Permalink
Browse files

- Update rc.d/jail to use a jail(8) configuration file instead of

  command line options.  The "jail_<jname>_*" rc.conf(5) variables for
  per-jail configuration are automatically converted to
  /var/run/jail.<jname>.conf before the jail(8) utility is invoked.
  This is transparently backward compatible.

- Fix a minor bug in jail(8) which prevented it from returning false
  when jail -r failed.

Approved by:	re (glebius)
  • Loading branch information...
1 parent 028a23e commit f8b617128eef2b25bc94fbced03090dd490df5d0 @hrs-allbsd hrs-allbsd committed Oct 10, 2013
Showing with 452 additions and 981 deletions.
  1. +19 −0 UPDATING
  2. +1 −34 etc/defaults/rc.conf
  3. +299 −570 etc/rc.d/jail
  4. +0 −22 etc/rc.subr
  5. +127 −351 share/man/man5/rc.conf.5
  6. +6 −4 usr.sbin/jail/jail.c
View
@@ -31,6 +31,25 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 10.x IS SLOW:
disable the most expensive debugging functionality run
"ln -s 'abort:false,junk:false' /etc/malloc.conf".)
+20131010:
+ The rc.d/jail script has been updated to support jail(8)
+ configuration file. The "jail_<jname>_*" rc.conf(5) variables
+ for per-jail configuration are automatically converted to
+ /var/run/jail.<jname>.conf before the jail(8) utility is invoked.
+ This is transparently backward compatible. See below about some
+ incompatibilities and rc.conf(5) manual page for more details.
+
+ These variables are now deprecated in favor of jail(8) configuration
+ file. One can use "rc.d/jail config <jname>" command to generate
+ a jail(8) configuration file in /var/run/jail.<jname>.conf without
+ running the jail(8) utility. The default pathname of the
+ configuration file is /etc/jail.conf and can be specified by
+ using $jail_conf or $jail_<jname>_conf variables.
+
+ Please note that jail_devfs_ruleset accepts an integer at
+ this moment. Please consider to rewrite the ruleset name
+ with an integer.
+
20130930:
BIND has been removed from the base system. If all you need
is a local resolver, simply enable and start the local_unbound
View
@@ -674,44 +674,11 @@ mixer_enable="YES" # Run the sound mixer.
opensm_enable="NO" # Opensm(8) for infiniband devices defaults to off
##############################################################
-### Jail Configuration #######################################
+### Jail Configuration (see rc.conf(5) manual page) ##########
##############################################################
jail_enable="NO" # Set to NO to disable starting of any jails
jail_parallel_start="NO" # Start jails in the background
jail_list="" # Space separated list of names of jails
-jail_set_hostname_allow="YES" # Allow root user in a jail to change its hostname
-jail_socket_unixiproute_only="YES" # Route only TCP/IP within a jail
-jail_sysvipc_allow="NO" # Allow SystemV IPC use from within a jail
-
-#
-# To use rc's built-in jail infrastructure create entries for
-# each jail, specified in jail_list, with the following variables.
-# NOTES:
-# - replace 'example' with the jail's name.
-# - except rootdir, hostname, ip and the _multi<n> addresses,
-# all of the following variables may be made global jail variables
-# if you don't specify a jail name (ie. jail_interface, jail_devfs_ruleset).
-#
-#jail_example_rootdir="/usr/jail/default" # Jail's root directory
-#jail_example_hostname="default.domain.com" # Jail's hostname
-#jail_example_interface="" # Jail's interface variable to create IP aliases on
-#jail_example_fib="0" # Routing table for setfib(1)
-#jail_example_ip="192.0.2.10,2001:db8::17" # Jail's primary IPv4 and IPv6 address
-#jail_example_ip_multi0="2001:db8::10" # and another IPv6 address
-#jail_example_exec_start="/bin/sh /etc/rc" # command to execute in jail for starting
-#jail_example_exec_afterstart0="/bin/sh command" # command to execute after the one for
- # starting the jail. More than one can be
- # specified using a trailing number
-#jail_example_exec_stop="/bin/sh /etc/rc.shutdown" # command to execute in jail for stopping
-#jail_example_devfs_enable="NO" # mount devfs in the jail
-#jail_example_devfs_ruleset="ruleset_name" # devfs ruleset to apply to jail -
- # usually you want "devfsrules_jail".
-#jail_example_fdescfs_enable="NO" # mount fdescfs in the jail
-#jail_example_procfs_enable="NO" # mount procfs in jail
-#jail_example_mount_enable="NO" # mount/umount jail's fs
-#jail_example_fstab="" # fstab(5) for mount/umount
-#jail_example_flags="-l -U root" # flags for jail(8)
-#jail_example_parameters="allow.raw_sockets=1" # extra parameters for this jail
##############################################################
### Define source_rc_confs, the mechanism used by /etc/rc.* ##
Oops, something went wrong.

0 comments on commit f8b6171

Please sign in to comment.