From owner-freebsd-jail@FreeBSD.ORG Sat Apr 28 23:30:37 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 891F01065673 for ; Sat, 28 Apr 2012 23:30:37 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id F0DFD8FC0A for ; Sat, 28 Apr 2012 23:30:36 +0000 (UTC) Received: by iahk25 with SMTP id k25so3585823iah.13 for ; Sat, 28 Apr 2012 16:30:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to; bh=hc73EVSz1wkewfFqeShiUkZDrJlkUEpvH7vU1PUwJeQ=; b=cjIU2i8QzVcBXm1QLt3tHmMiGPVwlWwIZIzbxcTssKXDrfVZEhv4VV+DGpXYoeEHh+ CdaS52ivKObPcuNuHNiggV/RNYPI+TXvmsnQlSoxr5RnWVTyr9+WRz3buW5ZCZGH2Dit iDuNEzu3loLYK/ewTxGHBmzlVQZp5dIwvXG6s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-gm-message-state; bh=hc73EVSz1wkewfFqeShiUkZDrJlkUEpvH7vU1PUwJeQ=; b=cSVA3PMooedpkHcBc8F03gv5oF+RfSsL+atDNHiIYwHdnKZWiQmIyRmR1HTqe0RVOr ZlmJTb8FQD1/Le0siWQFe838Rh0Vxb91mfKDUfx3yP/12VxcGK7lePh5iiYQ5mHWwRue JNcixzN9xsj4Fet675lBza1x6SQsnYsQ5l5MIsatcHUUVW/NMg9qbhORmH41TBESjO28 jSrLjurd6XEKTG7pZfYDZrKKGAkdX5tu6MALFUPymA3tlU6u4b2ei/AKXWus6D3fV7uv dIHyEixhcaeFFiiqroM/MVC1Y9Ltujt/7Qy1H9O/OKj/D2idSCRDU4NnknREkXYZEgvP UKIQ== Received: by 10.50.157.167 with SMTP id wn7mr6811957igb.46.1335655836600; Sat, 28 Apr 2012 16:30:36 -0700 (PDT) Received: from DataIX.net (adsl-99-181-146-133.dsl.klmzmi.sbcglobal.net. [99.181.146.133]) by mx.google.com with ESMTPS id md6sm18669746igc.0.2012.04.28.16.30.34 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 28 Apr 2012 16:30:35 -0700 (PDT) Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q3SNUVWe037633 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 28 Apr 2012 19:30:32 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Received: (from jhellenthal@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q3SNUVom037632; Sat, 28 Apr 2012 19:30:31 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Date: Sat, 28 Apr 2012 19:30:31 -0400 From: Jason Hellenthal To: Jamie Gritton Message-ID: <20120428233031.GB34324@DataIX.net> References: <4F99AB0E.4090805@FreeBSD.org> <4F9B6E8F.8070708@erdgeist.org> <20120428060830.GA47982@DataIX.net> <4F9C7667.8030907@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4F9C7667.8030907@FreeBSD.org> X-Gm-Message-State: ALoCoQnY4487aN2i3I+8AZGxzX1+fQKqtFpwazPq58Rapvx+/Q51SAQCVxsR3hThEnV/Hiz3vQsB Cc: FreeBSD-Jail Subject: Re: New jail(8) committed X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Apr 2012 23:30:37 -0000 On Sat, Apr 28, 2012 at 04:59:51PM -0600, Jamie Gritton wrote: > On 04/28/12 00:08, Jason Hellenthal wrote: > > On Sat, Apr 28, 2012 at 06:14:07AM +0200, Dirk Engling wrote: > >> On 26.04.12 22:07, Jamie Gritton wrote: > >> > >>> I've finally put my jail(8) changes into HEAD. This new version of jail > >>> can create jails from a configuration file - see jail.conf(5) for the > >>> format, as well as some additions to jail(8). This doesn't mean you > >>> *have* to use jail.conf, but it's a better way to manage jails than the > >>> existing rc.conf method. > >> > >> Out of curiosity, why did you settle for a /etc/jail.conf instead of a > >> /etc/jail.d/? Your config file format introduces the dependency into an > >> expensive parser while adding little value. Even worse, the user now has > >> to struggle with just another format describing the system. > >> > >> I can foresee that my automated jail management tool ezjail will not be > >> able to support the jail.conf format due to the lack of a parser. A look > >> into ezjails config directory structure can give you a hint of how to > >> achieve some similar clean up with built in tools. > > > > Since when does a lack of a parser in "YOUR tool" become a problem for > > FreeBSD ? just sayin! > > To be fair, ezjail is a tool is pretty wide use, and I had no intention > of breaking it - but also no knowledge of its internals. This thing has > been sitting around in the projects directory for a long time now, with > requests for review and comments. It's kind of disheartening to only > hear this the day I committed it to HEAD. > I could see how that could be. On one hand though tools like ezjail enable people to create jails for which they do not know why they are creating those jails and while creating those jails is already (ez)enough but for the most part requires a understanding of the jail technology and all that comes with it. Moving in the direction of your committs, I believe is the right direction to come to a happy medium and giving them the control over the jails that they can easily find and understand within the base system. Personally I create jails from cpio(1) base-sets that are as minimal as are needed with a very simple script that runs after extraction to change whatever tunables and enable the jail to run. I refuse to use ezjail due to how easy I find jails already and seeing the current changes in jail(8) with a configuration it will only make it better. I consider HEAD to be test technology in which gives projects like ezjail time to ramp-up and test the future. Some of those changes might just be dropping features because they have been included in the base system or changed so drasticly it calls for re-engineering. I think a drawback with the new jail(8) configuration has been the way toooooo long extended dependency on configuration through environment variables and certainly can be seen through the use of large scripted out administrator tools. -- - (2^(N-1))