- Add following global jail options, used if no jail-specific options are
set: * jail_mount_enable * jail_devfs_ruleset * jail_devfs_enable * jail_fdescfs_enable * jail_procfs_enable * jail_fstab * jail_flags - Add a jail_interface / jail_<jid>_interface option. An ip alias will be created (jail_<jid>_ip) on jail_interface or jail_<jid>_interface if set. This is not a mandatory option. - Document all missing jail_* options in rc.conf(5). Approved by: cperciva (mentor) MFC after: 2 weeks
This commit is contained in:
Florent Thoumie
parent
99d3c2c46c
commit
69beb663f5
@ -33,9 +33,10 @@ init_variables()
|
||||
jail_procdir="${jail_rootdir}/proc"
|
||||
eval jail_hostname=\"\$jail_${_j}_hostname\"
|
||||
eval jail_ip=\"\$jail_${_j}_ip\"
|
||||
eval jail_interface=\"\${jail_${_j}_interface:-${jail_interface}}\"
|
||||
eval jail_exec=\"\$jail_${_j}_exec\"
|
||||
eval jail_exec_start=\"\$jail_${_j}_exec_start\"
|
||||
eval jail_exec_stop=\"\$jail_${_j}_exec_stop\"
|
||||
eval jail_exec_start=\"\${jail_${_j}_exec_start:-${jail_exec_start}}\"
|
||||
eval jail_exec_stop=\"\${jail_${_j}_exec_stop:-${jail_exec_stop}}\"
|
||||
if [ -n "${jail_exec}" ]; then
|
||||
# simple/backward-compatible execution
|
||||
jail_exec_start="${jail_exec}"
|
||||
@ -51,20 +52,20 @@ init_variables()
|
||||
fi
|
||||
|
||||
# The default jail ruleset will be used by rc.subr if none is specified.
|
||||
eval jail_ruleset=\"\$jail_${_j}_devfs_ruleset\"
|
||||
eval jail_devfs=\"\$jail_${_j}_devfs_enable\"
|
||||
eval jail_ruleset=\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}}\"
|
||||
eval jail_devfs=\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}\"
|
||||
[ -z "${jail_devfs}" ] && jail_devfs="NO"
|
||||
eval jail_fdescfs=\"\$jail_${_j}_fdescfs_enable\"
|
||||
eval jail_fdescfs=\"\${jail_${_j}_fdescfs_enable:-${jail_fdescfs_enable}}\"
|
||||
[ -z "${jail_fdescfs}" ] && jail_fdescfs="NO"
|
||||
eval jail_procfs=\"\$jail_${_j}_procfs_enable\"
|
||||
eval jail_procfs=\"\${jail_${_j}_procfs_enable:-${jail_procfs_enable}}\"
|
||||
[ -z "${jail_procfs}" ] && jail_procfs="NO"
|
||||
|
||||
eval jail_mount=\"\$jail_${_j}_mount_enable\"
|
||||
eval jail_mount=\"\${jail_${_j}_mount_enable:-${jail_mount_enable}}\"
|
||||
[ -z "${jail_mount}" ] && jail_mount="NO"
|
||||
# "/etc/fstab.${_j}" will be used for {,u}mount(8) if none is specified.
|
||||
eval jail_fstab=\"\$jail_${_j}_fstab\"
|
||||
eval jail_fstab=\"\${jail_${_j}_fstab:-${jail_fstab}}\"
|
||||
[ -z "${jail_fstab}" ] && jail_fstab="/etc/fstab.${_j}"
|
||||
eval jail_flags=\"\$jail_${_j}_flags\"
|
||||
eval jail_flags=\"\${jail_${_j}_flags:-${jail_flags}}\"
|
||||
[ -z "${jail_flags}" ] && jail_flags="-l -U root"
|
||||
|
||||
# Debugging aid
|
||||
@ -75,6 +76,7 @@ init_variables()
|
||||
debug "$_j mount enable: $jail_mount"
|
||||
debug "$_j hostname: $jail_hostname"
|
||||
debug "$_j ip: $jail_ip"
|
||||
debug "$_j interface: $jail_interface"
|
||||
debug "$_j root: $jail_rootdir"
|
||||
debug "$_j devdir: $jail_devdir"
|
||||
debug "$_j fdescdir: $jail_fdescdir"
|
||||
@ -162,6 +164,9 @@ jail_start()
|
||||
echo -n " [${jail_hostname} already running (/var/run/jail_${_jail}.id exists)]"
|
||||
continue;
|
||||
fi
|
||||
if [ -n ${jail_interface} ]; then
|
||||
ifconfig ${jail_interface} alias ${jail_ip} netmask 255.255.255.255
|
||||
fi
|
||||
if checkyesno jail_mount; then
|
||||
info "Mounting fstab for jail ${_jail} (${jail_fstab})"
|
||||
if [ ! -f "${jail_fstab}" ]; then
|
||||
@ -234,6 +239,9 @@ jail_stop()
|
||||
jail_umount_fs
|
||||
echo -n " $jail_hostname"
|
||||
fi
|
||||
if [ -n ${jail_interface} ]; then
|
||||
ifconfig ${jail_interface} -alias ${jail_ip}
|
||||
fi
|
||||
rm /var/run/jail_${_jail}.id
|
||||
else
|
||||
echo "cannot stop jail ${_jail}. No jail id in /var/run"
|
||||
|
||||
@ -24,7 +24,7 @@
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd February 13, 2006
|
||||
.Dd April 8, 2006
|
||||
.Dt RC.CONF 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -2975,13 +2975,184 @@ you would have the following dependent variables:
|
||||
jail_vjail_hostname="jail.example.com"
|
||||
jail_vjail_ip="192.168.1.100"
|
||||
jail_vjail_rootdir="/var/jails/vjail/root"
|
||||
jail_vjail_exec="/bin/sh /etc/rc"
|
||||
.Ed
|
||||
.Pp
|
||||
The last one is optional.
