- Change the "jail_" prefix for internal script variables. This fixes an

issue where some global jail_* variables were overriden in the script. [1]
- Change "jid" to "jname" in rc.conf(5), since it's more a jail name than a
jail id. [1]
- Update examples and comments in defaults/rc.conf to advertise new
variables and the fact that some of the jail-specific variables may be made
jail-global. [2]

Reported by:	pjd [1], clsung [2]
Approved by:	cperciva
X-MFC after:	i got sufficient testing from people using rc.d/jail

etc/defaults/rc.conf

@@ -555,11 +555,15 @@ jail_sysvipc_allow="NO"	# Allow SystemV IPC use from within a jail
 #
 # To use rc's built-in jail infrastructure create entries for
 # each jail, specified in jail_list, with the following variables.
-# NOTE: replace 'example' with the jail's name.
+# NOTES:
+# - replace 'example' with the jail's name.
+# - except rootdir, hostname and ip, all of the following variables may be made
+#   global jail variables if you don't specify a jail name (ie. jail_interface).
 #
 #jail_example_rootdir="/usr/jail/default"	# Jail's root directory
 #jail_example_hostname="default.domain.com"	# Jail's hostname
 #jail_example_ip="192.168.0.10"			# Jail's IP number
+#jail_example_interface=""			# Interface to create the IP alias on
 #jail_example_exec_start="/bin/sh /etc/rc"		# command to execute in jail for starting
 #jail_example_exec_stop="/bin/sh /etc/rc.shutdown"	# command to execute in jail for stopping
 #jail_example_devfs_enable="NO"			# mount devfs in the jail

etc/rc.d/jail

@@ -27,73 +27,73 @@ init_variables()
 		return
 	fi
 
-	eval jail_rootdir=\"\$jail_${_j}_rootdir\"
-	jail_devdir="${jail_rootdir}/dev"
-	jail_fdescdir="${jail_devdir}/fd"
-	jail_procdir="${jail_rootdir}/proc"
-	eval jail_hostname=\"\$jail_${_j}_hostname\"
-	eval jail_ip=\"\$jail_${_j}_ip\"
-	eval jail_interface=\"\${jail_${_j}_interface:-${jail_interface}}\"
-	eval jail_exec=\"\$jail_${_j}_exec\"
-	eval jail_exec_start=\"\${jail_${_j}_exec_start:-${jail_exec_start}}\"
-	eval jail_exec_stop=\"\${jail_${_j}_exec_stop:-${jail_exec_stop}}\"
-	if [ -n "${jail_exec}" ]; then
+	eval _rootdir=\"\$jail_${_j}_rootdir\"
+	_devdir="${_rootdir}/dev"
+	_fdescdir="${_devdir}/fd"
+	_procdir="${_rootdir}/proc"
+	eval _hostname=\"\$jail_${_j}_hostname\"
+	eval _ip=\"\$jail_${_j}_ip\"
+	eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\"
+	eval _exec=\"\$jail_${_j}_exec\"
+	eval _exec_start=\"\${jail_${_j}_exec_start:-${jail_exec_start}}\"
+	eval _exec_stop=\"\${jail_${_j}_exec_stop:-${jail_exec_stop}}\"
+	if [ -n "${_exec}" ]; then
 		#   simple/backward-compatible execution
-		jail_exec_start="${jail_exec}"
-		jail_exec_stop=""
+		_exec_start="${_exec}"
+		_exec_stop=""
 	else
 		#   flexible execution
-		if [ -z "${jail_exec_start}" ]; then
-			jail_exec_start="/bin/sh /etc/rc"
-			if [ -z "${jail_exec_stop}" ]; then
-				jail_exec_stop="/bin/sh /etc/rc.shutdown"
+		if [ -z "${_exec_start}" ]; then
+			_exec_start="/bin/sh /etc/rc"
+			if [ -z "${_exec_stop}" ]; then
+				_exec_stop="/bin/sh /etc/rc.shutdown"
 			fi
 		fi
 	fi
 
