Date: Sun, 19 Jun 2011 22:16:05 -0400 From: Fbsd8 <fbsd8@a1poweruser.com> To: Lars Kellogg-Stedman <lars@oddbit.com> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: /etc/rc.d/jail using new-style jail command? Message-ID: <4DFEAD65.70306@a1poweruser.com> In-Reply-To: <BANLkTinS%2Bf=GoBWz5-nqT8Qczb2Z8QOspw@mail.gmail.com> References: <BANLkTinS%2Bf=GoBWz5-nqT8Qczb2Z8QOspw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Lars Kellogg-Stedman wrote: > Hello all, > > I'm curious if there's been any work done to make /etc/rc.d/jail use > the new-style jail command (jail -c path=... name=..., etc)...or if > there's been any work done to create a replacement? There are three > features I would love to see in the stock version that I've had to > implement myself: > > - The ability to reference jails by name. Passing the > name=<jail_name> argument means that jails can be referenced by name > when using, e.g., the jexec command, which is very convenient since > jail ids aren't (normally) persistent. > > - The ability to create jails without starting them. The "persist" > argument to the jail command is useful when attaching ZFS datasets to > a jail. A ZFS dataset can't be attached until a JID has been > allocated, but if with the existing implementation the jail will > probably have booted by the time you complete the ZFS assignment, > which impacts services that may need access to the jail. There are > workarounds (such as a busy-wait loop that checks for the filesystem), > but creating the jail with no processes, attaching the datasets, and > then starting the jail is much cleaner. > > - Somewhat more flexibility in setting up jail permissions (via the > enforce_statfs and allow.* arguments). > > Before I spend too much time making my own local changes, I was > wondering if there was anything I should be looking at. I've been > using ezjail recently, but since it relies on the stock /etc/rc.d/jail > to actually boot and configure jails it suffers from the same > limitations. > > Thanks, > > -- Lars > > Give the qjail port a try. It has the ability to reference jails by name and create jails without starting them. Though it does not use the new-style jail command.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4DFEAD65.70306>