|
||||
It defaults to
|
||||
.Pa /etc/rc
|
||||
if it is not set.
|
||||
.It Va jail_flags
|
||||
.Pq Vt str
|
||||
Unset by default.
|
||||
When set, use as default value for
|
||||
.Va jail_ Ns Ao Ar jid Ac Ns Va _flags
|
||||
for every jail in
|
||||
.Va jail_list .
|
||||
.It Va jail_interface
|
||||
.Pq Vt str
|
||||
Unset by default.
|
||||
When set, use as default value for
|
||||
.Va jail_ Ns Ao Ar jid Ac Ns Va _interface
|
||||
for every jail in
|
||||
.Va jail_list .
|
||||
.It Va jail_fstab
|
||||
.Pq Vt str
|
||||
Unset by default.
|
||||
When set, use as default value for
|
||||
.Va jail_ Ns Ao Ar jid Ac Ns Va _fstab
|
||||
for every jail in
|
||||
.Va jail_list .
|
||||
.It Va jail_mount_enable
|
||||
.Pq Vt bool
|
||||
Set to
|
||||
.Dq Li NO
|
||||
by default.
|
||||
When set to
|
||||
.Dq Li YES ,
|
||||
sets
|
||||
.Va jail_ Ns Ao Ar jid Ac Ns Va _mount_enable
|
||||
to YES by default for every jail in
|
||||
.Va jail_list .
|
||||
.It Va jail_devfs_ruleset
|
||||
.Pq Vt str
|
||||
Unset by default.
|
||||
When set, sets
|
||||
.Va jail_ Ns Ao Ar jid Ac Ns Va _devfs_ruleset
|
||||
to given value for every jail in
|
||||
.Va jail_list .
|
||||
.It Va jail_devfs_enable
|
||||
.Pq Vt bool
|
||||
Set to
|
||||
.Dq Li NO
|
||||
by default.
|
||||
When set to
|
||||
.Dq Li YES ,
|
||||
sets
|
||||
.Va jail_ Ns Ao Ar jid Ac Ns Va _devfs_enable
|
||||
to YES by default for every jail in
|
||||
.Va jail_list .
|
||||
.It Va jail_fdescfs_enable
|
||||
.Pq Vt bool
|
||||
Set to
|
||||
.Dq Li NO
|
||||
by default.
|
||||
When set to
|
||||
.Dq Li YES ,
|
||||
sets
|
||||
.Va jail_ Ns Ao Ar jid Ac Ns Va _fdescfs_enable
|
||||
to YES by default for every jail in
|
||||
.Va jail_list .
|
||||
.It Va jail_procfs_enable
|
||||
.Pq Vt bool
|
||||
Set to
|
||||
.Dq Li NO
|
||||
by default.
|
||||
When set to
|
||||
.Dq Li YES ,
|
||||
sets
|
||||
.Va jail_ Ns Ao Ar jid Ac Ns Va _fdescfs_enable
|
||||
to YES by default for every jail in
|
||||
.Va jail_list .
|
||||
.It Va jail_exec_start
|
||||
.Pq Vt str
|
||||
Unset by default.
|
||||
When set, use as default value for
|
||||
.Va jail_ Ns Ao Ar jid Ac Ns Va _exec_start
|
||||
for every jail in
|
||||
.Va jail_list .
