numeric jail name in jail.conf
Hi, when using a numeric names for a jails something like:
10 {
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
}
20 {
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
}
the name (numeric) becomes the jail ID when, therefore when I type a jls
command i see the 10,and 20 as the jails ID's,
My question is, is this the proper way to explicitly set the id when
using jail.conf ?
For me, this as been working fine and I can match the jail ids to use
rctl on every reboot, but just want to be sure if this is the correct
way of doing it.
thanks in advance.
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: Handbook Jail Chapter rewrite available for critique
On Thu, 21 Mar 2013 11:21:29 -0400, Alejandro Imass wrote: > On Thu, Mar 21, 2013 at 3:35 AM, Ian Smith wrote: > > On Tue, 19 Mar 2013 17:53:30 +0100, Dirk Engling wrote: [.. also chopping mercilessly ..] > > > # Copyright 2010, Qjail project. All rights reserved. > > > > > > offensive. I am usually quite open with the license of my software, > > > beerware is as permissive as it gets. I just can not take some script > > > kiddie right out copying my code verbatim and selling it as his, not > > > even acknowledging me as the original author. > > > > > > Anyone here with suggestions how to properly react to this kind of > > "fork"? > > > > Yes. Publicity. Making sure the FreeBSD community gets to finds out. > > > > [...] > > > To that end I'm cross-posting this to -questions, where Mr Barbish has > > also posted about his proposed "rewrite" of Chapter 16 of the Handbook, > > which is nothing but a huge and poorly written manual for 'the qjail > > way', with its peculiar assumptions and unique "jailcell" terminology. > > "Fourth Generation", no less! > > > > +1 > > Thank you Ian for cross-posting here. > > The first thing I did when I got the new chapter for review was search > for the work EzJail and I was curious as to why EzJail is not > mentioned anywhere in this new proposal and why it isn't mentioned in > the current handbook either under in section "16.5.2 High-Level > Administrative Tools in the FreeBSD Ports Collection". If there is > __any__ tool that should be mentioned in the jails chapter it is > EzJail because it's really easy to use and does a damn good job. Actually, ezjail has been explicitly mentioned in '16.6 Application of Jails' http://www.freebsd.org/doc/handbook/jails-application.html since revision 30226 by danger, Mon May 28 20:02:46 2007 UTC, which section was just 6 weeks ago updated with a (preceding) similar port reference to qjail: http://svnweb.freebsd.org/doc?view=revision&revision=40900 [..] > NOW some things start to make sense to me, when I posted a problem > with EzJail here last year that very few people, if any, knew what I > was talking about. An how could they? if it's not mentioned anywhere > in the handbook or that jail man page(s). man pages aren't an appropriate place to recommend particular ports; there are others, and there will be more. The above are mentioned in the handbook page in the context of simpler alternatives to following the more detailed procedures presented to actually teach one how jail technology may be implemented, which - in my view - is the Good Stuff. There have been about 20 messages in freebsd-jail@ referring to ezjail this year so far before this thread, as in previous years; try browsing the archives from http://lists.freebsd.org/pipermail/freebsd-jail/ OTOH, I've seen no prior posts in jail@ about qjail before this thread. cheers, Ian ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: Handbook Jail Chapter rewrite available for critique
On Fri, Mar 22, 2013 at 9:03 AM, Ian Smith wrote: > On Thu, 21 Mar 2013 11:21:29 -0400, Alejandro Imass wrote: > > On Thu, Mar 21, 2013 at 3:35 AM, Ian Smith wrote: > > > On Tue, 19 Mar 2013 17:53:30 +0100, Dirk Engling wrote: > [...] >> mentioned anywhere in this new proposal and why it isn't mentioned in >> the current handbook either under in section "16.5.2 High-Level >> Administrative Tools in the FreeBSD Ports Collection". If there is >> __any__ tool that should be mentioned in the jails chapter it is [..] > Actually, ezjail has been explicitly mentioned in '16.6 Application of > Jails' http://www.freebsd.org/doc/handbook/jails-application.html since > revision 30226 by danger, Mon May 28 20:02:46 2007 UTC, which section > was just 6 weeks ago updated with a (preceding) similar port reference > to qjail: http://svnweb.freebsd.org/doc?view=revision&revision=40900 > Never seen it before. First time I read about service jails it wasn't there. Further to my point doesn't it make more sense to mention them under "16.5.2 High-Level Administrative Tools in the FreeBSD Ports Collection" or in both places? [...] > > There have been about 20 messages in freebsd-jail@ referring to ezjail > this year so far before this thread, as in previous years; try browsing > the archives from http://lists.freebsd.org/pipermail/freebsd-jail/ > I posted on the wrong list then ;-) Subscribing today, thanks! -- Alejandro Imass ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: how to measure bandwidth per jail
Jnettop has the ability to:
Measure bandwidth/packets in partecular intergace.
