Re: Ezjail

[Dirk Engling]

On 30.04.20 17:30, Brandon helsley wrote:

> I installed and updated base jail with ezjail and then like the
> example in the handbook, created dnsjail with it's ip. I'm now needed
> to change the jail file in ezjail directory to a different ip
> address. What do I change it to and how do I do this? Can I get any
> help? Please?

Simplest is to (everything as root) just stop the jail via

ezjail-admin stop JAILNAME

then edit the file /usr/local/etc/ezjail/JAILNAME

and change the line with your original IP address:

jail_JAILNAME_ip="123.45.78.90"

or

jail_JAILNAME_ip="lo1|127.0.23.42"

and then run the jail again with

ezjail-admin start JAILNAME

Best

  erdgeist
___
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"

Re: Cannot delete jail folder

[Dirk Engling]

Currently on the road. But FAQ answers your question. Look for noschg 
https://erdgeist.org/arts/software/ezjail/#faq

Best

  erdgeist

Am 11. Juni 2017 17:13:00 MESZ schrieb "Grégory Reinbold" :
>Hi,
>
>I have installed a jail using ezjail-admin for testing the solution. 
>After testing, I want to delete the jail using:
>
># ezjail-admin delete jailname
>
>I see in the man page, the elete argument: only deletes ezjail's
>control 
>file for the selected jail as well as /etc/fstab.jailname.
>
>So, I tried to delete the folder manually using:
>
># rm -rf /usr/jails/jailname
>
>Result: /usr/jailname/test/var/empty
>
>My root are not able to delete this directory, so how I can it?
>
>
>Regards
>
>-- 
>Grégory Reinbold
>
>___
>freebsd-jail@freebsd.org mailing list
>https://lists.freebsd.org/mailman/listinfo/freebsd-jail
>To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"

-- 
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
___
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"

Re: Configuring network without ezjail

[Dirk Engling]

On 12.12.15 01:19, marcel wrote:

> I would like to know if it is possible to configure a jail's network for
> accessing to the World Wide Web but without ezjail ?
> I have created my jail without ezjail (mkdir jail, make installworld,
> etc...) and I would like to continue without it if it's possible...

Sure, why doesn't it connect to the net? Does it have a RFC1918 IP? If
so, you need to enable NAT. If not, did you enable gatewaying? Maybe you
just have DNS problems, so is your resolv.conf set up properly?

Without knowing what exactly is not working, I can not help you.

  erdgeist
___
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"

Re: Configuring network without ezjail

[Dirk Engling]

On 12.12.15 02:50, marcel wrote:
> No I don't get to have an IP address... Yet I have writed this in my
> host's rc.conf:
> 
> jail_enable="YES"
> jail_list="thename"
> jail_guantanamo_rootdir="thepath"
> jail_guantanamo_hostname="thename"
> jail_guantanamo_ip="192.168.0.12"

Well, what you write into your rc.conf is only relevant to the
/etc/rc.d/jail script. If you're not using the script, you don't need
these variables.

You might man to look up the jail.conf(5) man page.

> and I use the command:
> 
> jail thepath thename 192.168.0.12 /bin/csh

Looks like you need to create the jail first. Use the -c parameter to jail.

However I suggest to configure your jails with either a tool like ezjail
or at least start the jails with the /etc/rc.d/jail script.

  erdgeist
___
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"

Re: Create Jail fail by c language

[Dirk Engling]

On 18.04.15 17:34, freekai wrote:

  18 j.ip4s=inet_addr(cp);

From the man page:

 The “ip4s” and “ip6s” give the numbers of IPv4 and IPv6 addresses
 that will be passed via their respective pointers.

so it should rather read:

  18 j.ip4s=1;
  19 j.ip6s=0;
  20 
  21 if(1!=inet_aton(cp,ip4))
  22 printf(the address is invalid\r\n);
  23 
  24 j.ip4=ip4;

  The problem is it will print `einval`,it means `The version number of the 
 argument is not correct.`
  How to solve it?

Also, the man pages states several other reasons for the EINVAL return
code (scroll further down), one of them being

[EINVAL]   A supplied parameter is the wrong size.

