Skip to content

Commit

Permalink
MFC:
Browse files Browse the repository at this point in the history 
  - Add following global jail options, used if no jail-specific options are
  set:
   * jail_mount_enable
   * jail_devfs_ruleset
   * jail_devfs_enable
   * jail_fdescfs_enable
   * jail_procfs_enable
   * jail_fstab
   * jail_flags
  - Add a jail_interface / jail_<jid>_interface option. An ip alias will be
  created (jail_<jid>_ip) on jail_interface or jail_<jid>_interface if set.
  This is not a mandatory option.
  - Document all missing jail_* options in rc.conf(5).

      src/share/man/man5/rc.conf.5: rev 1.289 -> 1.290
      src/etc/rc.d/jail: rev 1.26 -> 1.27

Approved by:	re (scottl)
  • Loading branch information
flz authored and flz committed May 5, 2006
1 parent c7acad6 commit 9354d04
Show file tree
Hide file tree
Showing 2 changed files with 194 additions and 15 deletions.
26 changes: 17 additions & 9 deletions etc/rc.d/jail
View file
Expand Up @@ -33,9 +33,10 @@ init_variables()
jail_procdir="${jail_rootdir}/proc"
eval jail_hostname=\"\$jail_${_j}_hostname\"
eval jail_ip=\"\$jail_${_j}_ip\"
eval jail_interface=\"\${jail_${_j}_interface:-${jail_interface}}\"
eval jail_exec=\"\$jail_${_j}_exec\"
eval jail_exec_start=\"\$jail_${_j}_exec_start\"
eval jail_exec_stop=\"\$jail_${_j}_exec_stop\"
eval jail_exec_start=\"\${jail_${_j}_exec_start:-${jail_exec_start}}\"
eval jail_exec_stop=\"\${jail_${_j}_exec_stop:-${jail_exec_stop}}\"
if [ -n "${jail_exec}" ]; then
# simple/backward-compatible execution
jail_exec_start="${jail_exec}"
Expand All @@ -51,20 +52,20 @@ init_variables()
fi

# The default jail ruleset will be used by rc.subr if none is specified.
eval jail_ruleset=\"\$jail_${_j}_devfs_ruleset\"
eval jail_devfs=\"\$jail_${_j}_devfs_enable\"
eval jail_ruleset=\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}}\"
eval jail_devfs=\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}\"
[ -z "${jail_devfs}" ] && jail_devfs="NO"
eval jail_fdescfs=\"\$jail_${_j}_fdescfs_enable\"
eval jail_fdescfs=\"\${jail_${_j}_fdescfs_enable:-${jail_fdescfs_enable}}\"
[ -z "${jail_fdescfs}" ] && jail_fdescfs="NO"
eval jail_procfs=\"\$jail_${_j}_procfs_enable\"
eval jail_procfs=\"\${jail_${_j}_procfs_enable:-${jail_procfs_enable}}\"
[ -z "${jail_procfs}" ] && jail_procfs="NO"

eval jail_mount=\"\$jail_${_j}_mount_enable\"
eval jail_mount=\"\${jail_${_j}_mount_enable:-${jail_mount_enable}}\"
[ -z "${jail_mount}" ] && jail_mount="NO"
# "/etc/fstab.${_j}" will be used for {,u}mount(8) if none is specified.
eval jail_fstab=\"\$jail_${_j}_fstab\"
eval jail_fstab=\"\${jail_${_j}_fstab:-${jail_fstab}}\"
[ -z "${jail_fstab}" ] && jail_fstab="/etc/fstab.${_j}"
eval jail_flags=\"\$jail_${_j}_flags\"
eval jail_flags=\"\${jail_${_j}_flags:-${jail_flags}}\"
[ -z "${jail_flags}" ] && jail_flags="-l -U root"