 	# The default jail ruleset will be used by rc.subr if none is specified.
-	eval jail_ruleset=\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}}\"
-	eval jail_devfs=\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}\"
-	[ -z "${jail_devfs}" ] && jail_devfs="NO"
-	eval jail_fdescfs=\"\${jail_${_j}_fdescfs_enable:-${jail_fdescfs_enable}}\"
-	[ -z "${jail_fdescfs}" ] && jail_fdescfs="NO"
-	eval jail_procfs=\"\${jail_${_j}_procfs_enable:-${jail_procfs_enable}}\"
-	[ -z "${jail_procfs}" ] && jail_procfs="NO"
+	eval _ruleset=\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}}\"
+	eval _devfs=\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}\"
+	[ -z "${_devfs}" ] && _devfs="NO"
+	eval _fdescfs=\"\${jail_${_j}_fdescfs_enable:-${jail_fdescfs_enable}}\"
+	[ -z "${_fdescfs}" ] && _fdescfs="NO"
+	eval _procfs=\"\${jail_${_j}_procfs_enable:-${jail_procfs_enable}}\"
+	[ -z "${_procfs}" ] && _procfs="NO"
 
-	eval jail_mount=\"\${jail_${_j}_mount_enable:-${jail_mount_enable}}\"
-	[ -z "${jail_mount}" ] && jail_mount="NO"
+	eval _mount=\"\${jail_${_j}_mount_enable:-${jail_mount_enable}}\"
+	[ -z "${_mount}" ] && _mount="NO"
 	# "/etc/fstab.${_j}" will be used for {,u}mount(8) if none is specified.
-	eval jail_fstab=\"\${jail_${_j}_fstab:-${jail_fstab}}\"
-	[ -z "${jail_fstab}" ] && jail_fstab="/etc/fstab.${_j}"
-	eval jail_flags=\"\${jail_${_j}_flags:-${jail_flags}}\"
-	[ -z "${jail_flags}" ] && jail_flags="-l -U root"
+	eval _fstab=\"\${jail_${_j}_fstab:-${jail_fstab}}\"
+	[ -z "${_fstab}" ] && _fstab="/etc/fstab.${_j}"
+	eval _flags=\"\${jail_${_j}_flags:-${jail_flags}}\"
+	[ -z "${_flags}" ] && _flags="-l -U root"
 
 	# Debugging aid
 	#
-	debug "$_j devfs enable: $jail_devfs"
-	debug "$_j fdescfs enable: $jail_fdescfs"
-	debug "$_j procfs enable: $jail_procfs"
-	debug "$_j mount enable: $jail_mount"
-	debug "$_j hostname: $jail_hostname"
-	debug "$_j ip: $jail_ip"
-	debug "$_j interface: $jail_interface"
-	debug "$_j root: $jail_rootdir"
-	debug "$_j devdir: $jail_devdir"
-	debug "$_j fdescdir: $jail_fdescdir"
-	debug "$_j procdir: $jail_procdir"
-	debug "$_j ruleset: $jail_ruleset"
-	debug "$_j fstab: $jail_fstab"
-	debug "$_j exec start: $jail_exec_start"
-	debug "$_j exec stop: $jail_exec_stop"
-	debug "$_j flags: $jail_flags"
+	debug "$_j devfs enable: $_devfs"
+	debug "$_j fdescfs enable: $_fdescfs"
+	debug "$_j procfs enable: $_procfs"
+	debug "$_j mount enable: $_mount"
+	debug "$_j hostname: $_hostname"
+	debug "$_j ip: $_ip"
+	debug "$_j interface: $_interface"
+	debug "$_j root: $_rootdir"
+	debug "$_j devdir: $_devdir"
+	debug "$_j fdescdir: $_fdescdir"
+	debug "$_j procdir: $_procdir"
+	debug "$_j ruleset: $_ruleset"
+	debug "$_j fstab: $_fstab"
+	debug "$_j exec start: $_exec_start"
+	debug "$_j exec stop: $_exec_stop"
+	debug "$_j flags: $_flags"
 
-	if [ -z "${jail_hostname}" ]; then
+	if [ -z "${_hostname}" ]; then
 		err 3 "$name: No hostname has been defined for ${_j}"
 	fi
-	if [ -z "${jail_rootdir}" ]; then
+	if [ -z "${_rootdir}" ]; then
 		err 3 "$name: No root directory has been defined for ${_j}"
 	fi
-	if [ -z "${jail_ip}" ]; then
+	if [ -z "${_ip}" ]; then
 		err 3 "$name: No IP address has been defined for ${_j}"
 	fi
 