Simply use:
0,1..9 to switch between interfaces.
p to switch between packets/bandwidth
b to measure in bytes/bits
You better define your local ips in the .jnettop file, once that done your
measurs would be more accurate specially when you aggregate traffic (in
local/remote) by ip/protocol...
Additional option is content filter mainly in web traffic.
You can also add custom ips to measure using .jnettoo file.
Sami
On Mar 22, 2013 1:05 PM, "Nicolas de Bari Embriz Garcia Rojas" <
nb...@inbox.im> wrote:
> Hi, I tried jnettop but is something like 'trafshow', I am searching
> something like vnstat, that could help me measure the rx/tx & total
> consumed bandwidth.
>
> any ideas?
>
>
>
> On 03/21/2013 18:48, Sami Halabi wrote:
>
> Hi
> Try jnettop from ports... exactly what your looking at.
>
> However its old, so the counters are 32 bit rather than 64 which means its
> pretty effective on 100mbit links
> plus its cpu consumer by design
> Sami
> On Mar 21, 2013 8:27 PM, "Nicolas de Bari Embriz Garcia Rojas" <
> nb...@inbox.im> wrote:
>
>> Hi, one strange behavior I notice (freeBSD 9.1) is that I don't see the
>> Obytes per IP only for the bce0 interface, but I do for the cloned
>> interface lo1:
>>
>> here is a link with the output of netstat -ib
>> http://pastebin.com/arrRsM78
>>
>> any ideas ?
>>
>> regards.
>>
>> On 03/21/2013 18:12, Scott Lambert wrote:
>> > On Thu, Mar 21, 2013 at 01:26:13AM +, Nicolas de Bari Embriz
>> Garcia Rojas wrote:
>> >> Hi, any tool, idea or method for measuring the bandwidth consumed per
>> >> jail ? (or by IP)
>> >>
>> >> What about using pflow ( pseudo-device pflow) any advice ?
>> > I found a thread about this topic yesterday via Google. It was on
>> > the freebsd-...@frebbsd.org mailing list sometime in 2005 if I
>> > remember correctly.
>> >
>> > They came up with a few options
>> >
>> > netflow,
>> >
>> > counting rules in IPFW/pf/ipf
>> >
>> > netstat -rni ( which gets you packet counts,
>> > -rnbi gives you in-bytes and out-bytes)
>> >
>> > bandwidthd (in ports I believe)
>> >
>> > I suppose ntop could do similar things.
>> >
>> > My favorite option was netstat -rnbi | awk '{print $8,$11}' and
>> > feeding that to MRTG. I have not gotten it implemented yet.
>> >
>> > One consideration is that on FreeBSD 8 and older, you don't get out
>> > traffic per IP address with netstat, as far as I can tell. We're
>> > moving to FreeBSD 9 pretty quickly anyway.