|
||||
.It Va jail_exec_stop
|
||||
Unset by default.
|
||||
When set, use as default value for
|
||||
.Va jail_ Ns Ao Ar jid Ac Ns Va _exec_stop
|
||||
for every jail in
|
||||
.Va jail_list .
|
||||
.It Va jail_ Ns Ao Ar jid Ac Ns Va _rootdir
|
||||
.Pq Vt str
|
||||
Unset by default.
|
||||
Set to the root directory used by jail
|
||||
.Va jid .
|
||||
.It Va jail_ Ns Ao Ar jid Ac Ns Va _hostname
|
||||
.Pq Vt str
|
||||
Unset by default.
|
||||
Set to the fully qualified domain name (FQDN) assigned to jail
|
||||
.Va jid .
|
||||
.It Va jail_ Ns Ao Ar jid Ac Ns Va _ip
|
||||
.Pq Vt str
|
||||
Unset by default.
|
||||
Set to the IP address assigned to jail
|
||||
.Va jid .
|
||||
.It Va jail_ Ns Ao Ar jid Ac Ns Va _flags
|
||||
.Pq Vt str
|
||||
Set to
|
||||
.Dq Li -l -U root
|
||||
by default.
|
||||
These are flags to pass to
|
||||
.Xr jail .
|
||||
.It Va jail_ Ns Ao Ar jid Ac Ns Va _interface
|
||||
.Pq Vt str
|
||||
Unset by default.
|
||||
When set, sets the interface to use when setting IP address alias.
|
||||
Note that the alias is created at jail startup and removed at jail shutdown.
|
||||
.It Va jail_ Ns Ao Ar jid Ac Ns Va _fstab
|
||||
.Pq Vt str
|
||||
Set to
|
||||
.Pa /etc/fstab. Ns Ao Ar jid Ac
|
||||
by default.
|
||||
This is the file system information file to use for jail
|
||||
.Va jid .
|
||||
.It Va jail_ Ns Ao Ar jid Ac Ns Va _mount_enable
|
||||
.Pq Vt bool
|
||||
Set to
|
||||
.Dq Li NO
|
||||
by default.
|
||||
When set to
|
||||
.Dq Li YES ,
|
||||
mount all file systems from
|
||||
.Va jail_ Ns Ao Ar jid Ac Ns Va _fstab
|
||||
at jail startup.
|
||||
.It Va jail_ Ns Ao Ar jid Ac Ns Va _devfs_ruleset
|
||||
.Pq Vt str
|
||||
Unset by default.
|
||||
When set, defines the device file system ruleset file to use for jail
|
||||
.Va jid .
|
||||
.It Va jail_ Ns Ao Ar jid Ac Ns Va _devfs_enable
|
||||
.Pq Vt bool
|
||||
Set to
|
||||
.Dq Li NO
|
||||
by default.
|
||||
When set to
|
||||
.Dq Li YES ,
|
||||
mount the device file system inside jail
|
||||
.Ar jid
|
||||
at jail startup.
|
||||
.It Va jail_ Ns Ao Ar jid Ac Ns Va _fdescfs_enable
|
||||
.Pq Vt bool
|
||||
Set to
|
||||
.Dq Li NO
|
||||
by default.
|
||||
When set to
|
||||
.Dq Li YES ,
|
||||
mount the file-descriptor file system inside jail
|
||||
.Ar jid
|
||||
at jail startup.
|
||||
.It Va jail_ Ns Ao Ar jid Ac Ns Va _procfs_enable
|
||||
.Pq Vt bool
|
||||
Set to
|
||||
.Dq Li NO
|
||||
by default.
|
||||
When set to
|
||||
.Dq Li YES ,
|
||||
mount the process file system inside jail
|
||||
.Ar jid
|
||||
at jail startup.
|
||||
.It Va jail_ Ns Ao Ar jid Ac Ns Va _exec_start
|
||||
.Pq Vt str
|
||||
Set to
|
||||
.Dq Li /bin/sh /etc/rc
|
||||
by default.
|
||||
This is the command executed at jail startup.
|
||||
.It Va jail_ Ns Ao Ar jid Ac Ns Va _exec_stop
|
||||
.Pq Vt str
|
||||
Set to
|
||||
.Dq Li /bin/sh /etc/rc.shutdown
|
||||
by default.
|
||||
This is the command executed at jail shutdown.
|
||||
.It Va jail_set_hostname_allow
|
||||
.Pq Vt bool
|
||||
If set to
|
||||
|
||||
Loading…
Reference in New Issue
Block a user