jail configuration

Hiroki Sato hrs at FreeBSD.org
Sun Oct 6 01:24:03 UTC 2013 

Dag-Erling Smørgrav <des at des.no> wrote
  in <86d2o8k6zf.fsf at nine.des.no>:

de> "Teske, Devin" <Devin.Teske at fisglobal.com> writes:
de> > I've been thinking about maybe writing a tool (or 2). Options on the table:
de> >
de> > 1. Tool like sysrc that allows you to modify/maintain jail.conf from CLI?
de> > 2. Tool to migrate from rc.conf to jail.conf?
de> > 3. Both?
de> 
de> A shell script that does 2. should be sufficient, IMHO.

 I tried to rewrite a rc.d/jail with backward compatibility.  It still
 looks complex but LOC falls into one-half.  I think we can remove the
 compat part later before 11.0.  After the removal, this will be much
 similar to your patch.  A patch for jail(8) is a small bug fix.

 a) config file support

  jail_enable="YES"
  jail_conf="/etc/jail.conf"	# /etc/jail.conf if not specified.
  jail_list="hosta hostb"	# all of instances if not specified.

 b) old rc.conf variables support (will be removed eventually)

  jail_enable="YES"
  jail_list="hosta hostb"
  jail_hosta_hostname="hosta.example.com"
  jail_hosta_ip="192.168.2.1,192.168.2.2"
  jail_hosta_rootdir="/jail/hosta"
  ....

  These configuration variables will be converted into
  /var/run/jail_{name}.conf.  While this is basically backward
  compatible, procfs_enable and fdescfs_enable are not supported.

 c) mixed environment

  Even if /etc/jail.conf exists, rc.d/jail attempts to create and use
  /var/run/jail_{name}.conf when both jail_{name}_hostname and
  jail_{name}_rootdir are defined.  If not defined, it attempts to use
  /etc/jail.conf (or $jail_conf).  This decision is made in a per-jail
  basis.

 d) conversion from rc.conf variables to config file

  # /etc/rc.d/jail config <name in jail_list>

  /var/run/jail_{name}.conf is created.


 I think this do not break the existing configurations (more testing
 needed, of course) and one can convert by "rc.d/jail convert" and
 copy-n-paste the results to /etc/jail.conf.  If one uses
 /etc/jail.conf, just $jail_enable variable will do the trick.

 What do you think about this?

-- Hiroki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jail_20131006-1.diff
Type: text/x-patch
Size: 24651 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20131006/f7bf74a0/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20131006/f7bf74a0/attachment.sig>

More information about the freebsd-arch mailing list