# Debugging aid
Expand All @@ -75,6 +76,7 @@ init_variables()
debug "$_j mount enable: $jail_mount"
debug "$_j hostname: $jail_hostname"
debug "$_j ip: $jail_ip"
debug "$_j interface: $jail_interface"
debug "$_j root: $jail_rootdir"
debug "$_j devdir: $jail_devdir"
debug "$_j fdescdir: $jail_fdescdir"
Expand Down Expand Up @@ -162,6 +164,9 @@ jail_start()
echo -n " [${jail_hostname} already running (/var/run/jail_${_jail}.id exists)]"
continue;
fi
if [ -n ${jail_interface} ]; then
ifconfig ${jail_interface} alias ${jail_ip} netmask 255.255.255.255
fi
if checkyesno jail_mount; then
info "Mounting fstab for jail ${_jail} (${jail_fstab})"
if [ ! -f "${jail_fstab}" ]; then
Expand Down Expand Up @@ -234,6 +239,9 @@ jail_stop()
jail_umount_fs
echo -n " $jail_hostname"
fi
if [ -n ${jail_interface} ]; then
ifconfig ${jail_interface} -alias ${jail_ip}
fi
rm /var/run/jail_${_jail}.id
else
echo "cannot stop jail ${_jail}. No jail id in /var/run"
Expand Down
183 changes: 177 additions & 6 deletions share/man/man5/rc.conf.5
View file
Expand Up @@ -24,7 +24,7 @@
.\"
.\" $FreeBSD$
.\"
.Dd March 9, 2006
.Dd May 5, 2006
.Dt RC.CONF 5
.Os
.Sh NAME
Expand Down Expand Up @@ -3024,13 +3024,184 @@ you would have the following dependent variables:
jail_vjail_hostname="jail.example.com"
jail_vjail_ip="192.168.1.100"
jail_vjail_rootdir="/var/jails/vjail/root"
jail_vjail_exec="/bin/sh /etc/rc"
.Ed
.Pp
The last one is optional.
It defaults to
.Pa /etc/rc
if it is not set.
.It Va jail_flags
.Pq Vt str
Unset by default.
When set, use as default value for
.Va jail_ Ns Ao Ar jid Ac Ns Va _flags
for every jail in
.Va jail_list .
.It Va jail_interface
.Pq Vt str
Unset by default.
When set, use as default value for
.Va jail_ Ns Ao Ar jid Ac Ns Va _interface
for every jail in
.Va jail_list .
.It Va jail_fstab
.Pq Vt str
Unset by default.
When set, use as default value for
.Va jail_ Ns Ao Ar jid Ac Ns Va _fstab
for every jail in
.Va jail_list .
.It Va jail_mount_enable
.Pq Vt bool
Set to
.Dq Li NO
by default.
When set to
.Dq Li YES ,
sets
.Va jail_ Ns Ao Ar jid Ac Ns Va _mount_enable
to YES by default for every jail in
.Va jail_list .
.It Va jail_devfs_ruleset
.Pq Vt str
Unset by default.
When set, sets
.Va jail_ Ns Ao Ar jid Ac Ns Va _devfs_ruleset
to given value for every jail in
.Va jail_list .
.It Va jail_devfs_enable
.Pq Vt bool
Set to
.Dq Li NO
by default.
When set to
.Dq Li YES ,
sets
.Va jail_ Ns Ao Ar jid Ac Ns Va _devfs_enable
to YES by default for every jail in
.Va jail_list .
.It Va jail_fdescfs_enable
.Pq Vt bool
Set to
.Dq Li NO
by default.
When set to
.Dq Li YES ,
sets
.Va jail_ Ns Ao Ar jid Ac Ns Va _fdescfs_enable
to YES by default for every jail in
.Va jail_list .
.It Va jail_procfs_enable
.Pq Vt bool
Set to
.Dq Li NO
by default.
When set to
.Dq Li YES ,
sets
.Va jail_ Ns Ao Ar jid Ac Ns Va _fdescfs_enable
to YES by default for every jail in
.Va jail_list .
.It Va jail_exec_start
.Pq Vt str
Unset by default.
When set, use as default value for
.Va jail_ Ns Ao Ar jid Ac Ns Va _exec_start
for every jail in
.Va jail_list .
.It Va jail_exec_stop
Unset by default.
When set, use as default value for
.Va jail_ Ns Ao Ar jid Ac Ns Va _exec_stop
for every jail in
.Va jail_list .
.It Va jail_ Ns Ao Ar jid Ac Ns Va _rootdir
.Pq Vt str
Unset by default.
Set to the root directory used by jail
.Va jid .
.It Va jail_ Ns Ao Ar jid Ac Ns Va _hostname
.Pq Vt str
Unset by default.
Set to the fully qualified domain name (FQDN) assigned to jail
.Va jid .
.It Va jail_ Ns Ao Ar jid Ac Ns Va _ip
.Pq Vt str
Unset by default.
Set to the IP address assigned to jail
.Va jid .
.It Va jail_ Ns Ao Ar jid Ac Ns Va _flags
.Pq Vt str
Set to
.Dq Li -l -U root
by default.
These are flags to pass to
.Xr jail .
.It Va jail_ Ns Ao Ar jid Ac Ns Va _interface
.Pq Vt str
Unset by default.
When set, sets the interface to use when setting IP address alias.
Note that the alias is created at jail startup and removed at jail shutdown.
.It Va jail_ Ns Ao Ar jid Ac Ns Va _fstab
.Pq Vt str
Set to
.Pa /etc/fstab. Ns Ao Ar jid Ac
by default.
This is the file system information file to use for jail
.Va jid .
.It Va jail_ Ns Ao Ar jid Ac Ns Va _mount_enable
.Pq Vt bool
Set to
.Dq Li NO
by default.
When set to
.Dq Li YES ,
mount all file systems from
.Va jail_ Ns Ao Ar jid Ac Ns Va _fstab
at jail startup.
.It Va jail_ Ns Ao Ar jid Ac Ns Va _devfs_ruleset
.Pq Vt str
Unset by default.
When set, defines the device file system ruleset file to use for jail
.Va jid .
.It Va jail_ Ns Ao Ar jid Ac Ns Va _devfs_enable
.Pq Vt bool
Set to
.Dq Li NO
by default.
When set to
.Dq Li YES ,
mount the device file system inside jail
.Ar jid
at jail startup.
.It Va jail_ Ns Ao Ar jid Ac Ns Va _fdescfs_enable
.Pq Vt bool
Set to
.Dq Li NO
by default.
When set to
.Dq Li YES ,
mount the file-descriptor file system inside jail
.Ar jid
at jail startup.
.It Va jail_ Ns Ao Ar jid Ac Ns Va _procfs_enable
.Pq Vt bool
Set to
.Dq Li NO
by default.
When set to
.Dq Li YES ,
mount the process file system inside jail
.Ar jid
at jail startup.
.It Va jail_ Ns Ao Ar jid Ac Ns Va _exec_start
.Pq Vt str
Set to
.Dq Li /bin/sh /etc/rc
by default.
This is the command executed at jail startup.
.It Va jail_ Ns Ao Ar jid Ac Ns Va _exec_stop
.Pq Vt str
Set to
.Dq Li /bin/sh /etc/rc.shutdown
by default.
This is the command executed at jail shutdown.
.It Va jail_set_hostname_allow
.Pq Vt bool
If set to
Expand Down

0 comments on commit 9354d04

Please sign in to comment.