Date: Fri, 01 Apr 2022 14:00:35 +0200 From: Alexander Leidinger <Alexander@leidinger.net> To: current@freebsd.org, jail@freebsd.org Subject: injecting vars into rc-service-scripts at jail-start? Message-ID: <20220401140035.Horde.LYLAkhpBnQPotxJtLawHfO8@webmail.leidinger.net>
next in thread | raw e-mail | index | archive | help
This message is in MIME format and has been PGP signed.
--=_OFj-_eOqdGFBDWtOYkHfhOt
Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi,
I'm overlooking something fundamental it seems...
Context:
I'm working on my auto-jailing of services idea: if the auto-jail is=20=20
enabled,=20a service like syslog is started inside a jail (which=20=20
inherits=20the FS and depending on some settings also inherits network=20=
=20
and=20other stuff or not).
My previous implementation was using _rc_prefix (jailstart) to denote=20=20
the=20start of a service inside a jail so that "service XXX start" on a=20=
=20
host=20would "service XXX jailstart" inside a jail. This had off course=20=
=20
issues=20as there is no infrastructure for multiple prefix like=20=20
onejailstart=20or jailonestart...
Problem:
Now I try to find a way to do it without a prefix, and the first thing=20=
=20
which=20comes to my mind is to do "jail xxx 'exec.start=3D/usr/bin/env=20=
=20
_rc_svcs=3Djailing /usr/bin/service XXX CMD ARGS'".
My expectation is, that this would set _rc_svcs=3Djailing for the=20=20
command=20service XXX CMND args. Having a "set -x" in rc.subr shows=20=20
clearly=20in the jail-console log, that inside that jail, the variable=20=
=20
_rc_svcj=20is not set. Using "-v" for the env command shows in the log=20=
=20
that=20it is called and it sets the var and executes the service command=20=
=20
with=20syslog start as arguments.
I tried to find some env-cleanup part in rc.subr, which would discard=20=20
all=20_rc* variables, but if there is something like that I overlooked it.
For a stop, I call "jexec /usr/bin/env _rc_svcj=3Djailing=20=20
/usr/sbin/service=20XXX stop args", and it works, so I rather tend to=20=20
believe=20there is no env-cleanup.
What am I doing wrong so that _rc_svcj is not picked up inside the jail?
So here is my diff between "prefix driven" (=3D working) and "var=20=20
driven"=20(var not picked up inside the jail):
---snip---
case "$rc_arg" in
start)
- if [ "${_rc_prefix}" !=3D jail ]; t=
hen
+ if [ "${_rc_svcj}" !=3D jailing ]; =
then
_return=3D1
$JAIL_CMD -c=20=20
$_svcj_generic_params=20$_svcj_cmd_options \
-=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20
exec.start=3D"/usr/sbin/service ${name} jailstart $rc_extra_args" \
-=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20
exec.stop=3D"/usr/sbin/service ${name} jailstop $rc_extra_args" \
+=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20
exec.start=3D"/usr/bin/env _rc_svcj=3Djailing /usr/sbin/service ${name}=20=
=20
${rc_arg}=20$rc_extra_args" \
+=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20
exec.stop=3D"/usr/bin/env _rc_svcj=3Djailing /usr/sbin/service ${name}=20=
=20
${rc_arg}=20$rc_extra_args" \
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20
exec.consolelog=3D"/var/log/svcj_${name}_console.log" \
name=3Dsvcj-${name}=20=
=20
&&=20_return=3D0
else
# normal start of=20=
=20
_cmd=20via _run_rc_doit
---snip---
What set -x tells what it calls:
---snip---
+ /usr/sbin/jail -c 'path=3D/' mount.nodevfs 'host=3Dinherit'=20=20
'ip4=3Dinherit' 'ip6=3Dinherit' allow.reserved_ports=20=20
'exec.start=3D/usr/bin/env -v _rc_svcj=3Djailing /usr/sbin/service -v=20=20
syslogd=20start ' 'exec.stop=3D/usr/bin/env _rc_svcj=3Djailing=20=20
/usr/sbin/service=20syslogd start '=20=20
'exec.consolelog=3D/var/log/svcj_syslogd_console.log' 'name=3Dsvcj-syslogd'
---snip---
Bye,
Alexander.
--=20
http://www.Leidinger.net=20Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF
--=_OFj-_eOqdGFBDWtOYkHfhOt
Content-Type: application/pgp-signature
Content-Description: Digitale PGP-Signatur
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIzBAABCAAdFiEER9UlYXp1PSd08nWXEg2wmwP42IYFAmJG6WIACgkQEg2wmwP4
2IbsvRAAqMPhMXAr4CVQULA0/Xt61LneIcNV2PkkPVXoUL/aJA2hC2OVFZXq0Wwf
wnz6CuA3Dw50AJjUCfNySSkl4nCP4tGSiHaDu2iBZFiE3b4EehtPoqgpDghNJJ7M
bj9+ZkSTCZs+RrUyS3A+tD5Ib7ugWN1absvJ35srEvLfviR05YDD7j2aIinWC/8D
7wWlYXYZLN2CAubuueuHZ1g+1HAJtPWlGA1vLJGgAtdT6Bp07SbCtTJB2GMYLvq4
XzAnDLXhWB31GPMQrscPzBqyTBqQ/xz4YCBSECP7l88Zv7oshu4R23jJEY1jhKe0
8elCzOKCK53pScT3iS6jMVQrsLfuv8sSLgVEVxa48oaqyNcBfKK74ircaCAHakKY
NlG6main9TcO49lQVYidWcvZc1UHkgRsHy3yJucgUHoa+GH7KWvXEJoAmG4KlLHv
DKl6jHPoS6amH79NITwFWQiXz34LjpxT/KqpKqnoIJ+sEq/GmcAmL2kuPoErG1NO
hLlQMB3+3mB/nLHJW38Z8UBt8OQIl+8pXowr4b44lLKznom6zFIIARPpgd0VQ+z5
DEXDtqLgOM7ILwT3iiaeAMUwYNjQT31NnIWstAvdiK6iyoV1Xdga9N6062x7iX80
4NSQqXs9+VjUH3v8qegAhzcQl4UYxb4fTtgn5LS5O2BP+uL8Kf0=
=fEbf
-----END PGP SIGNATURE-----
--=_OFj-_eOqdGFBDWtOYkHfhOt--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20220401140035.Horde.LYLAkhpBnQPotxJtLawHfO8>