isc-dhcpd.sh jail options conflict with /etc/rc.subr
Christopher Cowart
ccowart at rescomp.berkeley.edu
Mon Sep 11 13:32:50 PDT 2006
Hello,
I posted to questions last week, but have not received any responses.
The port for isc-dhcp3-server has config options for enabling FreeBSD
process jails. Basically, through a series of command line arguments
that are generated by the isc-dhcpd.sh script, the chroot is
auto-generated when you start the service and dhcpd makes the syscall to
jail itself. This is actually really nifty and makes the process of
running dhcpd in a thin jail brainless.
The problem happens when I run "isc-dhcpd.sh stop":
dhcpd not running? (check /var/jails/dhcpd/var/run/dhcpd/dhcpd.pid).
Well, I know better. dhcpd is clearly running with the pid indicated in
the pid file. After investigating /etc/rc.subr, I've determined the
cause (where $JID is the jid of the running rc script and $_jid is the
jid of the process, determined by ps output):
if [ "$JID" -eq "$_jid" ];
This prevents me from using the rc script outside the jail to stop the
jail'd dhcpd process. /etc/rc.subr is making a false assumption that
people won't want to be controlling jailed services via rc scripts on
the host machine.
My question is how do I get around this? I'd prefer not to hack rc.subr
unless it's a community-useable patch that can be incorporated back into
the official sources. One option would be to allow rc scripts to set
some sort of "CHECK_JAILS" variable and to implement the necessary logic
to handle it in rc.subr. Is there a better solution?
--
Chris Cowart
Unix Systems Administrator
Residential Computing, UC Berkeley
"May all your pushes be popped"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-rc/attachments/20060911/8f87adde/attachment.pgp
More information about the freebsd-rc
mailing list