Quoting Jamie Gritton <ja...@freebsd.org> (from Mon, 29 Jun 2009
11:30:49 -0600):
Alexander Leidinger wrote:
at http://www.leidinger.net/FreeBSD/current-patches/jail.diff I
have a patch to switch the jail rc script to the new jail
(8-current) syntax. This includes new config options for a jail
(see etc/defaults/rc.conf after patching). The patch also contains
my X-in-a-jail stuff (feel free to ignore this part, it's disabled
by default).
If you do not make any config change, you will be able to see all
mounted filesystems of the entire machine. To get back to the
previous behavior, you have to add a config option:
jail_XXX_startparams="enforce_statfs=2"
This config option can also take other jail parameters like
allow.sysvipc and other ones described in the jail man-page
(additional parameters need to be space separated).
Feedback welcome.
1) it break various things that will no longer work
As mentioned, it "breaks" the statfs part. If there's anything
else, be more specific please.
v6, noIP, ...
I didn't change the IP handling in the rc script. Does this mean
jail(8) works differently regarding the address parsing when called
with the new parameters instead of the old options?
I didn't test anything regarding ipv6, but as long as jail(8) doesn't
behave differently with the new calling syntax compared with what we
have in the tree, then the behavior is not differnt from what we have.
If it behaves differently, this can be fixed in the script.
There is a difference. Under the old options, IPv4 and IPv6
addresses are mixed
into the single fixed argument, and then are parsed to determine
which kind they
are - both by jail(8) and rc.d/jail. Under the new parameter-based
command line,
IPv4 addresses and IPv6 address go with ip4.addr and ip6.addr respectively.
But why are my jails (with only one ipv4 address) starting correctly then?
The rc.d/jail code that brings up addresses on an interface can be modified
to decide which argument the address goes with.
I've given Bjoern a patch based on yours that handles this as well
as the allow.*
systctls (though I missed the statfs part).
Do you mind making it available somewhere?
Bye,
Alexander.
--
BOFH excuse #265:
The mouse escaped
http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137
_______________________________________________
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"