New jail(8) with configuration files, not yet in head

[Brandon Gooch]

On Mon, Jul 4, 2011 at 12:24 AM, Jamie Gritton <jamie at freebsd.org> wrote:
> I'm hoping to get the latest version of jail(8) in before the door slams
> shut on 9.0.  If anyone wants to take a look at the new code and give it a
> spin, it may help to ease RE's mind about my tardiness.  The included diff
> applies to the current usr.sbin/jail directory.  In addition to the new
> program, it adds a jail.conf(5) man page that explains the config file
> format (hint: it's a typical C-style block config).
>
> For anyone that caught my EuroBSDCon presentation last year, it's pretty
> much what I presented there.  Unfortunately it doesn't have the suggestions
> that were given then, which remain on the to-do list.  What little time I've
> devoted to this project since then has gone into cleaning things up and
> fixing the error handling.  Other bits will still go in later, but first I'd
> like to move this from "project" to "real" status.
>
> The new program does two things.  First, it works the same way the current
> jail(8) does, to add jails from the command line - or change their
> parameters, or remove them.  Then it adds the ability to to the same thing
> from a config file, including running the start-up commands that are
> currently done by the rc.d/jail script.  Details of that are in the new
> jail(8) and jail.conf(5) man pages.
>
> Bugs: there shouldn't be any, of course :-).  But please let me know if you
> see any!
>
> - Jamie
>

This is great! I have had a great experience testing this out, I'm
sure others will find this really satisfying, particularly those also
testing VIMAGE kernels, since the new jail config framework has vnet
capability built-in.

I did however notice a minor nit in the output when removing a jail.
Here's the scenario:

I set out with a new jail.conf(5) file:

exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;

ports {
    path = "/usr/jails/$name";
    ip4.addr = 10.1.1.1;
}

I run the jail creation command:

# jail -c ports
ports: created
/etc/rc: WARNING: $hostname is not set -- see rc.conf(5).
Creating and/or trimming log files.
ln: /dev/log: Operation not permitted
Starting syslogd.
ELF ldconfig path: /lib /usr/lib /usr/lib/compat
32-bit compatibility ldconfig path: /usr/lib32
Clearing /tmp (X related).
Updating motd:.
Starting sshd.
Starting cron.
Starting ftpd.

Mon Jul  4 21:21:30 UTC 2011

...and the jail is running:

# jls
   JID  IP Address      Hostname                      Path
     3  10.1.1.1                                      /usr/jails/ports

Now, when I go to remove the jail:

# jail -r ports
Stopping cron.
Waiting for PIDS: 29824.
Terminated
.
jail: ports: (null): failed

I don't think it's anything to worry about, as the jail does indeed
get removed. I wonder though if this might be a indicator of some
underlying problem I haven't ran into yet with my simplistic testing.

All-in-all, I'm loving it -- thanks Jamie!

-Brandon