On 07/07/2016 10:06, Miroslav Lachman wrote:
Grzegorz Junka wrote on 07/07/2016 11:42:
OK, I am just an user, not very familiar with the terminology. For me
(as a programmer) inheriting means overriding, so merging the more
specific to the less specific declarations.
Does it mean that the "inheriting" works in nested declarations but
doesn't take into account the default value? In other words, the default
is just default unless it re-defined in a jail declaration. If that's
the case then wouldn't be more clear to name the "outside" default
declaration as default, e.g. "default_devfs_ruleset"? Then it would be
more difficult to confuse the default with the one that can be
inherited.
I think it is simple in current form. (And I am not sys developer, I
was web application programmer before I became sysadmin)
I started with jails long time before jail2 with jail.conf. Current
jail.conf is soooo simpler in comparision with rc.conf style variables.
Naming each default variable with different name will be harder to
code, harder to write in jail.conf, harder to document in manpages.
Almost all programming languages works the same in this context -
later variable definition wins.
So you can easily define all variables needed to run jails and then
set just those specific to one jail - IPs and hostname:
## Typical static defaults:
## Use the rc scripts to start and stop jails. Mount jail's /dev.
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
exec.system_user = "root";
exec.jail_user = "root";
mount.devfs;
devfs_ruleset = 4;
enforce_statfs = 1;
#allow.set_hostname = false;
#allow.mount;
allow.set_hostname = 0;
allow.sysvipc = 0;
allow.raw_sockets = 0;
## Dynamic wildcard parameter:
path = "/vol1/jail/$name";
exec.consolelog = "/var/log/jail/$name.console";
mount.fstab = "/etc/fstab.$name";
## Jail myjail0
myjail0 {
host.hostname = "myjail0.example.conf";
ip4.addr = 10.20.30.40;
}
## Jail myjail1
myjail1 {
host.hostname = "myjail1.example.conf";
ip4.addr = 10.20.30.41;
}
devfs_ruleset is the same as the other variables - you can't (and I
hope nobody expect) to merge global default value of e.g.
exec.system_user or allow.sysvipc with variables defined in specific
jail context. Those variables can have only one value (bool, or
string, or number; not an array). It is the same for devfs_rules.
Can't have more than one numeric value, can't combine two together.
I think you will be familiar with this very soon.
Miroslav Lachman
OK, so my confusion steams from the fact that the devfs rules are
defined somewhere else and the jail.conf is simply taking into account
the rule number, not its content. In that context it indeed makes sense.
It could be simply a matter of adding a clarification that each jail can
have only one devfs ruleset assigned to it (which then would be
calculated according to the standard rules defined in jail.conf), for
example:
Descendant jails inherit the parent jail's devfs ruleset. Devfs rules
enforced in the jail are defined by the single calculated ruleset.
What do you think?
Grzegorz
_______________________________________________
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