@@ -133,24 +133,24 @@ set_sysctl()
 #
 jail_umount_fs()
 {
-	if checkyesno jail_fdescfs; then
-		if [ -d "${jail_fdescdir}" ] ; then
-			umount -f ${jail_fdescdir} >/dev/null 2>&1
+	if checkyesno _fdescfs; then
+		if [ -d "${_fdescdir}" ] ; then
+			umount -f ${_fdescdir} >/dev/null 2>&1
 		fi
 	fi
-	if checkyesno jail_devfs; then
-		if [ -d "${jail_devdir}" ] ; then
-			umount -f ${jail_devdir} >/dev/null 2>&1
+	if checkyesno _devfs; then
+		if [ -d "${_devdir}" ] ; then
+			umount -f ${_devdir} >/dev/null 2>&1
 		fi
 	fi
-	if checkyesno jail_procfs; then
-		if [ -d "${jail_procdir}" ] ; then
-			umount -f ${jail_procdir} >/dev/null 2>&1
+	if checkyesno _procfs; then
+		if [ -d "${_procdir}" ] ; then
+			umount -f ${_procdir} >/dev/null 2>&1
 		fi
 	fi
-	if checkyesno jail_mount; then
-		[ -f "${jail_fstab}" ] || warn "${jail_fstab} does not exist"
-		umount -a -F "${jail_fstab}" >/dev/null 2>&1
+	if checkyesno _mount; then
+		[ -f "${_fstab}" ] || warn "${_fstab} does not exist"
+		umount -a -F "${_fstab}" >/dev/null 2>&1
 	fi
 }
 
@@ -172,29 +172,29 @@ jail_start()
 	do
 		init_variables $_jail
 		if [ -f /var/run/jail_${_jail}.id ]; then
-			echo -n " [${jail_hostname} already running (/var/run/jail_${_jail}.id exists)]"
+			echo -n " [${_hostname} already running (/var/run/jail_${_jail}.id exists)]"
 			continue;
 		fi
-		if [ -n "${jail_interface}" ]; then
-			ifconfig ${jail_interface} alias ${jail_ip} netmask 255.255.255.255
+		if [ -n "${_interface}" ]; then
+			ifconfig ${_interface} alias ${_ip} netmask 255.255.255.255
 		fi
-		if checkyesno jail_mount; then
-			info "Mounting fstab for jail ${_jail} (${jail_fstab})"
-			if [ ! -f "${jail_fstab}" ]; then
-				err 3 "$name: ${jail_fstab} does not exist"
+		if checkyesno _mount; then
+			info "Mounting fstab for jail ${_jail} (${_fstab})"
+			if [ ! -f "${_fstab}" ]; then
+				err 3 "$name: ${_fstab} does not exist"
 			fi
-			mount -a -F "${jail_fstab}"
+			mount -a -F "${_fstab}"
 		fi
-		if checkyesno jail_devfs; then
+		if checkyesno _devfs; then
 			# If devfs is already mounted here, skip it.
-			df -t devfs "${jail_devdir}" >/dev/null
+			df -t devfs "${_devdir}" >/dev/null
 			if [ $? -ne 0 ]; then
-				info "Mounting devfs on ${jail_devdir}"
-				devfs_mount_jail "${jail_devdir}" ${jail_ruleset}
+				info "Mounting devfs on ${_devdir}"
+				devfs_mount_jail "${_devdir}" ${_ruleset}
 				# Transitional symlink for old binaries
