Date: Wed, 10 Feb 2016 07:37:50 -0700 From: James Gritton <jamie@freebsd.org> To: freebsd-jail@freebsd.org Cc: marquis@roble.com Subject: Re: exec_poststart Message-ID: <a84c599cb79800f60d9c2e985c3c32d8@gritton.org> In-Reply-To: <56ba5d24.8b00620a.e1560.fffff48cSMTPIN_ADDED_MISSING@mx.google.com> References: <mailman.19.1455019200.84699.freebsd-jail@freebsd.org> <56ba5d24.8b00620a.e1560.fffff48cSMTPIN_ADDED_MISSING@mx.google.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2016-02-09 14:41, Roger Marquis wrote:
> James Gritton wrote:
>> You can reference jail parameters within other parameters, much like
>> you'd use shell variables. In the global part of the definition, you
>> can set:
>> exec.poststart = "/path/to/script.sh ${host.hostname}"
>
> This is perhaps a tangent but I'm wondering if this syntax could be
> clarified
> so 'exec' isn't used to mean 'jexec'? Would also simplify things if
> subsequent
> j/exec's didn't require the use of '+=' instead of '='. Ideally both
> should be
> deprecated in favor of a sysrc-compatible ':'.
I'm not sure what you mean by exec meaning jexec - yes, jexec(8) is a
program that runs things inside a jail, and the exec.* paramaters run
programs (usually) inside the jail. But it doesn't actually run jexec,
and "exec" is the more natural word to describe something that is
executed. Besides, this is based on the old shell-based rc name that
have always been "exec_*".
Speaking of the old ways, being sysrc-compatible wasn't really the goal.
When creating a config file, I found C-style and DOS-style were both
pretty common; I went with C. I'm not sure what you mean by ':' being
sysrc-compatible though - I have no idea what part a colon has ever
played in the old-style jail specification. But '=' and '+=' are not
going to be deprecated. If you don't want the '=', you can always do
without: other programs with C-style configs don't use '=' but just have
names and values with whitespace between them, and you can do the same
in jail.conf.
There's a good reason why it's '+=' instead of just '='. You need to
keep '=' available to totally replace a parameter, so you can specify a
default value in the global section and allow some jails to substitute
their own value. Or, in some cases (e.g. ip addresses, exec) a
parameter may have a list of values and you need a way to build that
list. The old *_0, *_1, etc worked for shell, but was always an
inelegance tied to shell's limitations.
> Would also be nice if non-0 exit codes didn't abort the entire sequence
> (without
> hacking in a subshell;exit 0) and if the man page mentioned some of
> this.
It has always been this way, so changing it would cause more problems
than they would solve. And I don't think they would solve any anyway -
it's always a good idea to pay attention to error returns, at least by
default. It is in fact explicitly mentioned in the jail(8) man page, in
the heading paragraph above the various exec.* parameters, that the
commands must return a zero exit status or the jail will not be created.
> Regarding the man page, there's a URL under AUTHORS that doesn't lead
> where you
> might expect... Makes a good case for a policy forbidding
> non-freebsd.org URLs
> in man pages.
That definitely doesn't go where I expected (though after your warning,
I was thinking it might end up on a porn site). I'll scrub the URL from
the documentation.
- Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a84c599cb79800f60d9c2e985c3c32d8>