: Alexander Leidinger To: "Bjoern A. Zeeb" , jail@freebsd.org Message-ID: <20090627162424.00007289@unknown> In-Reply-To: <20090627121818.P22887@maildrop.int.zabbadoz.net> References: <20090627122519.00002b84@unknown> <20090627104704.Y22887@maildrop.int.zabbadoz.net> <20090627140803.00006830@unknown> <20090627121818.P22887@maildrop.int.zabbadoz.net> X-Mailer: Claws Mail 3.7.1 (GTK+ 2.10.13; i586-pc-mingw32msvc) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-EBL-MailScanner-Information: Please contact the ISP for more information X-EBL-MailScanner-ID: EED12844020.8D3C3 X-EBL-MailScanner: Found to be clean X-EBL-MailScanner-SpamCheck: not spam, spamhaus-ZEN, SpamAssassin (not cached, score=-0.84, required 6, autolearn=disabled, ALL_TRUSTED -1.44, J_CHICKENPOX_57 0.60) X-EBL-MailScanner-From: alexander@leidinger.net X-EBL-MailScanner-Watermark: 1246717471.73659@wcbIusd5ZNboZ2/mcghleg X-EBL-Spam-Status: No Cc: Subject: Re: Switching /etc/rc.d/jail to new syntax (+ new features) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jun 2009 14:24:37 -0000 On Sat, 27 Jun 2009 12:21:09 +0000 (UTC) "Bjoern A. Zeeb" wrote: > On Sat, 27 Jun 2009, Alexander Leidinger wrote: > > > On Sat, 27 Jun 2009 10:47:47 +0000 (UTC) "Bjoern A. Zeeb" > > wrote: > > > > > >> On Sat, 27 Jun 2009, Alexander Leidinger wrote: > >> > >>> at http://www.leidinger.net/FreeBSD/current-patches/jail.diff I > >>> have a patch to switch the jail rc script to the new jail > >>> (8-current) syntax. This includes new config options for a jail > >>> (see etc/defaults/rc.conf after patching). The patch also contains > >>> my X-in-a-jail stuff (feel free to ignore this part, it's disabled > >>> by default). > >>> > >>> If you do not make any config change, you will be able to see all > >>> mounted filesystems of the entire machine. To get back to the > >>> previous behavior, you have to add a config option: > >>> jail_XXX_startparams="enforce_statfs=2" > >>> > >>> This config option can also take other jail parameters like > >>> allow.sysvipc and other ones described in the jail man-page > >>> (additional parameters need to be space separated). > >>> > >>> Feedback welcome. > >> > >> 1) it break various things that will no longer work > > > > As mentioned, it "breaks" the statfs part. If there's anything > > else, be more specific please. > > v6, noIP, ... I didn't change the IP handling in the rc script. Does this mean jail(8) works differently regarding the address parsing when called with the new parameters instead of the old options? I didn't test anything regarding ipv6, but as long as jail(8) doesn't behave differently with the new calling syntax compared with what we have in the tree, then the behavior is not differnt from what we have. If it behaves differently, this can be fixed in the script. > >> 2) it's not a poper solution > > > > The proper solution for the statfs part would be, that jail(8) > > defaults to =2 if nothing is specified. Alternatively I can get > > convinced that we should do a default for it in defaults/rc.conf if > > nothing is specied for startparams for a particular jail (like we > > have for some other things), but this would not be as good as if > > jail(8) would handle it itself. > > > > If you do not talk about the statfs part but in a more generic way, > > what would be a proper solution in your eyes? > > A proper solution would be a proper mgmt system ready for the future > instead of continuting to hack up rc.d/jail via option fo bar baz and > another 17000 of them. > But this is nothing I'll discuss today while things aren't fully > shaken out yet. And I assume from what you say, that such a new mgmt system will not be ready for 8.0. Whatever it will be, it sounds like it will be different from what we have ATM, so I don't think it will be something which will replace the current approach in 8-stable, but will be available additionally, if at all. > For now what used to work should continue to work and not break. > Everything else on top of that needs to be done properly and not in a > rainy-midnight-drive-by. This is not a drive-by. I provide a patch for discussion which allows to use some new features in 8.0 which doesn't break when someone updates from 7.x. Some small enhancement which doesn't break backwards compatibility is always better than no improvement at all. It may not handle all cases, but for this reason I ask people to test it. After that some things can maybe fixed, and after that it can be evaluated if it is worth to commit or not. I don't even urge to rush this in before 8.0. I just offer it now, so that people can actually use some new features. I had to write this anyway, as without the new syntax I wouldn't have been able to use my enhancement to run X in a jail, which I ported to the new syntax. If people think it is useful for 8.0 and nothing better is available for 8.0, it should be shipped with 8.0 IMO (if nothing breaks), but if it isn't, I don't care, as I have it for where I need it. Bye, Alexander.