injecting vars into rc-service-scripts at jail-start?

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Alexander Leidinger <Alexander_at_leidinger.net>
Date: Fri, 01 Apr 2022 12:00:35 UTC
Hi,

I'm overlooking something fundamental it seems...

Context:
I'm working on my auto-jailing of services idea: if the auto-jail is  
enabled, a service like syslog is started inside a jail (which  
inherits the FS and depending on some settings also inherits network  
and other stuff or not).

My previous implementation was using _rc_prefix (jailstart) to denote  
the start of a service inside a jail so that "service XXX start" on a  
host would "service XXX jailstart" inside a jail. This had off course  
issues as there is no infrastructure for multiple prefix like  
onejailstart or jailonestart...

Problem:
Now I try to find a way to do it without a prefix, and the first thing  
which comes to my mind is to do "jail xxx 'exec.start=/usr/bin/env  
_rc_svcs=jailing /usr/bin/service XXX CMD ARGS'".


My expectation is, that this would set _rc_svcs=jailing for the  
command service XXX CMND args. Having a "set -x" in rc.subr shows  
clearly in the jail-console log, that inside that jail, the variable  
_rc_svcj is not set. Using "-v" for the env command shows in the log  
that it is called and it sets the var and executes the service command  
with syslog start as arguments.

I tried to find some env-cleanup part in rc.subr, which would discard  
all _rc* variables, but if there is something like that I overlooked it.

For a stop, I call "jexec /usr/bin/env _rc_svcj=jailing  
/usr/sbin/service XXX stop args", and it works, so I rather tend to  
believe there is no env-cleanup.

What am I doing wrong so that _rc_svcj is not picked up inside the jail?

So here is my diff between "prefix driven" (= working) and "var  
driven" (var not picked up inside the jail):
---snip---
                                 case "$rc_arg" in
                                 start)
-                                       if [ "${_rc_prefix}" != jail ]; then
+                                       if [ "${_rc_svcj}" != jailing ]; then
                                                 _return=1
                                                 $JAIL_CMD -c  
$_svcj_generic_params $_svcj_cmd_options \
-                                                    
exec.start="/usr/sbin/service ${name} jailstart $rc_extra_args" \
-                                                    
exec.stop="/usr/sbin/service ${name} jailstop $rc_extra_args" \
+                                                    
exec.start="/usr/bin/env _rc_svcj=jailing /usr/sbin/service ${name}  
${rc_arg} $rc_extra_args" \
+                                                    
exec.stop="/usr/bin/env _rc_svcj=jailing /usr/sbin/service ${name}  
${rc_arg} $rc_extra_args" \
                                                      
exec.consolelog="/var/log/svcj_${name}_console.log" \
                                                     name=svcj-${name}  
&& _return=0
                                         else
                                                     # normal start of  
_cmd via _run_rc_doit
---snip---

What set -x tells what it calls:
---snip---
+ /usr/sbin/jail -c 'path=/' mount.nodevfs 'host=inherit'  
'ip4=inherit' 'ip6=inherit' allow.reserved_ports  
'exec.start=/usr/bin/env -v _rc_svcj=jailing /usr/sbin/service -v  
syslogd start  ' 'exec.stop=/usr/bin/env _rc_svcj=jailing  
/usr/sbin/service syslogd start  '  
'exec.consolelog=/var/log/svcj_syslogd_console.log' 'name=svcj-syslogd'
---snip---

Bye,
Alexander.

-- 
http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org    netchild@FreeBSD.org  : PGP 0x8F31830F9F2772BF