>> >
>>
>> ___
>> freebsd-jail@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
>> To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
>>
>
>
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: Handbook Jail Chapter rewrite available for critique
Ian Smith wrote: On Tue, 19 Mar 2013 17:53:30 +0100, Dirk Engling wrote: > On 18.03.13 20:16, s...@tormail.org wrote: > > > to configure things themselves. In my experience, ezjail is a much better > > solution. I also see that you are the maintainer/author of qjail and like > > to shovel your opinion as the only solution, both in this "rewrite" and > > all over the FreeBSD forums. > > Taking a look at the qjail code I can not help to notice several odd > similarities with the ezjail-admin script, down to the very basic bail > out routines. I would not go so far to claim it was just a global > search/replace job but to me the code looks familiar enough to find the > > # Copyright 2010, Qjail project. All rights reserved. > > offensive. I am usually quite open with the license of my software, > beerware is as permissive as it gets. I just can not take some script > kiddie right out copying my code verbatim and selling it as his, not > even acknowledging me as the original author. > > Anyone here with suggestions how to properly react to this kind of "fork"? Yes. Publicity. Making sure the FreeBSD community gets to finds out. You may be polite and un-selfserving enough to not go so far Dirk, but I will. Huge swathes of qjail are direct copies of your code, in most cases only with the names of the variables changed from ezjail_* to qjail_*. I found it cute renaming 'flavour' to the American spelling. Anyone looking at bin/qjail from qjail-2.1.tbz alongside the latest ezjail-admin (mine downloaded from your cvsweb) cannot fail to notice within the first couple of screens. Sure there are changes, additions and deletions, but to fail to acknowledge the original authorship of this code, and the implication that Joe Barbish (aka 'Qjail project') is its original author is entirely outrageous; not ethical, even if legal. To that end I'm cross-posting this to -questions, where Mr Barbish has also posted about his proposed "rewrite" of Chapter 16 of the Handbook, which is nothing but a huge and poorly written manual for 'the qjail way', with its peculiar assumptions and unique "jailcell" terminology. "Fourth Generation", no less! The idea that the "doc gang" would entertain the idea of removing all of the worthy content of the present Chapter 16 - even if it does need some updating - and replace it with this effort is laughable, yet stranger things have happened if there's any disconnect between developers and documenters .. witness the Handbook firewalls section, by Joe Barbish. cheers, Ian Boy this simple critique request sure has gotten out of hand. So lets set the record straight. On the subject ezjail not being referenced in the document like it is in the current version of the online handbook is just a writing content error. The document being critiqued is the first public draft. Pointing out over sights like not included ezjail in that section is the type of constructive feedback that is desired. Any inference it was done on purpose is just crazy. When it comes to the question of the handbook jail chapter needing updating, A member of the document team has already offered to partner up with me to get it added to the handbook as fast as possible. To me that means the document team is already aware the current handbook jail chapter is outdated and has just been waiting for someone to write a update which is just what I did. If you people have a beef with that, take it up with the document team not me. If any of you think you can do a better job then NOW is the time to step up or shut up. On the subject of qjail being a fork of ezjail, of course it is. Qjail was developed by the qjail project team who are a group of FreeBSD users who live around Angeles City, Philippines. Of the seven members 2 are foreigners living in the area, one American and one British. Our British member concluded that the author of ezjail must be British based solely on the spelling of the flavour directory. He also convinced us that his Beerware license was British humor, a joke, and should not be taken serous. In our review of other jail ports we did not see this Beerware license again or for that matter, see it in any of the 5000+ ports we looked at or use. So the group coincided to the British members view point as sound advice. If you inspect the qjail source, you should recognize the comments at the beginning as a copy of what is included in every FreeBSD config file. It was inserted in the front like they have. We though that was how you make software opensource which was the intention. There are no formal copyright documents; it's just a extrapolation from the FreeBSD comments. Maybe our local view of worldly subjects like this is not correct, so please forgive us and help use learn what the accepted viewpoint should be. I was chosen the project leader and public voice only because my English was the best among us. If the Freebsd c
