src - FreeBSD source tree

diff options


context:
space:
mode:

author	Florent Thoumie <flz@FreeBSD.org>	2006-05-05 09:58:13 +0000
committer	Florent Thoumie <flz@FreeBSD.org>	2006-05-05 09:58:13 +0000
commit	96c54a017a746ebcf51ef294a2f54c13dd520da8 (patch)
tree	9baae23104fd6e48fb7ae14c635fb003a5585fb6
parent	b2de0ed23edf34d6bd3e0fd7d492e40221881472 (diff)

MFC:

- Add following global jail options, used if no jail-specific options are set: * jail_mount_enable * jail_devfs_ruleset * jail_devfs_enable * jail_fdescfs_enable * jail_procfs_enable * jail_fstab * jail_flags - Add a jail_interface / jail_<jid>_interface option. An ip alias will be created (jail_<jid>_ip) on jail_interface or jail_<jid>_interface if set. This is not a mandatory option. - Document all missing jail_* options in rc.conf(5). src/share/man/man5/rc.conf.5: rev 1.289 -> 1.290 src/etc/rc.d/jail: rev 1.26 -> 1.27 Approved by: re (scottl)

Notes

Notes: svn path=/releng/6.1/; revision=158306

Diffstat

-rw-r--r--

etc/rc.d/jail

-rw-r--r--

share/man/man5/rc.conf.5

183

2 files changed, 194 insertions, 15 deletions

diff --git a/etc/rc.d/jail b/etc/rc.d/jail
index b4b051fa71d1..0edf078dd3d9 100644
--- a/etc/rc.d/jail
+++ b/etc/rc.d/jail

@@ -33,9 +33,10 @@ init_variables()

jail_procdir="${jail_rootdir}/proc"

eval jail_hostname=\"\$jail_${_j}_hostname\"

eval jail_ip=\"\$jail_${_j}_ip\"

+ eval jail_interface=\"\${jail_${_j}_interface:-${jail_interface}}\"

eval jail_exec=\"\$jail_${_j}_exec\"

- eval jail_exec_start=\"\$jail_${_j}_exec_start\"

- eval jail_exec_stop=\"\$jail_${_j}_exec_stop\"

+ eval jail_exec_start=\"\${jail_${_j}_exec_start:-${jail_exec_start}}\"

+ eval jail_exec_stop=\"\${jail_${_j}_exec_stop:-${jail_exec_stop}}\"

if [ -n "${jail_exec}" ]; then

# simple/backward-compatible execution

jail_exec_start="${jail_exec}"

@@ -51,20 +52,20 @@ init_variables()

# The default jail ruleset will be used by rc.subr if none is specified.

- eval jail_ruleset=\"\$jail_${_j}_devfs_ruleset\"

- eval jail_devfs=\"\$jail_${_j}_devfs_enable\"

+ eval jail_ruleset=\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}}\"

+ eval jail_devfs=\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}\"

[ -z "${jail_devfs}" ] && jail_devfs="NO"

- eval jail_fdescfs=\"\$jail_${_j}_fdescfs_enable\"

+ eval jail_fdescfs=\"\${jail_${_j}_fdescfs_enable:-${jail_fdescfs_enable}}\"

[ -z "${jail_fdescfs}" ] && jail_fdescfs="NO"

- eval jail_procfs=\"\$jail_${_j}_procfs_enable\"

+ eval jail_procfs=\"\${jail_${_j}_procfs_enable:-${jail_procfs_enable}}\"

[ -z "${jail_procfs}" ] && jail_procfs="NO"

- eval jail_mount=\"\$jail_${_j}_mount_enable\"

+ eval jail_mount=\"\${jail_${_j}_mount_enable:-${jail_mount_enable}}\"

[ -z "${jail_mount}" ] && jail_mount="NO"

# "/etc/fstab.${_j}" will be used for {,u}mount(8) if none is specified.

- eval jail_fstab=\"\$jail_${_j}_fstab\"

+ eval jail_fstab=\"\${jail_${_j}_fstab:-${jail_fstab}}\"

[ -z "${jail_fstab}" ] && jail_fstab="/etc/fstab.${_j}"

