Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 15 Aug 2021 12:56:33 -0400
From:      Dan Langille <dan@langille.org>
To:        James Gritton <jamie@freebsd.org>
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: starting jails within jails using rc
Message-ID:  <2fde54a8-1f19-28e0-46b2-74b5ef2c2e65@langille.org>
In-Reply-To: <ff66d9850ff869e9c1f22ed5989f28e7@freebsd.org>
References:  <60ecf265-b308-738d-ec2f-64e76b625a38@langille.org> <ff66d9850ff869e9c1f22ed5989f28e7@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
James Gritton wrote on 8/15/21 12:29 PM:
> On 2021-08-14 12:59, Dan Langille wrote:
>> The problem:
>>
>> The parent jail cannot automatically start the child jail. The child
>> jail can be started manually.
>>
>> Running this command in the parent child succeeds: service jail start 
>> freshports
>>
>> Why? I think it's because /etc/rc.d/jail contains:
>>
>> # KEYWORD: nojail shutdown
>>
>> This tells the rc system not to run the jail script if the host is a 
>> jail.
>>
>> How can I trick it?
>>
>> My two ideas so far:
>>
>> * remove the keyword from the script (I've tested this; it works)
>> * duplicate the script, removing the keyword from the script
>> * mangle security.jail.jailed in the parent jail it thinks it's not in
>> a jail and runs it anyway
>>
>> The downsides to these:
>>
>> * the first two require I keep up to date with the jail script.
>> * the last one will have unintended consequences I'm sure, many which
>> I most likely would not like.
>
> Since jails with jails is a supported (though not defaulted) feature,
> I see no reason why simply removing the "nojail" keyword from the
> script shouldn't be the default.  The only cost is typical jail
> startup having to run the script to no effect, but the rc system is
> already built of dozens of such seldom-used scripts.
Wow.

I had not considered a patch until now.

Submitted.

https://github.com/freebsd/freebsd-src/pull/525

-- 
Dan Langille - dan@langille.org
https://langille.org/

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2fde54a8-1f19-28e0-46b2-74b5ef2c2e65>