Re: starting jails within jails using rc
- Reply: Dan Langille : "Re: starting jails within jails using rc"
- In reply to: Dan Langille : "starting jails within jails using rc"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 15 Aug 2021 16:29:59 UTC
On 2021-08-14 12:59, Dan Langille wrote: > The problem: > > The parent jail cannot automatically start the child jail. The child > jail can be started manually. > > Running this command in the parent child succeeds: service jail start > freshports > > Why? I think it's because /etc/rc.d/jail contains: > > # KEYWORD: nojail shutdown > > This tells the rc system not to run the jail script if the host is a > jail. > > How can I trick it? > > My two ideas so far: > > * remove the keyword from the script (I've tested this; it works) > * duplicate the script, removing the keyword from the script > * mangle security.jail.jailed in the parent jail it thinks it's not in > a jail and runs it anyway > > The downsides to these: > > * the first two require I keep up to date with the jail script. > * the last one will have unintended consequences I'm sure, many which > I most likely would not like. Since jails with jails is a supported (though not defaulted) feature, I see no reason why simply removing the "nojail" keyword from the script shouldn't be the default. The only cost is typical jail startup having to run the script to no effect, but the rc system is already built of dozens of such seldom-used scripts. - Jamie