From owner-freebsd-jail@freebsd.org Tue May 15 11:30:34 2018 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DB638EAF663 for ; Tue, 15 May 2018 11:30:33 +0000 (UTC) (envelope-from andrnils@gmail.com) Received: from mail-lf0-x236.google.com (mail-lf0-x236.google.com [IPv6:2a00:1450:4010:c07::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 467F070014 for ; Tue, 15 May 2018 11:30:33 +0000 (UTC) (envelope-from andrnils@gmail.com) Received: by mail-lf0-x236.google.com with SMTP id j193-v6so22857780lfg.6 for ; Tue, 15 May 2018 04:30:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=3HIpGwrYB10PzmBcbjFXxhFhkeCIzpnI1MEngPjPqOo=; b=Y4H8Um8nFARkSG9ZyN2QCE3eznHHvFVl8awPP7DvNWIxcJazAbXxm8N73AdbelnUrW WGOq8SKFWsMy/9OrPpkCl5HuZ84WI/vmP4VqtmE/B5kXHZcYosqLWzJCKL8dsG7uuJeM vhNq/wToXM7SdFzShO3GC7vpNUGGYtXrUeDHqKtTsaaeqhGsE8GhfdnMdLK/ujH7VJqT CUdXpal06Rcf/yN2d48IXWchMWiOO2WubQ6O3E/RMDHBUkNxWrz40l+KJvzN88M287wq 7VxW+tH0CMYvxl5z6R07JwZBmqQhrfFRUTQAod+QSRka/dB9fsKnuBV+4zI9AT26fCeW y1nw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=3HIpGwrYB10PzmBcbjFXxhFhkeCIzpnI1MEngPjPqOo=; b=jDLHUPHQOO71u1wQbgVSl5eBr8fNd3KFPdzmtk/siQmMRKr7RcgOPmbbSy0fBX9gfk tm7q0RMd3B+2YYVexpw4TzrV2pjrVKXKE3Dvy9lx/m0/L1y7cX7bP/KgMyoAK/klT8qm BMgWXni0cToYW41KtolJf0cEx6anZsKW1wiTdrymqCEGHisY+OGHawrrZhJgI4JA0cP+ kq2xBiMZzGvm6ogC82IPoPg124UdFkMIS9R/PLGo5Bkp91kwD8V0gv4xQ/rAYp0r3Zup n+UhSEN6PM4Kmbgpem6564XVGl+4WjWOQD7s4faBsbwP6te386pyFAKRt83dg1mp7quG 0niQ== X-Gm-Message-State: ALKqPwek4ae0pQDosG9DUbwfIoqY23XwRHa0gbHgni1sxPR2ygbDlB/0 z8qdevP8MaYaxRICi0arSPHA1DkN4Gf6HP3WOSY= X-Google-Smtp-Source: AB8JxZqkUbN7cFmRTgqyYlAEIxkr7MkcU/WyE6qg6nigYCfwbUyXIUpFKI0c373nCPTSLjkP4cz+jTaTsFqE4nERv9Y= X-Received: by 2002:a2e:96d2:: with SMTP id d18-v6mr6889233ljj.21.1526383831577; Tue, 15 May 2018 04:30:31 -0700 (PDT) MIME-Version: 1.0 Received: by 10.46.131.76 with HTTP; Tue, 15 May 2018 04:30:31 -0700 (PDT) In-Reply-To: References: From: Andreas Nilsson Date: Tue, 15 May 2018 13:30:31 +0200 Message-ID: Subject: Re: Configure jail in /etc/jail.my-jail-name.conf while allowing auto-start with "service jail start" To: Andreas Sommer Cc: Mailinglists FreeBSD Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.26 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 May 2018 11:30:34 -0000 On Tue, May 15, 2018 at 1:17 PM, Andreas Sommer via freebsd-jail < freebsd-jail@freebsd.org> wrote: > Hi all, > > as I can see, this combination simply isn't part of /etc/rc.d/jail and > jail(8). > In fact, jail(8) always only reads one config file (`-f` parameter, default > /etc/jail.conf). > > This also relates to why ezjail was still not ported to use jail.conf > [0][1]. > > It would be a great fit to automated configuration management (e.g. via > Ansible > or pkg POST-INSTALL scripts) because it allows overwriting complete files > instead of having to edit the global jail.conf to make changes. > > Jail configured only in /etc/jail.my-jail-name.conf: > > > # service jail onestart > > Starting jails:. > (nothing started because jail not recognized as configured) > > Jail configured in /etc/jail.my-jail-name.conf and "mentioned" as > `jail my-jail-name {}` in /etc/jail.conf: > > > # service jail onestart > > Starting jails:jail: my-jail-name: new jail must persist or attach > (this means only /etc/jail.conf was parsed) > > Any way to achieve this? I assume the answer is no, so here's a suggestion: > what about having jail(8) read/merge configuration from another file? > > Example: > > # cat /etc/jail.conf > > my-jail-name { config = "/etc/jail.my-jail-name.conf"; } > > # cat /etc/jail.my-jail-name.conf > > my-jail-name { ...config goes here... } > > Thanks, > Andreas > > Hello Andreas, at least on -CURRENT the files are read as long as the jail names are in jail_list in rc.conf. It is though somewhat frustrating that you do not get defaults set in jail.conf, so you need to specify stuff like persist in jail.$name.conf Best regards Andreas