Re: injecting vars into rc-service-scripts at jail-start?

2022-04-01 Thread Alexander Leidinger 
Quoting Jens Schweikhardt  (from Fri, 1 Apr  
2022 14:26:27 +0200 (CEST)):



Identifier confusion? You use _rc_svcs and _rc_svcj in your description.


Typo s/svcs/svcj/ in the explanation.

The diff/code has the vars correct (svcj) and the conditional and the  
setting are close to each other and are "_rc_svcj".


Bye,
Alexander.


--
http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.orgnetch...@freebsd.org  : PGP 0x8F31830F9F2772BF


pgpMgVvmC6DdY.pgp
Description: Digitale PGP-Signatur

Re: injecting vars into rc-service-scripts at jail-start?

2022-04-01 Thread Jens Schweikhardt 
Identifier confusion? You use _rc_svcs and _rc_svcj in your description.

Jens

injecting vars into rc-service-scripts at jail-start?

2022-04-01 Thread Alexander Leidinger 

Hi,

I'm overlooking something fundamental it seems...

Context:
I'm working on my auto-jailing of services idea: if the auto-jail is  
enabled, a service like syslog is started inside a jail (which  
inherits the FS and depending on some settings also inherits network  
and other stuff or not).


My previous implementation was using _rc_prefix (jailstart) to denote  
the start of a service inside a jail so that "service XXX start" on a  
host would "service XXX jailstart" inside a jail. This had off course  
issues as there is no infrastructure for multiple prefix like  
onejailstart or jailonestart...


Problem:
Now I try to find a way to do it without a prefix, and the first thing  
which comes to my mind is to do "jail xxx 'exec.start=/usr/bin/env  
_rc_svcs=jailing /usr/bin/service XXX CMD ARGS'".



My expectation is, that this would set _rc_svcs=jailing for the  
command service XXX CMND args. Having a "set -x" in rc.subr shows  
clearly in the jail-console log, that inside that jail, the variable  
_rc_svcj is not set. Using "-v" for the env command shows in the log  
that it is called and it sets the var and executes the service command  
with syslog start as arguments.


I tried to find some env-cleanup part in rc.subr, which would discard  
all _rc* variables, but if there is something like that I overlooked it.


For a stop, I call "jexec /usr/bin/env _rc_svcj=jailing  
/usr/sbin/service XXX stop args", and it works, so I rather tend to  
believe there is no env-cleanup.


What am I doing wrong so that _rc_svcj is not picked up inside the jail?

So here is my diff between "prefix driven" (= working) and "var  
driven" (var not picked up inside the jail):

---snip---
case "$rc_arg" in
start)
-   if [ "${_rc_prefix}" != jail ]; then
+   if [ "${_rc_svcj}" != jailing ]; then
_return=1
$JAIL_CMD -c  
$_svcj_generic_params $_svcj_cmd_options \
-
exec.start="/usr/sbin/service ${name} jailstart $rc_extra_args" \
-
exec.stop="/usr/sbin/service ${name} jailstop $rc_extra_args" \
+
exec.start="/usr/bin/env _rc_svcj=jailing /usr/sbin/service ${name}  
${rc_arg} $rc_extra_args" \
+
exec.stop="/usr/bin/env _rc_svcj=jailing /usr/sbin/service ${name}  
${rc_arg} $rc_extra_args" \
 
exec.consolelog="/var/log/svcj_${name}_console.log" \
name=svcj-${name}  
&& _return=0

else
# normal start of  
_cmd via _run_rc_doit

---snip---

What set -x tells what it calls:
---snip---
+ /usr/sbin/jail -c 'path=/' mount.nodevfs 'host=inherit'  
'ip4=inherit' 'ip6=inherit' allow.reserved_ports  
'exec.start=/usr/bin/env -v _rc_svcj=jailing /usr/sbin/service -v  
syslogd start  ' 'exec.stop=/usr/bin/env _rc_svcj=jailing  
/usr/sbin/service syslogd start  '  
'exec.consolelog=/var/log/svcj_syslogd_console.log' 'name=svcj-syslogd'

---snip---

Bye,
Alexander.

--
http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.orgnetch...@freebsd.org  : PGP 0x8F31830F9F2772BF


pgpqKaeDPTVSH.pgp
Description: Digitale PGP-Signatur