Regards

  erdgeist
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org

Re: preferred jail management tool

[Dirk Engling]

On 28.01.15 17:11, wishmaster wrote:

 This is not killer feature, this something imperfection (sorry,
 Dirk. Without insults).

No offense taken. Everyone has their own requirements and we worked out
that you are not the run-of-the-mill ezjail customer. Fine. No need to
convince others that your use case is the only valid one, though.

I still think that the FHS has defined a decent line for what in a
FreeBSD installation is static shareable and can be provided read only
to all jails. If you have actual users with their own requirements you
want to contain in a jail, they DO expect a vanilla installation to do
their stuff with. And this is what ezjail was built for originally.

  erdgeist
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org

Re: preferred jail management tool

[Dirk Engling]

On 27.01.15 21:01, Peter Toth wrote:

 The most important part is jail(8) and properties can be passed to jail(8)
 very easily.
 
 This is the very reason I stopped relying on any rc.d/jai or jail.conf for
 iocage. It is much easier/simpler to add/modify features when dealing with
 jail(8) directly.

This means that you need to keep your config in yet another place. I
think it's much nicer to point a user to a defined location where he
would find everything that magically creates those jail containers at
system startup.

I think that rc.d/jail and its config should provide all the means
necessary to describe the state of the system's jails after booting up.
If it doesn't, the tool is useless. Could you please explain what
features are missing in jail.conf for you to not use it? Maybe we can
layout a path to a better config abstraction.

  erdgeist
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org

Re: preferred jail management tool

[Dirk Engling]

On 27.01.15 22:12, Miroslav Lachman wrote:

 Yes. Sometimes I have a feeling that jails or some other features are
 unwanted children. I had PR opened for years with patche to rc.d/jail or
 etc/rc.subr to incorporate nice, or cpuset. And it never found it's way
 to the tree.

How's that possible?

I felt similarly frustrated when I went to 2013's BSDCan trying to talk
to the jaily people and noone was around. Jamie couldn't attend but
said that he's busy with other stuff and couldn't commit time to jail
development. Which, of course, is fine. It leaves a void, though.

What good are features that are neither documented nor exposed to the
users? How do we move on from here and get config and docs synchronized
and where can I get a big picture of what's the big plan for the future?

  erdgeist
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org

Re: preferred jail management tool

[Dirk Engling]

On 27.01.15 21:36, Valeri Galtsev wrote:

 Now I feel ultimately confused. I [still] have all my jail configurations
 in /etc/rc.conf, and I can start or stop one of the jails by
 
 /etc/rc.d/jail [start|stop] jailname
 
 If I switch all configurations to /etc/jail.conf, will the same commands
 work for starting/stopping jails?

Yes, using per-jail-variables in your rc.conf has been deprecated but
will still work in 10.

If you migrate to jail.conf, everything will be working as you expect.

  erdgeist
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org

Re: preferred jail management tool

[Dirk Engling]

On 27.01.15 17:57, Mark Felder wrote:

 I'll admit that last time I used ezjail I found it frustratingly
 difficult to locate concise documentation on exactly how flavours
 worked, and how to use scripts to do things to the new jails as well as
 copying in the files I wanted. Maybe I just didn't look hard enough,
 though.

Well, I built flavours as stupidly simply as it gets: all it does is to
copy files and some of them happen to be located in /etc/rc.d, being
executed at the first start up. If you would have taken a single look
into the example flavour, you should have noticed.

Even in the old docs this was pointed out, the overhauled man pages do
that even more precisely.

  erdgeist
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org

Re: cannot access internet from jail, help needed please

[Dirk Engling]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 01.06.14 02:14, s7r wrote:

 2. My server has 3 public IPv4 addresses. Add one of them as an
 alias (for the jail): # ifconfig em0 alias ip netmask
 255.255.255.255

Also did you check that the jail's addresses are inside the net
configured netblock and you do not have routing table entries that
might divert or block traffic, i.e. is there a firewalls, if so what
are its rules?

  erdgeist
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAlOKdNkACgkQuN1wFypsMNN1nwCeNoEbJkskow8Vw+Y/BfWCcyQt
kgYAn0syfyunUNyiCzE8a+0jqSTrL+cr
=fJZ6
-END PGP SIGNATURE-
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org

BUG in jail(8) variable substitution, and PATCH

[Dirk Engling]

The variable substitution of FreeBSD's jail tool yields unexpected
results when a parameter has more than one variable to substitute and
one of the later variables needs substitution as well.

