Added a clarification about jail configuration #336
Conversation
oliverepper
commented
Feb 7, 2024
oliverepper
commented
- Files in /etc/jail.conf.d must have a .conf extension in order for the tools to pick them up.
- Autostart of jails requires the /etc/jail.conf file.
| The files you put in the [.filename]#/etc/jail.conf.d/# directory must have `.conf` as their extension. | ||
|
|
||
| If you enabled jails in [.filename]#/etc/rc.conf# you should put the following into [.filename]#/etc/jail.conf#: |
There was a problem hiding this comment.
While it's not forbidden to use 'you', it might be better to use it less in this context.
See https://docs.freebsd.org/en/books/fdp-primer/book/#writing-style-be-clear
There was a problem hiding this comment.
Thanks a lot for the hint. I wasn't aware of that document. Cool. I will fix the text.
| The files in [.filename]#/etc/jail.conf.d/# must have `.conf` as their extension and have to be included in [.filename]#/etc/jail.conf#: | ||
|
|
||
| [.programmlisting] | ||
| .... | ||
| .include "/etc/jail.conf.d/*.conf"; | ||
| .... |
There was a problem hiding this comment.
I believe this phrase is outdated, especially considering FreeBSD versions 13 and 14.
See https://github.com/freebsd/freebsd-src/blob/main/libexec/rc/rc.d/jail#L122-L130
Perhaps consider changing it to something like this:
The files in [.filename]#/etc/jail.conf.d/# must be named as `jailname.conf`.
There is no need to use that include anymore.
There was a problem hiding this comment.
Not sure if I really understand you right. I double tested both, now. The files in jail.conf.d do have to have the extension (see screenshot) and if there is no /etc/jail.conf or just an empty one (without the .include statement) then jails configured in jail.conf.d will not autostart. (second screenshot). If I touch /etc/jail.conf the jail will not be started. So I do still believe that the extension and the include is needed. Just tested everything again to double check.
There was a problem hiding this comment.
The important part of the config file is the jailname part, not only the .conf extension.
and I meant to say, "I believe this block is outdated".
With only /etc/jail.conf.d/jailname.conf you already can start the jail.
service jail start jailname
If you want this jail to start on the startup, add this to the rc.conf as well:
...
jail_list="jailname"
ps. probably there are more parts to be fixed in the handbook/jail section, we need to follow and check all the instructions. =/
There was a problem hiding this comment.
I see. I'd personally prefer the include because it appears to be more flexibel and less typing. I'd still like to update the handbook, because the way it is now jails simply don't start. Neither at system start, nor via service jail start. Shall I make it clear that there are two variants for the autostart? Or is the .include variant officially deprecated? I would ignore that, then.
There was a problem hiding this comment.
It's not deprecated, it's even on the man page jail.conf(5).
Let's proceed your way because you are following the current specs on man page and handbook, I'm mixing up old and new stuff =/.
Note IMHO it's way simpler to comment/uncomment a line like this in the rc.conf
jail_list="${jail_list} jailname"
when you want to move a jail from one host to another.
But it would be better to improve the man page and the handbook together.
Thanks for the chatting here.
There was a problem hiding this comment.
Thanks for your time reviewing this. Very much appreciated.
Reviewed by: Pau Amma <pauamma@gundo.com> (earlier version), dbaio Pull Request: #336
|
Committed on df4729f |
