Tuesday, August 26, 2025, 3:48:16 PM, you wrote:
> On 26.08.25 13:41, Anthony Pankov wrote:
>> Hello,
>>
>> I've developing some own jail management solution based on naming jail as a
>> number in hexadecimal form.
>> On a half way I encountered an error with digit only jail name (in my case -
>> 47777). Discussion via hackers@ reveal that despite the error itself kernel
>> part of a jail would treat numeric name as a JID and nothing can be done
>> with it.
>>
>> It's a very disappointing because jail(8) contain nothing about numeric
>> only case:
>>
>> name The jail name. This is an arbitrary string that identifies a
>> jail (except it may not contain a ďż˝.ďż˝).
>>
>> May be there is a way to solve the problem?
> If the jail name is a decimal number it's interpreted as the jail ID instead.
> In a jail.conf(5) jail block e.g. `23 { path = "/jails/foo"; }` the $name
> parameter remains unbound and can be assigned like this `23 { name = "foo";
> path = "/jails/$name"; }`. Yes this is confusing and should be better
> documented. This behavior if you prefix the hex numbers with the common "0x"
> prefix it will always be interpreted as a name. If you want a stable jail id
> for your jail manager I would recommend setting it in the jail.conf(5) and
> only picking jail ids above one million, because the range from 1 to one
> million is used for automatic jail id selection by the kernel. The dot
> character is not available for use in a jail name since it encodes the
> parent-child relation between jails similar to / in unix paths. You can work
> around this by escaping the dot character. A simple scheme would be to just
> replace dots with underscores, but then users must be trusted not to use
> "foo.bar" and "foo_bar" for different jails. A proper bijective escaping
> function is also possible, but it would result in uglier jail names when
> viewing the system state with base system tools like jls.
>>
>> for reference:
>> On 2025-08-09 04:01, Anthony Pankov wrote:
>>>> This is an artifact of how numeric names work. When you use a purely >>
>>>> numeric name, it's taken as both the jid and the name. jail(8) has >>
>>>> some logic up-front that will set one or the other variable based on >>
>>>> the name, but it omits the other.
>>>> I think to prevent ambiguity there must be a possibility or requirement >
>>>> to quote jail name to force interpretation as a string.
>>> Using "47777" instead of 47777 doesn't help for now.
>> That's fine for user space. But in the kernel, you still have a numeric
>> name, and that's only allowed if the name is the same as the jid. The work
>> to make the $jid and $name parameters available to jail(8) is good, but
>> that's separate from the kernel level.
> If you want to use numeric names you have to prefix/suffix them with
> something so that the name isn't interpreted as a decimal number.
Thank you very much. Your answer is very helpful for me.
--
Best regards,
Anthony Pankov
