isc-dhcpd.sh jail options conflict with /etc/rc.subr
David Thompson
dat1965 at yahoo.com
Mon Sep 11 15:17:29 PDT 2006
--- Christopher Cowart <ccowart at rescomp.berkeley.edu> wrote:
> The port for isc-dhcp3-server has config options for enabling FreeBSD
> process jails. Basically, through a series of command line arguments
> that are generated by the isc-dhcpd.sh script, the chroot is
> auto-generated when you start the service and dhcpd makes the syscall to
> jail itself. This is actually really nifty and makes the process of
> running dhcpd in a thin jail brainless.
>
> The problem happens when I run "isc-dhcpd.sh stop":
> dhcpd not running? (check /var/jails/dhcpd/var/run/dhcpd/dhcpd.pid).
>
> Well, I know better. dhcpd is clearly running with the pid indicated in
> the pid file. After investigating /etc/rc.subr, I've determined the
> cause (where $JID is the jid of the running rc script and $_jid is the
> jid of the process, determined by ps output):
> if [ "$JID" -eq "$_jid" ];
>
> This prevents me from using the rc script outside the jail to stop the
> jail'd dhcpd process. /etc/rc.subr is making a false assumption that
> people won't want to be controlling jailed services via rc scripts on
> the host machine.
>
> My question is how do I get around this? I'd prefer not to hack rc.subr
> unless it's a community-useable patch that can be incorporated back into
> the official sources. One option would be to allow rc scripts to set
> some sort of "CHECK_JAILS" variable and to implement the necessary logic
> to handle it in rc.subr. Is there a better solution?
One idea might be to hack your isc-dhcpd.sh script so that right
after the /etc/rc.subr is sourced, you add your own command to
properly set JID,
. /etc/rc.subr
JID=`...your own command to set JID correctly...`
--
David
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the freebsd-rc
mailing list