From owner-freebsd-rc@FreeBSD.ORG Mon Feb 9 11:06:58 2009 Return-Path: Delivered-To: freebsd-rc@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 607511065676 for ; Mon, 9 Feb 2009 11:06:58 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 4D1898FC08 for ; Mon, 9 Feb 2009 11:06:58 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n19B6wsX009241 for ; Mon, 9 Feb 2009 11:06:58 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n19B6vIx009237 for freebsd-rc@FreeBSD.org; Mon, 9 Feb 2009 11:06:57 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 9 Feb 2009 11:06:57 GMT Message-Id: <200902091106.n19B6vIx009237@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-rc@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-rc@FreeBSD.org X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Feb 2009 11:06:58 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o conf/130414 rc [patch] rc services started with onestart are not stop o conf/128299 rc [patch] /etc/rc.d/geli does not mount partitions using o conf/127917 rc [patch] dumpon rejects on start with physmem>swap even o bin/126562 rc rcorder(8) fails to run unrelated startup scripts when o conf/126392 rc [patch] rc.conf ifconfig_xx keywords cannot be escaped o bin/126324 rc [patch] rc.d/tmp: Prevent mounting /tmp in second tim o conf/124747 rc [patch] savecore can't create dump from encrypted swap o conf/124248 rc [patch] add support for nice value for rc.d/jail + rc. o conf/123734 rc [patch] Chipset VIA CX700 requires extra initializatio o conf/123222 rc [patch] Add rtprio(1)/idprio(1) support to rc.subr(8). o conf/122477 rc [patch] /etc/rc.d/mdconfig and mdconfig2 are ignoring o conf/122170 rc [patch] [request] New feature: notify admin via page o o conf/122036 rc [rc.d]: Mounting at boot with ZFS causes a halt in boo o kern/121566 rc [nfs] [request] [patch] ethernet iface should be broug o conf/120431 rc [patch] devfs.rules are not initialized under certain o conf/120406 rc [devd] [patch] Handle newly attached pcm devices (eg. o conf/120228 rc [zfs] [patch] Split ZFS volume startup / ease ZFS swap o conf/120194 rc [patch] UFS volumes on ZVOLs cannot be fsck'd at boot o conf/119874 rc [patch] "/etc/rc.d/pf reload" fails if there are macro o conf/119076 rc [patch] [rc.d] /etc/rc.d/netif tries to remove alias a o bin/118325 rc [patch] [request] new periodic script to test statuses o conf/118255 rc savecore never finding kernel core dumps (rcorder prob o conf/117935 rc [patch] ppp fails to start at boot because of missing o conf/113915 rc [patch] ndis wireless driver fails to associate when i o conf/109980 rc /etc/rc.d/netif restart doesn't destroy cloned_interfa o conf/109562 rc [rc.d] [patch] [request] Make rc.d/devfs usable from c o conf/106009 rc [ppp] [patch] [request] Fix pppoed startup script to p o conf/105689 rc [ppp] [request] syslogd starts too late at boot o conf/105568 rc [patch] [request] Add more flexibility to rc.conf, to o conf/105145 rc [ppp] [patch] [request] add redial function to rc.d/pp o conf/104549 rc [patch] rc.d/nfsd needs special _find_processes functi o conf/102700 rc [geli] [patch] Add encrypted /tmp support to GELI/GBDE o conf/99721 rc [patch] /etc/rc.initdiskless problem copy dotfile in s o conf/99444 rc [patch] Enhancement: rc.subr could easily support star o conf/96343 rc [patch] rc.d order change to start inet6 before pf o conf/93815 rc [patch] Adds in the ability to save ipfw rules to rc.d o conf/92523 rc [patch] allow rc scripts to kill process after a timeo o conf/89870 rc [patch] [request] make netif verbose rc.conf toggle o conf/89061 rc [patch] IPv6 6to4 auto-configuration enhancement o conf/88913 rc [patch] wrapper support for rc.subr o conf/85819 rc [patch] script allowing multiuser mode in spite of fsc o kern/81006 rc ipnat not working with tunnel interfaces on startup o conf/77663 rc Suggestion: add /etc/rc.d/addnetswap after addcritremo o conf/73677 rc [patch] add support for powernow states to power_profi o conf/58939 rc [patch] dumb little hack for /etc/rc.firewall{,6} o conf/56934 rc [patch] rc.firewall rules for natd expect an interface o conf/45226 rc [patch] Fix for rc.network, ppp-user annoyance o conf/44170 rc [patch] Add ability to run multiple pppoed(8) on start 48 problems total. From owner-freebsd-rc@FreeBSD.ORG Tue Feb 10 14:01:10 2009 