Consider the simple test case:

$A = A_${B}_C_${D};
$B = B;
$D = D_${E}_F;
$E = E;

bar {
exec.poststart = touch /tmp/$A;
}

EXPECTED OUTCOME for running jail -c bar would be a file with the name
/tmp/A_B_C_D_E_F to be touched (and, of course, the jail
bar being created).

OBSERVED OUTCOME is a file with the name
/tmp/A_BBBD_E_FBB_C_ being created.

The reason is the way jail(8) resolves recursive substitutions. In
head/usr.sbin/jail/config.c:193 a varoff variable is introduced that
handles a shifting offset for multiple variable substitutions per
parameter. This varoff is updated after each substitution in line 239 to
reflect a new offset into the parameter's string. This ensures that all
other variables are substituted at [their insertion point plus varoff]
which is the accumulated length of all previously substituted variables.

Now in our example, if $A is to be expanded, first ${B} is inserted at
offset 2 and varoff becomes 10. When substituting ${D}, the recursion
check at line 216 detects that variable $D also needs expansion. It
reorders the parameter list, so that the algorithm works on variable $D
now. Then it jumps to find_vars at line 191 and properly expands
D_${E}_F to D_E_F.

When the algorithm now returns to expanding $A by entering the loop body
again, it finds a re-set varoff variable leading to (the now expanded)
variable $D being inserted at the offset 5, where the parser initially
would find it (the internal format for $A is approx: { A__C_, {2,
B}, {5, D}}) and not at the corrected offset 10.

PROPOSED SOLUTION: Get rid of the varoff and replace line 239 with:

[struct cfvar *]vv = v;
while ((vv = STAILQ_NEXT(vv, tq)))
v-pos += vs-len;

to make the offset permanent. Find a patch attached.

Regards,

  erdgeist
Index: config.c
===
--- config.c(revision 256751)
+++ config.c(working copy)
@@ -129,9 +129,8 @@
struct cfjail *j, *tj, *wj;
struct cfparam *p, *vp, *tp;
struct cfstring *s, *vs, *ns;
-   struct cfvar *v;
+   struct cfvar *v, *vv;
char *ep;
-   size_t varoff;
int did_self, jseq, pgen;
 
if (!strcmp(cfname, -)) {
@@ -190,7 +189,6 @@
p-gen = ++pgen;
find_vars:
TAILQ_FOREACH(s, p-val, tq) {
-   varoff = 0;
while ((v = STAILQ_FIRST(s-vars))) {
TAILQ_FOREACH(vp, j-params, tq)
if (!strcmp(vp-name, v-name))
@@ -232,11 +230,13 @@
goto bad_var;
}
s-s = erealloc(s-s, s-len + vs-len + 1);
-   memmove(s-s + v-pos + varoff + vs-len,
-   s-s + v-pos + varoff,
-   s-len - (v-pos + varoff) + 1);
-   memcpy(s-s + v-pos + varoff, vs-s, vs-len);
-   varoff += vs-len;
+   memmove(s-s + v-pos + vs-len,
+   s-s + v-pos,
+   s-len - v-pos + 1);
+   memcpy(s-s + v-pos, vs-s, vs-len);
+   vv = v;
+   while ((vv = STAILQ_NEXT(vv, tq)))
+   vv-pos += vs-len;
s-len += vs-len;
while ((vs = TAILQ_NEXT(vs, tq))) {
ns = emalloc(sizeof(struct cfstring));

___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org

Patch: make the jail(8) command set the jid parameter

[Dirk Engling]

Hello,

I've created a patch to the jail command that allows statements like

exec.poststart = touch /startjailid_${jid};
exec.prestop = touch /stopjailid_${jid};

in a jail.conf work as expected, even if the jid is not specified there,
i.e. for jails without a pinned jid.

