conf/142972: [jail] [patch] Support JAILv2 and vnet in rc.d/jail
David BERARD
david at nfrance.com
Wed Jan 20 09:40:04 UTC 2010
The following reply was made to PR conf/142972; it has been noted by GNATS.
From: David BERARD <david at nfrance.com>
To: bug-followup at FreeBSD.org
Cc:
Subject: Re: conf/142972: [jail] [patch] Support JAILv2 and vnet in rc.d/jail
Date: Wed, 20 Jan 2010 10:30:13 +0100
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig17DF4DD3D8D95299AD818873
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Sorry for base64 encoded data
--- jailv2rc_ip6.patch begins here ---
--- /usr/src/etc/rc.d/jail 2009-10-25 02:10:29.000000000 +0100
+++ /usr/src/etc/rc.d/jail 2010-01-20 09:48:04.000000000 +0100
@@ -38,6 +38,7 @@
_fdescdir=3D"${_devdir}/fd"
_procdir=3D"${_rootdir}/proc"
eval _hostname=3D\"\$jail_${_j}_hostname\"
+ eval _name=3D\"\$jail_${_j}_name\"
eval _ip=3D\"\$jail_${_j}_ip\"
eval _interface=3D\"\${jail_${_j}_interface:-${jail_interface}}\"=
eval _exec=3D\"\$jail_${_j}_exec\"
@@ -95,6 +96,9 @@
fi
fi
+ # JAIL new style
+ eval _v2=3D\"\${jail_v2_enable:-"NO"}\"
+
# The default jail ruleset will be used by rc.subr if none is spe=
cified.
eval _ruleset=3D\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_rules=
et}}\"
eval _devfs=3D\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}=
\"
@@ -110,18 +114,26 @@
eval _fstab=3D\"\${jail_${_j}_fstab:-${jail_fstab}}\"
[ -z "${_fstab}" ] && _fstab=3D"/etc/fstab.${_j}"
eval _flags=3D\"\${jail_${_j}_flags:-${jail_flags}}\"
- [ -z "${_flags}" ] && _flags=3D"-l -U root"
+ if checkyesno _v2; then
+ [ -z "${_flags}" ] && _flags=3D"-l -U root -c"
+ else
+ [ -z "${_flags}" ] && _flags=3D"-l -U root"
+ fi
eval _consolelog=3D\"\${jail_${_j}_consolelog:-${jail_consolelog}=
}\"
[ -z "${_consolelog}" ] && _consolelog=3D"/var/log/jail_${_j}_con=
sole.log"
eval _fib=3D\"\${jail_${_j}_fib:-${jail_fib}}\"
+ eval _vnet=3D\"\${jail_${_j}_vnet_enable:-"NO"}\"
# Debugging aid
#
+ debug "$_j v2 enable: $_v2"
debug "$_j devfs enable: $_devfs"
debug "$_j fdescfs enable: $_fdescfs"
debug "$_j procfs enable: $_procfs"
debug "$_j mount enable: $_mount"
+ debug "$_j vnet enable: $_vnet"
debug "$_j hostname: $_hostname"
+ debug "$_j name: $_name"
debug "$_j ip: $_ip"
jail_show_addresses ${_j}
debug "$_j interface: $_interface"
@@ -481,6 +493,20 @@
*) ;;
esac
+
+ # Append address to list of addresses for the jail comman=
d.
+ case "${_type}" in
+ "inet") case "${_addrlv4}" in
+ "") _addrlv4=3D"${_addr}" ;;
+ *) _addrlv4=3D"${_addrlv4},${_addr}" ;;
+ esac;;
+ "inet6") case "${_addrlv6}" in
+ "") _addrlv6=3D"${_addr}" ;;
+ *) _addrlv6=3D"${_addrlv6},${_addr}" ;;
+ esac;;
+ esac
+
+
# Append address to list of addresses for the jail comman=
d.
case "${_addrl}" in
"") _addrl=3D"${_addr}" ;;
@@ -567,6 +593,8 @@
continue;
fi
_addrl=3D""
+ _addrlv4=3D""
+ _addrlv6=3D""
jail_ips "add"
if [ -n "${_fib}" ]; then
_setfib=3D"setfib -F '${_fib}'"
@@ -634,12 +662,26 @@
${out}
i=3D$((i + 1))
done
-
- eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname=
} \
- \"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1
-
+ if checkyesno _v2; then
+ _start_cmd=3D"${_setfib} jail -J ${_tmp_jail} ${_=
flags} path=3D${_rootdir} host.hostname=3D${_hostname} \
+ name=3D\"${_name}\""
+ if checkyesno _vnet; then
+ _start_cmd=3D"${_start_cmd} vnet"
+ else
+ _start_cmd=3D"${_start_cmd} ip4.addr=3D\"=
${_addrlv4}\" ip6.addr=3D\"${_addrlv6}\""
+ fi
+ _start_cmd=3D"${_start_cmd} command=3D${_exec_st=
art}"
+ eval ${_start_cmd} > /dev/null 2>&1
+ else
+ eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_=
hostname} \
+ \"${_addrl}\" ${_exec_start} > ${_tmp_jai=
l} 2>&1
+ fi
if [ "$?" -eq 0 ] ; then
- _jail_id=3D$(head -1 ${_tmp_jail})
+ if checkyesno _v2; then
+ _jail_id=3D$(awk -F '=3D| ' '{print $2}' =
${_tmp_jail})
+ else
+ _jail_id=3D$(head -1 ${_tmp_jail})
+ fi
i=3D1
while : ; do
eval out=3D\"\${_exec_afterstart${i}:-''}=
\"
--- jailv2rc_ip6.patch ends here ---
--------------enig17DF4DD3D8D95299AD818873
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAktWzSUACgkQYIAREn/Gjrj/7ACgw+LGIJyA4YZ2uXeKx+6+8wYb
HsgAnAj60qPyGyfwTSUUtR+9yQv4U9oY
=iskM
-----END PGP SIGNATURE-----
--------------enig17DF4DD3D8D95299AD818873--
More information about the freebsd-jail
mailing list