Return-Path: Delivered-To: freebsd-rc@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3D2A710656D5; Tue, 10 Feb 2009 14:01:10 +0000 (UTC) (envelope-from gavin@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 081BD8FC1C; Tue, 10 Feb 2009 14:01:10 +0000 (UTC) (envelope-from gavin@FreeBSD.org) Received: from freefall.freebsd.org (gavin@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n1AE19d0080652; Tue, 10 Feb 2009 14:01:09 GMT (envelope-from gavin@freefall.freebsd.org) Received: (from gavin@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n1AE194c080648; Tue, 10 Feb 2009 14:01:09 GMT (envelope-from gavin) Date: Tue, 10 Feb 2009 14:01:09 GMT Message-Id: <200902101401.n1AE194c080648@freefall.freebsd.org> To: gavin@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-rc@FreeBSD.org From: gavin@FreeBSD.org Cc: Subject: Re: conf/131458: /etc/rc.d/defaultroute produces misleading output X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Feb 2009 14:01:14 -0000 Synopsis: /etc/rc.d/defaultroute produces misleading output Responsible-Changed-From-To: freebsd-bugs->freebsd-rc Responsible-Changed-By: gavin Responsible-Changed-When: Tue Feb 10 14:00:40 UTC 2009 Responsible-Changed-Why: Over to maintainer(s) http://www.freebsd.org/cgi/query-pr.cgi?pr=131458 From owner-freebsd-rc@FreeBSD.ORG Wed Feb 11 03:24:40 2009 Return-Path: Delivered-To: freebsd-rc@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D9314106566B; Wed, 11 Feb 2009 03:24:40 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.delphij.net (delphij-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:2c9::2]) by mx1.freebsd.org (Postfix) with ESMTP id 0549B8FC15; Wed, 11 Feb 2009 03:24:40 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.geekcn.org (tarsier.geekcn.org [211.166.10.233]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by tarsier.delphij.net (Postfix) with ESMTPS id E4E4E28449; Wed, 11 Feb 2009 11:24:38 +0800 (CST) Received: from localhost (tarsier.geekcn.org [211.166.10.233]) by tarsier.geekcn.org (Postfix) with ESMTP id 5EDD5EC5F3F; Wed, 11 Feb 2009 11:24:38 +0800 (CST) X-Virus-Scanned: amavisd-new at geekcn.org Received: from tarsier.geekcn.org ([211.166.10.233]) by localhost (mail.geekcn.org [211.166.10.233]) (amavisd-new, port 10024) with ESMTP id DlZ5fODzqsZS; Wed, 11 Feb 2009 11:24:32 +0800 (CST) Received: from charlie.delphij.net (adsl-76-237-33-62.dsl.pltn13.sbcglobal.net [76.237.33.62]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by tarsier.geekcn.org (Postfix) with ESMTPSA id 3B7CEEC5F3B; Wed, 11 Feb 2009 11:24:29 +0800 (CST) DomainKey-Signature: a=rsa-sha1; s=default; d=delphij.net; c=nofws; q=dns; h=message-id:date:from:reply-to:organization:user-agent: mime-version:to:cc:subject:x-enigmail-version:openpgp:content-type; b=cz71M8fNQ2aL2xH4nJ6J9HJxJ/+t7FzWiAskgiAJvDkWWgb3UTaZQZ/i5QGnQQkhN Rp+zxByEk52CRzc1nXFDg== Message-ID: <499244E6.9030205@delphij.net> Date: Tue, 10 Feb 2009 19:24:22 -0800 From: Xin LI Organization: The FreeBSD Project User-Agent: Thunderbird 2.0.0.19 (X11/20090202) MIME-Version: 1.0 To: freebsd-rc@FreeBSD.org X-Enigmail-Version: 0.95.7 OpenPGP: id=18EDEBA0; url=http://www.delphij.net/delphij.asc Content-Type: multipart/mixed; boundary="------------010704020508080109030502" Cc: FreeBSD Current Subject: [RFC] Skeleton jail (rc.d feature proposal) X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Feb 2009 03:24:41 -0000 This is a multi-part message in MIME format. --------------010704020508080109030502 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Ok, some local users has prodded me in committing the "skeleton jail" feature, I find it useful myself but not sure if it's appropriate to commit it against -HEAD, so I'd like to explain it, try to present it in a better way, and request for comments. I'd like to have some native English speakers to proof read the manual page changes if this is found useful for general consumption. Some descriptions: ===== What is it? Basically, a "skeleton" jail is a jail which has part of its directories, typically directories containing the base system, say the binaries, libraries, mount_nullfs'ed from a template, usually /. What I did implemented is some helper scripts as well as some Makefile changes to make the task easier. A NULLFS mount, typically, read-only, from either a