It works by splitting variable substitution in two parts. In the first
pass a missing jid parameter is ignored, running_jid and the IP__OP
create operation will then set the jail's jid parameter and try to
resolve any references not done before.

The code should probably check for references to $jid before it is
available (i.e. in the exec.prestart variable), but just substituting
the empty string as it happens now should be just fine.

Find the patch at
https://erdgeist.org/arts/software/jail/usr.sbin.jail-jid.patch

Regards,

  erdgeist
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org

Allowing meta-namespace in jail.conf

[Dirk Engling]

Dear jail enthusiasts,

in order to move forward with my jail management project ezjail, and
make it support the new jail.conf way of managing jail configs, I need a
way to add properties to jails that are currently not in the list of
allowed parameters. I was thinking of something like

web-jail {
  name = 'www.test.com';
  meta.ezjail.imagetype = 'zfs';
  meta.ezjail.zfsdataset = 'tank/ezjail/www.test.com-data';
}

Alternatively, I could keep a shadow tree of config options and generate
jail configs on the fly, but that would mean not using the power of the
new jail config format. This can also lead to conflicting settings (e.g.
from wildcard jails or global options) and unexpected parts of the
system to look for configs.

Another issue is the complexity of the jail.conf format which makes it
hard to automatically manipulate entries. I've started working on a
parser/generator in shell, but wondered if there are any plans to add a
way to remove jail blocks (adding is easier) and add/modify/delete
parameters in jail blocks. Some standardized way to get the result from
jail(8)'s parser would of course be a nice start.

Any thoughts on that?

  erdgeist
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org

Re: ezjail and UPDATING20131010

[Dirk Engling]

On 12.10.13 07:24, Alexander Leidinger wrote:

 Regarding OS updates (and I assume manual installworld updates in the
 question as freebsd-update is not considered an option) I use:

Well, running freebsd-update on all the jails with IgnorePaths set to
/[^e][^t][^c].* does the trick

 ---snip---
 cd /usr/src
 for jail in /path/to/jails/*; do
echo $jail
sleep 5
mergemaster -D $jail
make DESTDIR=$jail delete-old -DBATCH_DELETE_OLD_FILES
make DESTDIR=$jail check-old   # list old libs
 fi
 make DESTDIR=/path/to/basejail delete-old -DBATCH_DELETE_OLD_FILES

That assumes you have the sources handy which is not always the case.

  erdgeist
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org

Re: ezjail and UPDATING20131010

[Dirk Engling]

On 11.10.13 21:27, wishmaster wrote:

 Yeah!? But do you think updating python in each jail this is the 
 right solution? Freebsd-update in each jail?? What about when number 
 of jails is 10 or about. My server is very high loaded and I use
 tunable custom kernel and world.

Don't use jails then. Better go and order ten servers and use the
amazing features of ... well, d'oh. Puppet?

  erdgeist
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org

Re: jail(8) vs. rc.d/jail features - fstab, zfs, vnet

[Dirk Engling]

On 13.05.13 15:06, Dirk Engling wrote:

 The easy things like adding a zfs dataset parameter and the postcreate
 command can be found here:
 
 http://erdgeist.org/arts/software/jail/usr.sbin.jail-postcreate.patch
 http://erdgeist.org/arts/software/jail/usr.sbin.jail-zfsdataset.patch

Forgot to attach the documentation

http://erdgeist.org/arts/software/jail/usr.sbin.jail-man.patch

  erdgeist
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org

Re: jail(8) vs. rc.d/jail features - fstab, zfs, vnet

[Dirk Engling]

On 14.04.13 17:24, Jamie Gritton wrote:

 line, which is inelegant to say the least. What I need is a $jid to be
 set even when it isn't specified in the config, which is a little
 complicated but doable if I just get down to it.

After stabbing around in the code for a while I found that parameter
substitution happens so early that for non-jid bound jails this
parameter will not be set until much later with the create_jail call and
thus would need special handling in load_config. Code for substituting
just the $jid variable would need to be duplicated from load_config and
reapplied just in case the jid was not set.