[no subject]
On Fri, Mar 22, 2013 at 6:12 PM, Fbsd8 wrote: > Boy this simple critique request sure has gotten out of hand. So lets set the record straight. You got exactly what you asked for. > On the subject ezjail not being referenced in the document like it is in the current version of the online handbook is just a writing content error. With all the spam you've put on the forums and mailing list(s) about qjail, I wonder how true it is that you just "whoops, forgot to mention ezjail" in your propaganda rewrite. > When it comes to the question of the handbook jail chapter needing > updating, A member of the document team has already offered to partner up > with me to get it added to the handbook as fast as possible. The documentation team will never accept such poorly-written stuff that's laced with "use qjail use qjail use qjail - it's the only way!" I'll believe it when I see it. > On the subject of qjail being a fork of ezjail, of course it is. Forks don't completely overwrite the copyright of a project and claim it as their own, while just changing variable names and renaming the tool something else. This is not a fork, it's a complete rip-off that gives no credit to the original author (who did MUCH more of the work). > Qjail was developed by the qjail project team No it wasn't. It was developed by the ezjail author, and you just made small changes and called it your own. >Our British member concluded that the author of ezjail must be British based solely on the spelling of the flavour directory. He also convinced us that his Beerware license was British humor, a joke, and should not be taken serous. I think the GPL is a joke, but people still take it seriously. You can't just decide a license should be completely ignored. >I was chosen the project leader and public voice only because my English was the best among us. It gives me a headache trying to read some of the stuff you write. You've got an American guy and a British guy and neither of their native English is better than yours? ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re:
Guys, please don't take me bad, but better stop this "@%!" and use your
talent to help me found a way to properly measure bandwidth per jails in
a long period.
I am using sysutils/jail2 port to start/stop jails, My working
configuration so far is this:
I use the jid so that later I can use in /etc/rctl.conf with something like:
jail:30:maxproc:deny=100
jail:30:memoryuse:deny=512M
jail:30:swapuse:deny=1G
my jail.conf looks like
8<--
* {
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
allow.raw_sockets;
securelevel = 3;
}
www {
jid = 10;
name = www;
host.hostname = $name.localbox.org;
ip4.addr = 174.143.193.60;
path = /jails/www;
mount.fstab="/etc/fstab.$name";
}
vpn {
jid = 20;
name = vpn;
host.hostname = $name.localbox.org;
ip4.addr = 174.143.193.57, 10.216.28.77;
path = /jails/vpn;
mount.fstab="/etc/fstab.$name";
}
guest {
jid = 30;
name = guest;
host.hostname = $name.localbox.org;
ip4.addr = 174.143.193.61;
path = /jails/guest;
mount.fstab="/etc/fstab.$name";
}
8<--
On 03/22/2013 22:32, s...@tormail.org wrote:
> On Fri, Mar 22, 2013 at 6:12 PM, Fbsd8 wrote:
>> Boy this simple critique request sure has gotten out of hand. So lets
> set the record straight.
>
> You got exactly what you asked for.
>
>> On the subject ezjail not being referenced in the document like it is in
> the current version of the online handbook is just a writing content
> error.
>
> With all the spam you've put on the forums and mailing list(s) about
> qjail, I wonder how true it is that you just "whoops, forgot to mention
> ezjail" in your propaganda rewrite.
>
>> When it comes to the question of the handbook jail chapter needing
>> updating, A member of the document team has already offered to partner up
>> with me to get it added to the handbook as fast as possible.
> The documentation team will never accept such poorly-written stuff that's
> laced with "use qjail use qjail use qjail - it's the only way!" I'll
> believe it when I see it.
>
>> On the subject of qjail being a fork of ezjail, of course it is.
> Forks don't completely overwrite the copyright of a project and claim it
> as their own, while just changing variable names and renaming the tool
> something else. This is not a fork, it's a complete rip-off that gives no
> credit to the original author (who did MUCH more of the work).
>
>> Qjail was developed by the qjail project team
> No it wasn't. It was developed by the ezjail author, and you just made
> small changes and called it your own.