- eval jail_flags=\"\$jail_${_j}_flags\"

+ eval jail_flags=\"\${jail_${_j}_flags:-${jail_flags}}\"

[ -z "${jail_flags}" ] && jail_flags="-l -U root"

# Debugging aid

@@ -75,6 +76,7 @@ init_variables()

debug "$_j mount enable: $jail_mount"

debug "$_j hostname: $jail_hostname"

debug "$_j ip: $jail_ip"

+ debug "$_j interface: $jail_interface"

debug "$_j root: $jail_rootdir"

debug "$_j devdir: $jail_devdir"

debug "$_j fdescdir: $jail_fdescdir"

@@ -162,6 +164,9 @@ jail_start()

echo -n " [${jail_hostname} already running (/var/run/jail_${_jail}.id exists)]"

continue;

+ if [ -n ${jail_interface} ]; then

+ ifconfig ${jail_interface} alias ${jail_ip} netmask 255.255.255.255

+ fi

if checkyesno jail_mount; then

info "Mounting fstab for jail ${_jail} (${jail_fstab})"

if [ ! -f "${jail_fstab}" ]; then

@@ -234,6 +239,9 @@ jail_stop()

jail_umount_fs

echo -n " $jail_hostname"

+ if [ -n ${jail_interface} ]; then

+ ifconfig ${jail_interface} -alias ${jail_ip}

+ fi

rm /var/run/jail_${_jail}.id

else

echo "cannot stop jail ${_jail}. No jail id in /var/run"

diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5
index 151824e17ab2..c05fbd129ede 100644
--- a/share/man/man5/rc.conf.5
+++ b/share/man/man5/rc.conf.5

@@ -24,7 +24,7 @@

.\"

.\" $FreeBSD$

.\"

-.Dd March 9, 2006

+.Dd May 5, 2006

.Dt RC.CONF 5

.Os

.Sh NAME

@@ -3024,13 +3024,184 @@ you would have the following dependent variables:

jail_vjail_hostname="jail.example.com"

jail_vjail_ip="192.168.1.100"

jail_vjail_rootdir="/var/jails/vjail/root"

-jail_vjail_exec="/bin/sh /etc/rc"

.Ed

.Pp

-The last one is optional.

-It defaults to

-.Pa /etc/rc

-if it is not set.

+.It Va jail_flags

+.Pq Vt str

+Unset by default.

+When set, use as default value for

+.Va jail_ Ns Ao Ar jid Ac Ns Va _flags

+for every jail in

+.Va jail_list .

+.It Va jail_interface

+.Pq Vt str

+Unset by default.

+When set, use as default value for

+.Va jail_ Ns Ao Ar jid Ac Ns Va _interface

+for every jail in

+.Va jail_list .

+.It Va jail_fstab

+.Pq Vt str

+Unset by default.

+When set, use as default value for

+.Va jail_ Ns Ao Ar jid Ac Ns Va _fstab

+for every jail in

+.Va jail_list .

+.It Va jail_mount_enable

+.Pq Vt bool

+Set to

+.Dq Li NO

+by default.

+When set to

+.Dq Li YES ,

+sets

+.Va jail_ Ns Ao Ar jid Ac Ns Va _mount_enable

+to YES by default for every jail in

+.Va jail_list .

+.It Va jail_devfs_ruleset

+.Pq Vt str

+Unset by default.

+When set, sets

+.Va jail_ Ns Ao Ar jid Ac Ns Va _devfs_ruleset

+to given value for every jail in

+.Va jail_list .

+.It Va jail_devfs_enable

+.Pq Vt bool

+Set to

+.Dq Li NO

+by default.

+When set to

+.Dq Li YES ,

+sets

+.Va jail_ Ns Ao Ar jid Ac Ns Va _devfs_enable

+to YES by default for every jail in

+.Va jail_list .

+.It Va jail_fdescfs_enable

+.Pq Vt bool

+Set to

+.Dq Li NO

+by default.

+When set to

+.Dq Li YES ,

+sets

+.Va jail_ Ns Ao Ar jid Ac Ns Va _fdescfs_enable

+to YES by default for every jail in

+.Va jail_list .