Still I agree, it's the much nicer approach, if it works.

 Proceed away :-).

The easy things like adding a zfs dataset parameter and the postcreate
command can be found here:

http://erdgeist.org/arts/software/jail/usr.sbin.jail-postcreate.patch
http://erdgeist.org/arts/software/jail/usr.sbin.jail-zfsdataset.patch

Regards,

  erdgeist
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org

Re: jail(8) vs. rc.d/jail features - fstab, zfs, vnet

[Dirk Engling]

On 12.04.13 01:58, Jamie Gritton wrote:

Jamie,

 similar parameter for zfs, or we could create another set of exec.*
 parameters, which would be more flexible in the long run. But as you
 hinted at with postprestart, there doesn't seem to be a good logical
 name for it.

hmm, maybe the prestart is misnamed, as it actually happens pre-create.
Then prestart would be exactly where we would put the vnet and dataset
magic - aftercreate but prestart.

I also think, it might be helpful, if the environment could be set up
that helps the exec.* scripts finding their way back to the jail in
question. Right now I'd have to create a script for every jail, but setting

JAIL_JID=
JAIL_NAME=

before executing the scripts could make scripting nicer, especially
finding the jid is tedious in scripts. I also thought about substitution
of parameters, but maybe providing the jail name as parameter should be
the job for the jail.conf's authors.

 Since the vnet.interface command exists, you could use that as a guide
 for adding a zfs parameter. vnet.interface only does anything on jail
 creation, as the interface automatically reverts to the parent on jail
 removal. I don't know if the zfs stuff works the same way - if it
 doesn't, then you'll need a similar prepoststop kind of operation.

Looking at the zone_dataset_attach code I understand that jailed zfs
datasets are a property of the prison struct, saved as osd and vanish
when the jail dies. So it should not be necessary to undo the zfs jail
command. However there seems not to be a nice way to find out if any
datasets are attached to a jail, besides trying to attach them.

With that knowledge I think adding a zfs_datasets option for the
jail.conf is rather straight forward and more likely to be useful
immediately than having the user construct wrapper scripts to find out
about the jid of the jail that can then be passed to a number of zfs
jail JID DATASET calls.

Shall I proceed?

  erdgeist
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org

jail(8) vs. rc.d/jail features - fstab, zfs, vnet

[Dirk Engling]

Dear jail hackers,

in my ongoing quest to understand the direction jail development is
heading, I noticed that per-jail-fstabs are not (anymore?, yet?)
supported by the new jail(8)-rc.d/jail2-combo. Are there official plans
to drop the support?

A nice new jail+zfs feature is the zfs jail command, allowing to
attach a zfs to a jail. The way[tm] to properly use this feature is to
first create a prison, attach the zfs file system(s) to the jid and only
then run the exec.start command. So either jail(8) needs to be zfs aware
and execute the zfs jail command(s) by itself, or a exec.postprestart
command that is being passed the prison id of the new jail needs to be
run in system context. (For shutting down and unjail-ing vice versa).

The same goes with the vimage features. Most of the ways I can think of
using vnet interfaces require some configuration in the host system
after the vnet has been attached to the jid but before exec.start (and
thus the jail's rc.d/netif) is executed.

Since I speak C, posix and sh fluidly, I am willing to implement or help
implementing any of the proposals in question, so do not misunderstand
them as just demands ;)

  erdgeist
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org

Re: rc.d/jail and jail.conf

[Dirk Engling]

On 31.03.13 20:31, Jamie Gritton wrote:

 That seems reasonable, but using a jail list in rc.conf may suffice.

It is less error prone to just use 'jail_list=*' in rc.conf and disable
jails per config block, and then issue a warning like 'Skipping disabled
jail(s) foo, bar, baz'.

(Although I see this from a perspective of jails being virtual hosts
that should be configurable by automated tools, too.)

  erdgeist
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org

Re: rc.d/jail and jail.conf

[Dirk Engling]

On Sun, 31 Mar 2013, Jamie Gritton wrote:


If you don't mind some slightly difficult error messages, you can always
disable a jail with exec.prestart=false. jail(8) requires all
commands to succeed, and in particular won't even create a jail when one
of the prestart commands fails.