template (an installed world located in some directory, or the host system, say, / itself), would reduce the time that is taken upon system upgrade; on the other hand, it makes it possible to switch the base system libraries on-the-fly. The read-only nature of these NULLFS mounts also helps development environments that don't want programmers to make unauthorized changes to the base system itself, we actually have used it in our development environment and found this as an useful side effect. ===== How to use it? One make(1) target, "installskel" has been added to top-level (/usr/src) Makefile. This can be used to populate a skeleton where only a minimal set of files and directories are installed that will support the startup of a skeleton jail. "installskel" is actually a shortcut of "make hierarchy" and "cd etc; make distribution". So, to create a skeleton: cd /usr/src make installskel DESTDIR=$D Where "D" is the directory where you want the skeleton to be placed at, say, /vhost/myjail in this example; then, set up rc.conf(5) parameters like this: jail_myjail_rootdir="/vhost/myjail/" jail_myjail_devfs_enable="YES" jail_myjail_skel_enable="YES" The rc.d infrastructure would automatically mount the following directories from the template (when not specified, /) as read-only: bin lib libexec sbin usr/bin usr/include usr/lib usr/libdata usr/libexec usr/sbin usr/share usr/src usr/obj Cheers, - -- Xin LI http://www.delphij.net/ FreeBSD - The Power to Serve! -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (FreeBSD) iEYEARECAAYFAkmSROUACgkQi+vbBBjt66DncwCguU5YAytGEhvwMGbLzk0uFqkI lKEAn3RhVNxIF4XROQj0ijWyEsZgP+IJ =Sd9e -----END PGP SIGNATURE----- --------------010704020508080109030502 Content-Type: text/plain; name="skel.diff" Content-Transfer-Encoding: 8bit Content-Disposition: inline; filename="skel.diff" Index: Makefile =================================================================== --- Makefile (版本 188424) +++ Makefile (工作副本) @@ -84,6 +84,7 @@ depend distribute distributeworld distrib-dirs distribution doxygen \ everything hierarchy install installcheck installkernel \ installkernel.debug reinstallkernel reinstallkernel.debug \ + installskel \ installworld kernel-toolchain libraries lint maninstall \ obj objlink regress rerelease showconfig tags toolchain update \ _worldtmp _legacy _bootstrap-tools _cleanobj _obj \ @@ -98,6 +99,7 @@ .ORDER: buildworld installworld .ORDER: buildworld distributeworld .ORDER: buildworld buildkernel +.ORDER: buildworld installskel .ORDER: buildkernel installkernel .ORDER: buildkernel installkernel.debug .ORDER: buildkernel reinstallkernel Index: Makefile.inc1 =================================================================== --- Makefile.inc1 (版本 188424) +++ Makefile.inc1 (工作副本) @@ -651,6 +651,18 @@ ${IMAKEENV} rm -rf ${INSTALLTMP} # +# installskel +# +# Installs a minimum set of files that can support a mini-jail +# +installskel: + @echo "--------------------------------------------------------------" + @echo ">>> Making installskel" + @echo "--------------------------------------------------------------" + ${_+_}cd ${.CURDIR}; ${MAKE} hierarchy + ${_+_}cd ${.CURDIR}/etc; ${MAKE} distribution + +# # reinstall # # If you have a build server, you can NFS mount the source and obj directories Index: etc/defaults/rc.conf =================================================================== --- etc/defaults/rc.conf (版本 188424) +++ etc/defaults/rc.conf (工作副本) @@ -611,6 +611,11 @@ jail_set_hostname_allow="YES" # Allow root user in a jail to change its hostname jail_socket_unixiproute_only="YES" # Route only TCP/IP within a jail jail_sysvipc_allow="NO" # Allow SystemV IPC use from within a jail +jail_skel_enable="NO" # Whether to globally enable "skel" jail +jail_skel_root="/" # The root directory for skel template +jail_skel_romounts="bin lib libexec sbin usr/bin usr/include usr/lib usr/libdata usr/libexec usr/sbin usr/share usr/src usr/obj" + # Read-only nullfs mounts from the template +jail_skel_rwmounts="" # Read-write nullfs mounts from the template # # To use rc's built-in jail infrastructure create entries for @@ -640,6 +645,11 @@ #jail_example_mount_enable="NO" # mount/umount jail's fs #jail_example_fstab="" # fstab(5) for mount/umount #jail_example_flags="-l -U root" # flags for jail(8) +#jail_example_skel_enable="NO" # Whether to enable "skel" jail +#jail_example_skel_root="/" # The root directory for skel template +#jail_example_skel_romounts="bin lib libexec sbin usr/bin usr/include usr/lib usr/libdata usr/libexec usr/sbin usr/share usr/src usr/obj usr/ports" + # Read-only nullfs mounts from the template +#jail_example_skel_rwmounts="" # Read-write nullfs mounts from the template ############################################################## ### Define source_rc_confs, the mechanism used by /etc/rc.