From owner-freebsd-questions@freebsd.org  Thu Oct 29 12:17:18 2015
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 42AF6A20EB8
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Thu, 29 Oct 2015 12:17:18 +0000 (UTC)
 (envelope-from kraduk@gmail.com)
Received: from mail-wi0-x229.google.com (mail-wi0-x229.google.com
 [IPv6:2a00:1450:400c:c05::229])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id D62B6127B;
 Thu, 29 Oct 2015 12:17:17 +0000 (UTC)
 (envelope-from kraduk@gmail.com)
Received: by wicfx6 with SMTP id fx6so225798873wic.1;
 Thu, 29 Oct 2015 05:17:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=oXsM5w/+dEfhzixGeOfSacAJLCAshexmu8ALVMV+k7E=;
 b=qt/IJNGCjD6+quopG0JiQvKNG0iObicGwxceGrb8iQCB4TvJ59F/i7meJV5/21lY+C
 2AY7VCQaBgNG7NMs+P4RJ9ICNLd/kgv7J0SGo5EcRIGC2w6dWL5RU+GvuJtCGuN5z4oO
 ugN5Ab+Zo5ofjvLK3NVw+Wsu6/OR+p9sQAAoewZE808nkzM63HaAYpQRXUn4C7XXbil0
 bHD8XC88p+6NK7zuZET+IJguQjy3fqRiLmZ2C6oKvSwAgMgwoMVLKVrbWPUgh7pjBOmj
 MQKvMwdJq5on8dZvbtBgYIh6YmkAJMRMfxSjqmF4pfMHLzlLodjQkUEe2qM/GQXjqy8y
 FJ4g==
MIME-Version: 1.0
X-Received: by 10.194.82.166 with SMTP id j6mr1959604wjy.63.1446121036328;
 Thu, 29 Oct 2015 05:17:16 -0700 (PDT)
Received: by 10.28.181.193 with HTTP; Thu, 29 Oct 2015 05:17:16 -0700 (PDT)
In-Reply-To: <20953.128.135.52.6.1446065026.squirrel@cosmo.uchicago.edu>
References: <49230.128.135.52.6.1446047977.squirrel@cosmo.uchicago.edu>
 <1446064085.1148620.422968569.0E47599D@webmail.messagingengine.com>
 <20953.128.135.52.6.1446065026.squirrel@cosmo.uchicago.edu>
Date: Thu, 29 Oct 2015 12:17:16 +0000
Message-ID: <CALfReycwGJfBsx1JB_HOpwRXj2BPt9JTDAFPZHHC4HA=-fiisw@mail.gmail.com>
Subject: Re: /etc/jail.conf documentation?
From: krad <kraduk@gmail.com>
To: galtsev@kicp.uchicago.edu
Cc: Mark Felder <feld@freebsd.org>,
 FreeBSD Questions <freebsd-questions@freebsd.org>
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.20
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Oct 2015 12:17:18 -0000

here is an extract from one of my jail configs which shows a few other
things to play with. Remember vnet and pf dont play at present.


     # Typical static defaults:
     # Use the rc scripts to start and stop jails.  Mount jail's /dev.
     exec.start = "/bin/sh /etc/rc";
     exec.stop = "/bin/sh /etc/rc.shutdown";
     exec.clean;
     mount.devfs;


     # Dynamic wildcard parameter:
     # Base the path off the jail name.
     path = "/jails/$name";


     emby {
             host.hostname = "emby.intranet";
             vnet.interface = emby_a;
             vnet;
             exec.prestart  = "ifconfig emby_a destroy || true ";
             exec.prestart  += "ifconfig emby_b destroy || true";
             exec.prestart  += "ifconfig epair8 create up";
             exec.prestart  += "ifconfig epair8a name emby_a";
             exec.prestart  += "ifconfig epair8b name emby_b";
             exec.prestart  += "ifconfig emby_b up";
             exec.prestart  += "ifconfig bridge0 addm emby_b";
             exec.prestart  += "ifconfig emby_a ether 02:ff:25:fc:05:da";
             exec.prestart  += " df | grep -q  /jails/emby/videos ||  mount
-t nullfs -o rw /videos /jails/emby/videos/";
             exec.poststop  = "ifconfig emby_a destroy";
             exec.poststop  += "ifconfig emby_b destroy";
             exec.poststop += "/sbin/umount /jails/emby/videos || true ";
             exec.start += "/sbin/dhclient emby_a";
             exec.start += "ifconfig emby_a inet6 accept_rtadv";
             exec.start += "/etc/rc.d/rtsold start";
        }


On 28 October 2015 at 20:43, Valeri Galtsev <galtsev@kicp.uchicago.edu>
wrote:

>
> On Wed, October 28, 2015 3:28 pm, Mark Felder wrote:
> >
> >
> > On Wed, Oct 28, 2015, at 10:59, Valeri Galtsev wrote:
> >> Dear All,
> >>
> >> Can someone recommend something similar to FreeBSD handbook that
> >> describes
> >> building jails for newer systems meaning /etc/jail.conf as opposed to
> >> /etc/rc.conf which handbook currently has in its jails chapter. I still
> >> have all jail configurations on 9.3 boxes in /etc/rc.conf, but it is
> >> time
> >> to build 10.x production boxes, and do things modern way (implying
> >> /etc/jail.conf). I still intend to keep building jails "old fashion way"
> >> as described in handbook, as opposed to using tools "ezjail" or similar.
> >>
> >> Thanks for all your advises!
> >>
> >> Valeri
> >>
> >> PS I know I can always use UNIX way of getting information, like
> >>
> >> man jail.conf
> >>
> >> , still...
> >>
> >
> > Hi Valeri,
> >
> > It's simpler than you think. Your /etc/jail.conf can be as simple as:
> >
> > exec.start = "/bin/sh /etc/rc";
> > exec.stop = "/bin/sh /etc/rc.shutdown";
> > exec.clean;
> > mount.devfs;
> >
> > path = /zroot/jails/$name;
> >
> > myjail{
> >     host.hostname = "myjail.local";
> >     ip4.addr = 192.168.1.5;
> > }
> >
>
> Mark, thanks a lot! I already have it running; I have a couple more I'm
> sure I need to have:
>
> allow.set_hostname = 0;
> allow.sysvipc = 0;
>
> but I definitely didn't have
>
> exec.stop = "/bin/sh /etc/rc.shutdown";
>
> which seems to be really beneficial for jail "clean shutdown" akin we do
> when we shut down real system.
>
> Thanks!
>
> Valeri
>
> > You can add more options to the jail as required. Look at jail(8) man
> > page instead of jail.conf(5) which lists the format, but not the
> > options. I think this is kind of backwards myself, but I wasn't involved
> > in these docs.
> >
> > Now you can do "service jail start myjail" it will just work. :-)
> >
> >
> > --
> >   Mark Felder
> >   ports-secteam member
> >   feld@FreeBSD.org
> > _______________________________________________
> > freebsd-questions@freebsd.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to
> > "freebsd-questions-unsubscribe@freebsd.org"
> >
>
>
> ++++++++++++++++++++++++++++++++++++++++
> Valeri Galtsev
> Sr System Administrator
> Department of Astronomy and Astrophysics
> Kavli Institute for Cosmological Physics
> University of Chicago
> Phone: 773-702-4247
> ++++++++++++++++++++++++++++++++++++++++
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe@freebsd.org"
>