Idea about "skeleton jail"

Xin LI delphij at frontfree.net
Tue Feb 1 09:08:27 PST 2005 

I have attached an "alpha" patch in attachment that implements skeljail,
which includes an "installskel" target to install a (hmm... as many as
you wish and your hard disk allows) skeleton after buildworld.

In order to make use it, follow the following procedure:

0. make buildworld is a prerequisite to run "make installskel" so do it
1. make a directory.  i.e. mkdir /vhosts/1
2. cd /usr/src && make installskel DESTDIR=/vhosts/1
3. (You may want to copy something like password database/first ssh keys
into the jail.  I have a "core.tbz" to do this)
4. Add configuration to /etc/rc.conf
5. Start the jail script as usual.  This includes rebooting the host, or
"/etc/rc.d/jail restart".

To patch your existing system to get a test run of the patch, the
following procedure is recommended (other ways may work, too):
0. cvsup to latest -CURRENT
1. on top level src tree (/usr/src), do patch < (the patch file)
2. make buildworld installworld (make sure you have latest kernel
installed, of course)
3. cd /usr/src/etc/rc.d && make install (this can be accomplished in a
different way by running mergemaster)

Added rc.conf knobs:
- jail_<X>_skel_enable=(YES|NO)
Whether to enable skeleton jail.  The default is NO.

- jail_<X>_skel_root
Where the skeleton should mount everything from.  This can be / (the
default), and you can specify something like /vhosts/templateRELENG_4 if
you want a different release.

- jail_<X>_skel_romounts
Which directories we should mount from the jail_<X>_skel_root.  The
default value is "bin sbin lib libexec usr/bin usr/sbin usr/include
usr/lib usr/libdata usr/libexec usr/sbin usr/share".

I've received some of quite impressive scripts from our user community
and I will consult these scripts to find out if I have missed something
important, and do further improvements over this version.  Please let me
know if there are any suggestions, flaws with this patch.

Thanks in advance!

Cheers,
-- 
Xin LI <delphij delphij net>  http://www.delphij.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch-skel
Type: text/x-patch
Size: 4111 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20050202/01d90c4f/patch-skel.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: 
	=?UTF-8?Q?=E8=BF=99=E6=98=AF=E4=BF=A1=E4=BB=B6=E7=9A=84=E6=95=B0?=
	=?UTF-8?Q?=E5=AD=97=E7=AD=BE=E5=90=8D=E9=83=A8?= =?UTF-8?Q?=E5=88=86?=
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20050202/01d90c4f/attachment.bin

More information about the freebsd-hackers mailing list