-				if [ ! -L "${jail_devdir}/log" ]; then
+				if [ ! -L "${_devdir}/log" ]; then
 					__pwd="`pwd`"
-					cd "${jail_devdir}"
+					cd "${_devdir}"
 					ln -sf ../var/run/log log
 					cd "$__pwd"
 				fi
@@ -204,27 +204,27 @@ jail_start()
 			#	is a devfs(5) device of the same name.
 			# Jail console output
 			#	__pwd="`pwd`"
-			#	cd "${jail_devdir}"
+			#	cd "${_devdir}"
 			#	ln -sf ../var/log/console console
 			#	cd "$__pwd"
 		fi
-		if checkyesno jail_fdescfs; then
-			info "Mounting fdescfs on ${jail_fdescdir}"
-			mount -t fdescfs fdesc "${jail_fdescdir}"
+		if checkyesno _fdescfs; then
+			info "Mounting fdescfs on ${_fdescdir}"
+			mount -t fdescfs fdesc "${_fdescdir}"
 		fi
-		if checkyesno jail_procfs; then
-			info "Mounting procfs onto ${jail_procdir}"
-			if [ -d "${jail_procdir}" ] ; then
-				mount -t procfs proc "${jail_procdir}"
+		if checkyesno _procfs; then
+			info "Mounting procfs onto ${_procdir}"
+			if [ -d "${_procdir}" ] ; then
+				mount -t procfs proc "${_procdir}"
 			fi
 		fi
 		_tmp_jail=${_tmp_dir}/jail.$$
-		eval jail ${jail_flags} -i ${jail_rootdir} ${jail_hostname} \
-			${jail_ip} ${jail_exec_start} > ${_tmp_jail} 2>&1
+		eval jail ${_flags} -i ${_rootdir} ${_hostname} \
+			${_ip} ${_exec_start} > ${_tmp_jail} 2>&1
 			if [ "$?" -eq 0 ] ; then
-				echo -n " $jail_hostname"
+				echo -n " $_hostname"
 				_jail_id=$(head -1 ${_tmp_jail})
-				tail +2 ${_tmp_jail} >${jail_rootdir}/var/log/console.log
+				tail +2 ${_tmp_jail} >${_rootdir}/var/log/console.log
 				echo ${_jail_id} > /var/run/jail_${_jail}.id
 			else
 				jail_umount_fs
@@ -249,18 +249,18 @@ jail_stop()
 			_jail_id=$(cat /var/run/jail_${_jail}.id)
 			if [ ! -z "${_jail_id}" ]; then
 				init_variables $_jail
-				if [ -n "${jail_exec_stop}" ]; then
-					eval env -i /usr/sbin/jexec ${_jail_id} ${jail_exec_stop} \
-						>> ${jail_rootdir}/var/log/console.log 2>&1
+				if [ -n "${_exec_stop}" ]; then
+					eval env -i /usr/sbin/jexec ${_jail_id} ${_exec_stop} \
+						>> ${_rootdir}/var/log/console.log 2>&1
 				fi
 				killall -j ${_jail_id} -TERM > /dev/null 2>&1
 				sleep 1
 				killall -j ${_jail_id} -KILL > /dev/null 2>&1
 				jail_umount_fs
-				echo -n " $jail_hostname"
+				echo -n " $_hostname"
 			fi
-			if [ -n "${jail_interface}" ]; then
-				ifconfig ${jail_interface} -alias ${jail_ip}
+			if [ -n "${_interface}" ]; then
+				ifconfig ${_interface} -alias ${_ip}
 			fi
 			rm /var/run/jail_${_jail}.id
 		else

