Date: Fri, 01 Apr 2022 14:00:35 +0200 From: Alexander Leidinger <Alexander@leidinger.net> To: current@freebsd.org, jail@freebsd.org Subject: injecting vars into rc-service-scripts at jail-start? Message-ID: <20220401140035.Horde.LYLAkhpBnQPotxJtLawHfO8@webmail.leidinger.net>
index | next in thread | raw e-mail
[-- Attachment #1 --]
Hi,
I'm overlooking something fundamental it seems...
Context:
I'm working on my auto-jailing of services idea: if the auto-jail is
enabled, a service like syslog is started inside a jail (which
inherits the FS and depending on some settings also inherits network
and other stuff or not).
My previous implementation was using _rc_prefix (jailstart) to denote
the start of a service inside a jail so that "service XXX start" on a
host would "service XXX jailstart" inside a jail. This had off course
issues as there is no infrastructure for multiple prefix like
onejailstart or jailonestart...
Problem:
Now I try to find a way to do it without a prefix, and the first thing
which comes to my mind is to do "jail xxx 'exec.start=/usr/bin/env
_rc_svcs=jailing /usr/bin/service XXX CMD ARGS'".
My expectation is, that this would set _rc_svcs=jailing for the
command service XXX CMND args. Having a "set -x" in rc.subr shows
clearly in the jail-console log, that inside that jail, the variable
_rc_svcj is not set. Using "-v" for the env command shows in the log
that it is called and it sets the var and executes the service command
with syslog start as arguments.
I tried to find some env-cleanup part in rc.subr, which would discard
all _rc* variables, but if there is something like that I overlooked it.
For a stop, I call "jexec /usr/bin/env _rc_svcj=jailing
/usr/sbin/service XXX stop args", and it works, so I rather tend to
believe there is no env-cleanup.
What am I doing wrong so that _rc_svcj is not picked up inside the jail?
So here is my diff between "prefix driven" (= working) and "var
driven" (var not picked up inside the jail):
---snip---
case "$rc_arg" in
start)
- if [ "${_rc_prefix}" != jail ]; then
+ if [ "${_rc_svcj}" != jailing ]; then
_return=1
$JAIL_CMD -c
$_svcj_generic_params $_svcj_cmd_options \
-
exec.start="/usr/sbin/service ${name} jailstart $rc_extra_args" \
-
exec.stop="/usr/sbin/service ${name} jailstop $rc_extra_args" \
+
exec.start="/usr/bin/env _rc_svcj=jailing /usr/sbin/service ${name}
${rc_arg} $rc_extra_args" \
+
exec.stop="/usr/bin/env _rc_svcj=jailing /usr/sbin/service ${name}
${rc_arg} $rc_extra_args" \
exec.consolelog="/var/log/svcj_${name}_console.log" \
name=svcj-${name}
&& _return=0
else
# normal start of
_cmd via _run_rc_doit
---snip---
What set -x tells what it calls:
---snip---
+ /usr/sbin/jail -c 'path=/' mount.nodevfs 'host=inherit'
'ip4=inherit' 'ip6=inherit' allow.reserved_ports
'exec.start=/usr/bin/env -v _rc_svcj=jailing /usr/sbin/service -v
syslogd start ' 'exec.stop=/usr/bin/env _rc_svcj=jailing
/usr/sbin/service syslogd start '
'exec.consolelog=/var/log/svcj_syslogd_console.log' 'name=svcj-syslogd'
---snip---
Bye,
Alexander.
--
http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIzBAABCAAdFiEER9UlYXp1PSd08nWXEg2wmwP42IYFAmJG6WIACgkQEg2wmwP4
2IbsvRAAqMPhMXAr4CVQULA0/Xt61LneIcNV2PkkPVXoUL/aJA2hC2OVFZXq0Wwf
wnz6CuA3Dw50AJjUCfNySSkl4nCP4tGSiHaDu2iBZFiE3b4EehtPoqgpDghNJJ7M
bj9+ZkSTCZs+RrUyS3A+tD5Ib7ugWN1absvJ35srEvLfviR05YDD7j2aIinWC/8D
7wWlYXYZLN2CAubuueuHZ1g+1HAJtPWlGA1vLJGgAtdT6Bp07SbCtTJB2GMYLvq4
XzAnDLXhWB31GPMQrscPzBqyTBqQ/xz4YCBSECP7l88Zv7oshu4R23jJEY1jhKe0
8elCzOKCK53pScT3iS6jMVQrsLfuv8sSLgVEVxa48oaqyNcBfKK74ircaCAHakKY
NlG6main9TcO49lQVYidWcvZc1UHkgRsHy3yJucgUHoa+GH7KWvXEJoAmG4KlLHv
DKl6jHPoS6amH79NITwFWQiXz34LjpxT/KqpKqnoIJ+sEq/GmcAmL2kuPoErG1NO
hLlQMB3+3mB/nLHJW38Z8UBt8OQIl+8pXowr4b44lLKznom6zFIIARPpgd0VQ+z5
DEXDtqLgOM7ILwT3iiaeAMUwYNjQT31NnIWstAvdiK6iyoV1Xdga9N6062x7iX80
4NSQqXs9+VjUH3v8qegAhzcQl4UYxb4fTtgn5LS5O2BP+uL8Kf0=
=fEbf
-----END PGP SIGNATURE-----
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20220401140035.Horde.LYLAkhpBnQPotxJtLawHfO8>