+.It Va jail_procfs_enable

+.Pq Vt bool

+Set to

+.Dq Li NO

+by default.

+When set to

+.Dq Li YES ,

+sets

+.Va jail_ Ns Ao Ar jid Ac Ns Va _fdescfs_enable

+to YES by default for every jail in

+.Va jail_list .

+.It Va jail_exec_start

+.Pq Vt str

+Unset by default.

+When set, use as default value for

+.Va jail_ Ns Ao Ar jid Ac Ns Va _exec_start

+for every jail in

+.Va jail_list .

+.It Va jail_exec_stop

+Unset by default.

+When set, use as default value for

+.Va jail_ Ns Ao Ar jid Ac Ns Va _exec_stop

+for every jail in

+.Va jail_list .

+.It Va jail_ Ns Ao Ar jid Ac Ns Va _rootdir

+.Pq Vt str

+Unset by default.

+Set to the root directory used by jail

+.Va jid .

+.It Va jail_ Ns Ao Ar jid Ac Ns Va _hostname

+.Pq Vt str

+Unset by default.

+Set to the fully qualified domain name (FQDN) assigned to jail

+.Va jid .

+.It Va jail_ Ns Ao Ar jid Ac Ns Va _ip

+.Pq Vt str

+Unset by default.

+Set to the IP address assigned to jail

+.Va jid .

+.It Va jail_ Ns Ao Ar jid Ac Ns Va _flags

+.Pq Vt str

+Set to

+.Dq Li -l -U root

+by default.

+These are flags to pass to

+.Xr jail .

+.It Va jail_ Ns Ao Ar jid Ac Ns Va _interface

+.Pq Vt str

+Unset by default.

+When set, sets the interface to use when setting IP address alias.

+Note that the alias is created at jail startup and removed at jail shutdown.

+.It Va jail_ Ns Ao Ar jid Ac Ns Va _fstab

+.Pq Vt str

+Set to

+.Pa /etc/fstab. Ns Ao Ar jid Ac

+by default.

+This is the file system information file to use for jail

+.Va jid .

+.It Va jail_ Ns Ao Ar jid Ac Ns Va _mount_enable

+.Pq Vt bool

+Set to

+.Dq Li NO

+by default.

+When set to

+.Dq Li YES ,

+mount all file systems from

+.Va jail_ Ns Ao Ar jid Ac Ns Va _fstab

+at jail startup.

+.It Va jail_ Ns Ao Ar jid Ac Ns Va _devfs_ruleset

+.Pq Vt str

+Unset by default.

+When set, defines the device file system ruleset file to use for jail

+.Va jid .

+.It Va jail_ Ns Ao Ar jid Ac Ns Va _devfs_enable

+.Pq Vt bool

+Set to

+.Dq Li NO

+by default.

+When set to

+.Dq Li YES ,

+mount the device file system inside jail

+.Ar jid

+at jail startup.

+.It Va jail_ Ns Ao Ar jid Ac Ns Va _fdescfs_enable

+.Pq Vt bool

+Set to

+.Dq Li NO

+by default.

+When set to

+.Dq Li YES ,

+mount the file-descriptor file system inside jail

+.Ar jid

+at jail startup.

+.It Va jail_ Ns Ao Ar jid Ac Ns Va _procfs_enable

+.Pq Vt bool

+Set to

+.Dq Li NO

+by default.

+When set to

+.Dq Li YES ,

+mount the process file system inside jail

+.Ar jid

+at jail startup.

+.It Va jail_ Ns Ao Ar jid Ac Ns Va _exec_start

+.Pq Vt str

+Set to

+.Dq Li /bin/sh /etc/rc

+by default.

+This is the command executed at jail startup.

+.It Va jail_ Ns Ao Ar jid Ac Ns Va _exec_stop

+.Pq Vt str

+Set to

+.Dq Li /bin/sh /etc/rc.shutdown

+by default.

+This is the command executed at jail shutdown.

.It Va jail_set_hostname_allow

.Pq Vt bool

If set to