From owner-freebsd-jail@freebsd.org Wed Feb 10 14:37:58 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 94412AA36C1 for ; Wed, 10 Feb 2016 14:37:58 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org (gritton.org [162.220.209.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "www.gritton.org", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 69ACC7B5 for ; Wed, 10 Feb 2016 14:37:57 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org (gritton.org [162.220.209.3]) by gritton.org (8.15.2/8.15.2) with ESMTPS id u1AEbpEw061471 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 10 Feb 2016 07:37:51 -0700 (MST) (envelope-from jamie@freebsd.org) Received: (from www@localhost) by gritton.org (8.15.2/8.15.2/Submit) id u1AEbow8061470; Wed, 10 Feb 2016 07:37:50 -0700 (MST) (envelope-from jamie@freebsd.org) X-Authentication-Warning: gritton.org: www set sender to jamie@freebsd.org using -f To: freebsd-jail@freebsd.org Subject: Re: exec_poststart X-PHP-Originating-Script: 0:rcube.php MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Wed, 10 Feb 2016 07:37:50 -0700 From: James Gritton Cc: marquis@roble.com In-Reply-To: <56ba5d24.8b00620a.e1560.fffff48cSMTPIN_ADDED_MISSING@mx.google.com> References: <56ba5d24.8b00620a.e1560.fffff48cSMTPIN_ADDED_MISSING@mx.google.com> Message-ID: X-Sender: jamie@freebsd.org User-Agent: Roundcube Webmail/1.1.2 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Feb 2016 14:37:58 -0000 On 2016-02-09 14:41, Roger Marquis wrote: > James Gritton wrote: >> You can reference jail parameters within other parameters, much like >> you'd use shell variables. In the global part of the definition, you >> can set: >> exec.poststart = "/path/to/script.sh ${host.hostname}" > > This is perhaps a tangent but I'm wondering if this syntax could be > clarified > so 'exec' isn't used to mean 'jexec'? Would also simplify things if > subsequent > j/exec's didn't require the use of '+=' instead of '='. Ideally both > should be > deprecated in favor of a sysrc-compatible ':'. I'm not sure what you mean by exec meaning jexec - yes, jexec(8) is a program that runs things inside a jail, and the exec.* paramaters run programs (usually) inside the jail. But it doesn't actually run jexec, and "exec" is the more natural word to describe something that is executed. Besides, this is based on the old shell-based rc name that have always been "exec_*". Speaking of the old ways, being sysrc-compatible wasn't really the goal. When creating a config file, I found C-style and DOS-style were both pretty common; I went with C. I'm not sure what you mean by ':' being sysrc-compatible though - I have no idea what part a colon has ever played in the old-style jail specification. But '=' and '+=' are not going to be deprecated. If you don't want the '=', you can always do without: other programs with C-style configs don't use '=' but just have names and values with whitespace between them, and you can do the same in jail.conf. There's a good reason why it's '+=' instead of just '='. You need to keep '=' available to totally replace a parameter, so you can specify a default value in the global section and allow some jails to substitute their own value. Or, in some cases (e.g. ip addresses, exec) a parameter may have a list of values and you need a way to build that list. The old *_0, *_1, etc worked for shell, but was always an inelegance tied to shell's limitations. > Would also be nice if non-0 exit codes didn't abort the entire sequence > (without > hacking in a subshell;exit 0) and if the man page mentioned some of > this. It has always been this way, so changing it would cause more problems than they would solve. And I don't think they would solve any anyway - it's always a good idea to pay attention to error returns, at least by default. It is in fact explicitly mentioned in the jail(8) man page, in the heading paragraph above the various exec.* parameters, that the commands must return a zero exit status or the jail will not be created. > Regarding the man page, there's a URL under AUTHORS that doesn't lead > where you > might expect... Makes a good case for a policy forbidding > non-freebsd.org URLs > in man pages. That definitely doesn't go where I expected (though after your warning, I was thinking it might end up on a porn site). I'll scrub the URL from the documentation. - Jamie