Date: Tue, 8 Apr 2025 12:02:02 GMT From: Igor Ostapenko <igoro@FreeBSD.org> To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org Subject: git: 13aa8b9d6d - main - Status/2025Q1/jailmeta.adoc: Add report Message-ID: <202504081202.538C22Hu048129@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by igoro: URL: https://cgit.FreeBSD.org/doc/commit/?id=13aa8b9d6db47859eb80ffa6ba7aab2a6ca70c79 commit 13aa8b9d6db47859eb80ffa6ba7aab2a6ca70c79 Author: Igor Ostapenko <igoro@FreeBSD.org> AuthorDate: 2025-04-08 12:00:47 +0000 Commit: Igor Ostapenko <igoro@FreeBSD.org> CommitDate: 2025-04-08 12:00:47 +0000 Status/2025Q1/jailmeta.adoc: Add report Reviewed by: salvadore Sponsored by: SkunkWerks GmbH Differential Revision: https://reviews.freebsd.org/D49586 --- .../en/status/report-2025-01-2025-03/jailmeta.adoc | 29 ++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/website/content/en/status/report-2025-01-2025-03/jailmeta.adoc b/website/content/en/status/report-2025-01-2025-03/jailmeta.adoc new file mode 100644 index 0000000000..b87553624c --- /dev/null +++ b/website/content/en/status/report-2025-01-2025-03/jailmeta.adoc @@ -0,0 +1,29 @@ +=== Jail metadata feature + +Links: + +link:https://cgit.freebsd.org/src/commit/?id=30e6e008bc06385a66756bebb41676f4f9017eca[The main commit] URL: link:https://cgit.freebsd.org/src/commit/?id=30e6e008bc06385a66756bebb41676f4f9017eca[] + +Contact: Igor Ostapenko <igoro@FreeBSD.org> + +Contact: Dave Cottlehuber <dch@FreeBSD.org> + +The `meta` and `env` new parameters of man:jail[8] have been introduced. +Each one is an arbitrary string associated with a jail. +It can be set upon jail creation or added/modified later: + + # jail -cm ... meta="tag1=value1 tag2=value2" env="configuration" + +The values are not inherited from the parent jail. +A parent jail can read both metadata parameters, while a child jail can read only `env` via the newly added `security.jail.env` sysctl. + +The maximum size of `meta` or `env` per jail is controlled by the global `security.jail.meta_maxbufsize` sysctl. +Decreasing it does not alter the existing meta information. + +Each metadata buffer can optionally be handled as a set of `key=value\n` strings: + + # jail -cm ... meta="$(echo k1=v1; echo k2=v2)" env.1=one + # jls meta.k2 env.1 meta.k1 + +While `meta.k1=""` or `meta.k1=` resets the value to an empty string, the `meta.k1` without the equal sign removes the given key. +The flua's libjail has been updated respectively to support the key-based handling. + +Sponsor: SkunkWerks GmbH
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202504081202.538C22Hu048129>