Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 23 May 2006 15:31:32 GMT
From:      Deyan Dyankov <deyan.dyankov@gmail.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   misc/97697: [PATCH] rc.conf - jail_<j>_exec_afterstart[0..n]
Message-ID:  <200605231531.k4NFVWIj062767@www.freebsd.org>
Resent-Message-ID: <200605231540.k4NFeIlJ053681@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         97697
>Category:       misc
>Synopsis:       [PATCH] rc.conf - jail_<j>_exec_afterstart[0..n]
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue May 23 15:40:18 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Deyan Dyankov
>Release:        FreeBSD 6.1-STABLE
>Organization:
>Environment:
FreeBSD porky 6.1-STABLE FreeBSD 6.1-STABLE #1: Sat May 13 19:34:29 EEST 2006     root@:/usr/obj/usr/src/sys/PORKY  i386

>Description:
A common patch - nothing unusual.
My situation: I have a jail (web) running lighttpd. If I want to start the jail using /etc/rc.conf I simply put:
jail_web_rootdir="/j/web"
jail_web_hostname="web"
jail_web_ip="aaa.bbb.ccc.ddd"
jail_web_exec_start="/w/sbin/lighttpd -f /w/conf/lighttpd.conf"
jail_web_exec_stop=""
jail_web_devfs_enable="YES"
jail_web_devfs_ruleset="webjail"
jail_web_mount_enable="NO"

But what happens If I want to run proftpd in the same jail? Yes - I could write a simple shell script like this one:
#!/bin/sh
/w/sbin/lighttpd -f /w/conf/lighttpd.conf
/proftpd/sbin/proftpd

and run the shell script with jail_web_exec_start=""

BUT! I don't want /bin/sh installed (for obvious security reasons). The jail contains only the required libraries for its services.

I've patched /usr/src/etc/rc.d/jail in order to allow constructions like:

jail_web_exec_afterstart0="/proftpd/sbin/proftpd"
jail_web_exec_afterstart1="..."
jail_web_exec_afterstart2="..."

.and so on.
Here's the patch - http://88.80.96.36/jail.diff - I hope it'll be useful.
Sorry if there's something missing or wrong - this is my first patch for FreeBSD.
>How-To-Repeat:

>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200605231531.k4NFVWIj062767>