>
>> Our British member concluded that the author of ezjail must be British
> based solely on the spelling of the flavour directory. He also convinced
> us that his Beerware license was British humor, a joke, and should not be
> taken serous.
>
> I think the GPL is a joke, but people still take it seriously. You can't
> just decide a license should be completely ignored.
>
>> I was chosen the project leader and public voice only because my English
> was the best among us.
>
> It gives me a headache trying to read some of the stuff you write. You've
> got an American guy and a British guy and neither of their native English
> is better than yours?
>
> ___
> freebsd-jail@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: Handbook Jail Chapter rewrite available for critique
s...@tormail.org wrote: On Fri, Mar 22, 2013 at 6:12 PM, Fbsd8 wrote: Boy this simple critique request sure has gotten out of hand. So lets set the record straight. You got exactly what you asked for. On the subject ezjail not being referenced in the document like it is in the current version of the online handbook is just a writing content error. With all the spam you've put on the forums and mailing list(s) about qjail, I wonder how true it is that you just "whoops, forgot to mention ezjail" in your propaganda rewrite. When it comes to the question of the handbook jail chapter needing updating, A member of the document team has already offered to partner up with me to get it added to the handbook as fast as possible. The documentation team will never accept such poorly-written stuff that's laced with "use qjail use qjail use qjail - it's the only way!" I'll believe it when I see it. On the subject of qjail being a fork of ezjail, of course it is. Forks don't completely overwrite the copyright of a project and claim it as their own, while just changing variable names and renaming the tool something else. This is not a fork, it's a complete rip-off that gives no credit to the original author (who did MUCH more of the work). Qjail was developed by the qjail project team No it wasn't. It was developed by the ezjail author, and you just made small changes and called it your own. Our British member concluded that the author of ezjail must be British based solely on the spelling of the flavour directory. He also convinced us that his Beerware license was British humor, a joke, and should not be taken serous. I think the GPL is a joke, but people still take it seriously. You can't just decide a license should be completely ignored. I was chosen the project leader and public voice only because my English was the best among us. It gives me a headache trying to read some of the stuff you write. You've got an American guy and a British guy and neither of their native English is better than yours? Sib your unfounded ranting and raving only demonstrates you are off your medication for your anti social behavior mental condition. Sending the above post to the list after removing the subject line to hide from your fellow list subscribers only confirms your mental condition. I have re-applied the correct subject line so the list readers can see how sick you really are. Your post is un-professional and borders on slander. In some circles it would label you as a flame war inciter and get you banned from the list. Best you read what you write before posting it so you can reconsider the tone of what you have written. Please present a more professional manner in your list post content. Thank you in advance for your attention to this matter in future posts to this list and any other Freebsd lists you may belong to. If you are unable to control your anti social impulses I suggest you seek medical treatment immediately before you do bodily harm to your self or to someone who loves you. I am only expressing my concern for you physical and mental health well being. If you contuine to pursue this nonsense your actions will force me to contact the list administrator to have you banned. This is your only warning. ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: numeric jail name in jail.conf
On 03/22/13 05:25, Nicolas de Bari Embriz Garcia Rojas wrote:
Hi, when using a numeric names for a jails something like:
10 {
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
}
20 {
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
}
the name (numeric) becomes the jail ID when, therefore when I type a jls
command i see the 10,and 20 as the jails ID's,
My question is, is this the proper way to explicitly set the id when
using jail.conf ?
For me, this as been working fine and I can match the jail ids to use
rctl on every reboot, but just want to be sure if this is the correct
way of doing it.
thanks in advance.
That's a fine and proper way to do it. You can also set it in the body
of the jail definition with e.g. "jid = 10". For that matter, these two
definitions are nearly equivalent:
10 {
name = "foo";
...
}
foo {
jid = 10;
...
}
I say "nearly" because while they'll create the same jail, you would use
10 or foo respectively on the command line if you were operating on one
of them. For example, if you wanted to start only one jail in a conf
file, "jail -c foo" would work only for the second definition.
- Jamie
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
