Re: starting jails within jails using rc
- In reply to: James Gritton : "Re: starting jails within jails using rc"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 15 Aug 2021 16:56:33 UTC
James Gritton wrote on 8/15/21 12:29 PM: > On 2021-08-14 12:59, Dan Langille wrote: >> The problem: >> >> The parent jail cannot automatically start the child jail. The child >> jail can be started manually. >> >> Running this command in the parent child succeeds: service jail start >> freshports >> >> Why? I think it's because /etc/rc.d/jail contains: >> >> # KEYWORD: nojail shutdown >> >> This tells the rc system not to run the jail script if the host is a >> jail. >> >> How can I trick it? >> >> My two ideas so far: >> >> * remove the keyword from the script (I've tested this; it works) >> * duplicate the script, removing the keyword from the script >> * mangle security.jail.jailed in the parent jail it thinks it's not in >> a jail and runs it anyway >> >> The downsides to these: >> >> * the first two require I keep up to date with the jail script. >> * the last one will have unintended consequences I'm sure, many which >> I most likely would not like. > > Since jails with jails is a supported (though not defaulted) feature, > I see no reason why simply removing the "nojail" keyword from the > script shouldn't be the default. The only cost is typical jail > startup having to run the script to no effect, but the rc system is > already built of dozens of such seldom-used scripts. Wow. I had not considered a patch until now. Submitted. https://github.com/freebsd/freebsd-src/pull/525 -- Dan Langille - dan@langille.org https://langille.org/