Re: exec_poststart

Wed, 10 Feb 2016 06:39:02 -0800 

On 2016-02-09 14:41, Roger Marquis wrote:

James Gritton wrote:

You can reference jail parameters within other parameters, much like
you'd use shell variables.  In the global part of the definition, you
can set:
exec.poststart = "/path/to/script.sh ${host.hostname}"



This is perhaps a tangent but I'm wondering if this syntax could be 
clarified
so 'exec' isn't used to mean 'jexec'?  Would also simplify things if 
subsequent
j/exec's didn't require the use of '+=' instead of '='.  Ideally both 
should be

deprecated in favor of a sysrc-compatible ':'.



I'm not sure what you mean by exec meaning jexec - yes, jexec(8) is a 
program that runs things inside a jail, and the exec.* paramaters run 
programs (usually) inside the jail.  But it doesn't actually run jexec, 
and "exec" is the more natural word to describe something that is 
executed.  Besides, this is based on the old shell-based rc name that 
have always been "exec_*".



Speaking of the old ways, being sysrc-compatible wasn't really the goal. 
 When creating a config file, I found C-style and DOS-style were both 
pretty common; I went with C.  I'm not sure what you mean by ':' being 
sysrc-compatible though - I have no idea what part a colon has ever 
played in the old-style jail specification.  But '=' and '+=' are not 
going to be deprecated.  If you don't want the '=', you can always do 
without: other programs with C-style configs don't use '=' but just have 
names and values with whitespace between them, and you can do the same 
in jail.conf.



There's a good reason why it's '+=' instead of just '='.  You need to 
keep '=' available to totally replace a parameter, so you can specify a 
default value in the global section and allow some jails to substitute 
their own value.  Or, in some cases (e.g. ip addresses, exec) a 
parameter may have a list of values and you need a way to build that 
list.  The old *_0, *_1, etc worked for shell, but was always an 
inelegance tied to shell's limitations.



Would also be nice if non-0 exit codes didn't abort the entire sequence 
(without
hacking in a subshell;exit 0) and if the man page mentioned some of 
this.



It has always been this way, so changing it would cause more problems 
than they would solve.  And I don't think they would solve any anyway - 
it's always a good idea to pay attention to error returns, at least by 
default.  It is in fact explicitly mentioned in the jail(8) man page, in 
the heading paragraph above the various exec.* parameters, that the 
commands must return a zero exit status or the jail will not be created.



Regarding the man page, there's a URL under AUTHORS that doesn't lead 
where you
might expect...  Makes a good case for a policy forbidding 
non-freebsd.org URLs

in man pages.



That definitely doesn't go where I expected (though after your warning, 
I was thinking it might end up on a porn site).  I'll scrub the URL from 
the documentation.


- Jamie
_______________________________________________
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"






















					Reply via email to