share/man/man5/rc.conf.5

@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd April 18, 2006
+.Dd May 11, 2006
 .Dt RC.CONF 5
 .Os
 .Sh NAME
@@ -3010,21 +3010,21 @@ jail_vjail_rootdir="/var/jails/vjail/root"
 .Pq Vt str
 Unset by default.
 When set, use as default value for
-.Va jail_ Ns Ao Ar jid Ac Ns Va _flags
+.Va jail_ Ns Ao Ar jname Ac Ns Va _flags
 for every jail in
 .Va jail_list .
 .It Va jail_interface
 .Pq Vt str
 Unset by default.
 When set, use as default value for
-.Va jail_ Ns Ao Ar jid Ac Ns Va _interface
+.Va jail_ Ns Ao Ar jname Ac Ns Va _interface
 for every jail in
 .Va jail_list .
 .It Va jail_fstab
 .Pq Vt str
 Unset by default.
 When set, use as default value for
-.Va jail_ Ns Ao Ar jid Ac Ns Va _fstab
+.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
 for every jail in
 .Va jail_list .
 .It Va jail_mount_enable
@@ -3035,14 +3035,14 @@ by default.
 When set to
 .Dq Li YES ,
 sets
-.Va jail_ Ns Ao Ar jid Ac Ns Va _mount_enable
+.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
 to YES by default for every jail in
 .Va jail_list .
 .It Va jail_devfs_ruleset
 .Pq Vt str
 Unset by default.
 When set, sets
-.Va jail_ Ns Ao Ar jid Ac Ns Va _devfs_ruleset
+.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset
 to given value for every jail in
 .Va jail_list .
 .It Va jail_devfs_enable
@@ -3053,7 +3053,7 @@ by default.
 When set to
 .Dq Li YES ,
 sets
-.Va jail_ Ns Ao Ar jid Ac Ns Va _devfs_enable
+.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
 to YES by default for every jail in
 .Va jail_list .
 .It Va jail_fdescfs_enable
@@ -3064,7 +3064,7 @@ by default.
 When set to
 .Dq Li YES ,
 sets
-.Va jail_ Ns Ao Ar jid Ac Ns Va _fdescfs_enable
+.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
 to YES by default for every jail in
 .Va jail_list .
 .It Va jail_procfs_enable
@@ -3075,57 +3075,57 @@ by default.
 When set to
 .Dq Li YES ,
 sets
-.Va jail_ Ns Ao Ar jid Ac Ns Va _fdescfs_enable
+.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
 to YES by default for every jail in
 .Va jail_list .
 .It Va jail_exec_start
 .Pq Vt str
 Unset by default.
 When set, use as default value for
-.Va jail_ Ns Ao Ar jid Ac Ns Va _exec_start
+.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
 for every jail in 
 .Va jail_list .
 .It Va jail_exec_stop
 Unset by default.
 When set, use as default value for
-.Va jail_ Ns Ao Ar jid Ac Ns Va _exec_stop
+.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
 for every jail in
 .Va jail_list .
-.It Va jail_ Ns Ao Ar jid Ac Ns Va _rootdir
+.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
 .Pq Vt str
 Unset by default.
 Set to the root directory used by jail
-.Va jid .
-.It Va jail_ Ns Ao Ar jid Ac Ns Va _hostname
+.Va jname .
+.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
 .Pq Vt str
 Unset by default.
 Set to the fully qualified domain name (FQDN) assigned to jail
-.Va jid .
-.It Va jail_ Ns Ao Ar jid Ac Ns Va _ip
+.Va jname .
+.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip
 .Pq Vt str
 Unset by default.
 Set to the IP address assigned to jail
-.Va jid .
-.It Va jail_ Ns Ao Ar jid Ac Ns Va _flags
+.Va jname .
+.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags
 .Pq Vt str
 Set to
 .Dq Li -l -U root
 by default.
 These are flags to pass to
 .Xr jail .
-.It Va jail_ Ns Ao Ar jid Ac Ns Va _interface
+.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface
 .Pq Vt str
 Unset by default.
 When set, sets the interface to use when setting IP address alias.
 Note that the alias is created at jail startup and removed at jail shutdown.
-.It Va jail_ Ns Ao Ar jid Ac Ns Va _fstab
+.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
 .Pq Vt str
 Set to
-.Pa /etc/fstab. Ns Ao Ar jid Ac
+.Pa /etc/fstab. Ns Ao Ar jname Ac
 by default.
 This is the file system information file to use for jail
-.Va jid .
-.It Va jail_ Ns Ao Ar jid Ac Ns Va _mount_enable
+.Va jname .
+.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
 .Pq Vt bool
 Set to
 .Dq Li NO
@@ -3133,14 +3133,14 @@ by default.
 When set to
 .Dq Li YES ,
 mount all file systems from
-.Va jail_ Ns Ao Ar jid Ac Ns Va _fstab
+.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
 at jail startup.
-.It Va jail_ Ns Ao Ar jid Ac Ns Va _devfs_ruleset
+.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset
 .Pq Vt str
 Unset by default.
 When set, defines the device file system ruleset file to use for jail
-.Va jid .
-.It Va jail_ Ns Ao Ar jid Ac Ns Va _devfs_enable
+.Va jname .
+.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
 .Pq Vt bool
 Set to
 .Dq Li NO
@@ -3148,9 +3148,9 @@ by default.
 When set to
 .Dq Li YES ,
 mount the device file system inside jail
-.Ar jid
+.Ar jname
 at jail startup.
-.It Va jail_ Ns Ao Ar jid Ac Ns Va _fdescfs_enable
+.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
 .Pq Vt bool
 Set to
 .Dq Li NO
@@ -3158,9 +3158,9 @@ by default.
 When set to
 .Dq Li YES ,
 mount the file-descriptor file system inside jail
-.Ar jid
+.Ar jname
 at jail startup.
-.It Va jail_ Ns Ao Ar jid Ac Ns Va _procfs_enable
+.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
 .Pq Vt bool
 Set to
 .Dq Li NO
@@ -3168,15 +3168,15 @@ by default.
 When set to
 .Dq Li YES ,
 mount the process file system inside jail
-.Ar jid
+.Ar jname
 at jail startup.
-.It Va jail_ Ns Ao Ar jid Ac Ns Va _exec_start
+.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
 .Pq Vt str
 Set to
 .Dq Li /bin/sh /etc/rc
 by default.
 This is the command executed at jail startup.
-.It Va jail_ Ns Ao Ar jid Ac Ns Va _exec_stop
+.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
 .Pq Vt str
 Set to
 .Dq Li /bin/sh /etc/rc.shutdown