This violates POLA, but failing with

exec.prestart=echo skipping jail; exit 1

might work. Even though this is not a good marker from a scripting 
perspective.


  erdgeist
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org

rc.d/jail and jail.conf

[Dirk Engling]

Dear jail hackers,

if I follow the development correctly, the jail(8) command was augmented
to make the rc.d/jail script obsolete. However when I want to use the rc
system to start my jails, I am stuck with convincing rc.d/jail to not
fail for missing _hostname or _rootdir.

How am I supposed to have my jails started at boot time? And while we're
at it, is there a rcorder-style way to introduce dependencies into
jail.conf to control the order my jails are started in?

Which brings me to another point, there does not seem to be a way to
convince rc.d/jail to set a jailname for old style jails, making it hard
to integrate with tools that use libjail to translate what were
_hostname parameters to jid before.

On a related note, in order to finally include all the nextgen jail
features in my ezjail project, I wonder if there's an automated tool to
read/write/modify jail.conf(s) on the radar. Currently I am considering
keeping my own set of configs and generating a jail.conf per jail on the
fly, which I do not think is in the user's interest as conflicting
jailnames may occur.

In theory a parser would be enough, but having to automatically recreate
and correctly reorder all user comments and += statements in the config
file when re-writing the file seems a rather hard problem, too.

Regards and thanks in advance,

  erdgeist
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org

Re: rc.d/jail and jail.conf

[Dirk Engling]

On Sat, 30 Mar 2013, Nicolas de Bari Embriz Garcia Rojas wrote:


If I am right you can define the order of start for jails in the jail2_list 
(rc.conf), something like:

jail2_list=jail1 jail2


Thanks, I suppose it mimicks the way rc.d/jail has handled it. I just 
wondered if there's a way to have this order automatically determined by a 
dependency graph, it's a minor request, though.


Regards,

  erdgeist
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org

Re: rc.d/jail and jail.conf

[Dirk Engling]

On 30.03.13 21:38, Miroslav Lachman wrote:

 There is a way, you should use flags. I discussed this topic with bz@
 few years ago and this is the official recommendation how newly added
 features should be used without changes in rc.d/jail
 
 jail_myjail_flags=-l -U root -n myjail

Thanks, I need a switch, since -n only was introduced in 9.1, is it
there to stay?

Out of curiosity, why doesn't the jailname default to the hostname, if
none is given?

  erdgeist
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org

Re: Handbook Jail Chapter rewrite available for critique

[Dirk Engling]

On 18.03.13 20:16, s...@tormail.org wrote:

 to configure things themselves. In my experience, ezjail is a much better
 solution. I also see that you are the maintainer/author of qjail and like
 to shovel your opinion as the only solution, both in this rewrite and
 all over the FreeBSD forums.

Taking a look at the qjail code I can not help to notice several odd
similarities with the ezjail-admin script, down to the very basic bail
out routines. I would not go so far to claim it was just a global
search/replace job but to me the code looks familiar enough to find the

# Copyright  2010,  Qjail project. All rights reserved.

offensive. I am usually quite open with the license of my software,
beerware is as permissive as it gets. I just can not take some script
kiddie right out copying my code verbatim and selling it as his, not
even acknowledging me as the original author.

Anyone here with suggestions how to properly react to this kind of fork?

  erdgeist
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org

Re: jails

[Dirk Engling]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 02.02.12 16:16, Bender, Chris wrote:

 Do you know anything on ZFS? That is my next area of concern that
 isn't working as a results of our engineer that passed away.

ezjail brings native support for zfs. You can create a new file system
for each jail, if you ezjail-admin create them with -c zfs, and also
have your basejail (the shared base system) managed in a zfs file
system, that is snapshot on every update.

Regards,

  erdgeist
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAk8q2zkACgkQuN1wFypsMNNjlQCeMY56ftaapZeKc/O72WxDzW9y
2x4AnArW4QAXuynYon2Vj4nWscn064eY
=P8bc
-END PGP SIGNATURE-
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org