* ## Index: etc/rc.d/jail =================================================================== --- etc/rc.d/jail (版本 188424) +++ etc/rc.d/jail (工作副本) @@ -85,6 +85,16 @@ [ -z "${_consolelog}" ] && _consolelog="/var/log/jail_${_j}_console.log" eval _fib=\"\${jail_${_j}_fib:-${jail_fib}}\" + # Default settings for skel jail + eval _skel_enable=\"\${jail_${_j}_skel_enable:-${jail_skel_enable}}\" + [ -z "${_skel_enable}" ] && _skel_enable="NO" + eval _skel_root=\"\${jail_${_j}_skel_root:-${jail_skel_root}}\" + [ -z "${_skel_root}" ] && _skel_root="/" + eval _skel_romounts=\"\${jail_${_j}_skel_romounts:-${jail_skel_romounts}}\" + [ -z "${_skel_romounts}" ] && _skel_romounts="bin lib libexec sbin usr/bin usr/include usr/lib usr/libdata usr/libexec usr/sbin usr/share usr/src usr/obj" + eval _skel_rwmounts=\"\${jail_${_j}_skel_rwmounts:-${jail_skel_rwmounts}}\" + [ -z "${_skel_rwmounts}" ] && _skel_rwmounts="" + # Debugging aid # debug "$_j devfs enable: $_devfs" @@ -120,6 +130,10 @@ debug "$_j exec stop: $_exec_stop" debug "$_j flags: $_flags" debug "$_j consolelog: $_consolelog" + debug "$_j skel enable: $_skel_enable" + debug "$_j skel mount-readonly: $_skel_romounts" + debug "$_j skel mount-readwrite: $_skel_rwmounts" + debug "$_j skel mount skeleton from: $_skel_root" if [ -z "${_hostname}" ]; then err 3 "$name: No hostname has been defined for ${_j}" @@ -241,6 +255,14 @@ secure_umount ${_mountpt} done fi + if checkyesno _skel_enable; then + for _mntpt in ${_skel_romounts} ${_skel_rwmounts} + do + if [ -d "${_rootdir}/${_mntpt}" ] ; then + umount -f ${_rootdir}/${_mntpt} > /dev/null 2>&1 + fi + done + fi } # jail_mount_fstab() @@ -509,6 +531,17 @@ fi jail_mount_fstab fi + if checkyesno _skel_enable; then + info "Mounting skeleton for jail ${_jail} from ${_skel_root}" + for _mntpt in $_skel_rwmounts + do + mount_nullfs ${_skel_root}/${_mntpt} ${_rootdir}/${_mntpt} > /dev/null 2>&1 + done + for _mntpt in $_skel_romounts + do + mount_nullfs -ordonly ${_skel_root}/${_mntpt} ${_rootdir}/${_mntpt} > /dev/null 2>&1 + done + fi if checkyesno _devfs; then # If devfs is already mounted here, skip it. df -t devfs "${_devdir}" >/dev/null Index: share/man/man5/rc.conf.5 =================================================================== --- share/man/man5/rc.conf.5 (版本 188424) +++ share/man/man5/rc.conf.5 (工作副本) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd January 27, 2009 +.Dd February 10, 2009 .Dt RC.CONF 5 .Os .Sh NAME @@ -3413,6 +3413,46 @@ .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop for every jail in .Va jail_list . +.It Va jail_skel_enable +.Pq Vt bool +Set to +.Dq Li NO +by default. +When set to +.Dq Li YES , +sets +.Va jail_ Ns Ao Ar jname Ac Ns Va _skel_enable +to +.Dq Li YES +by default for every jail in +.Va jail_list . +.It Va jail_skel_root +.Pq Vt str +Set to +.Dq Li / +by default. +When set, use as default value for +.Va jail_ Ns Ao Ar jname Ac Ns Va _skel_root +for every jail in +.Va jail_list . +.It Va jail_skel_romount +.Pq Vt str +Set to +.Dq Li bin lib libexec sbin usr/bin usr/include usr/lib usr/libdata usr/libexec usr/sbin usr/share usr/src usr/obj +by default. +When set, use as default value for +.Va jail_ Ns Ao Ar jname Ac Ns Va _skel_romount +for every jail in +.Va jail_list . +.It Va jail_skel_rwmount +.Pq Vt str +Set to empty by default. +When set, use as default value for +.Va jail_ Ns Ao Ar jname Ac Ns Va _skel_rwmount +for every jail in +.Va jail_list . .It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir .Pq Vt str Unset by default. @@ -3549,6 +3589,38 @@ .Dq Li /bin/sh /etc/rc.shutdown by default. This is the command executed at jail shutdown. +.It Va jail_ Ns Ao Ar jname Ac Ns Va _skel_enable +.Pq Vt bool +Set to +.Dq Li NO +by default. +When set to +.Dq Li YES , +enable the skeleton jail, which +.Xr mount_nullfs 8 +two lists of filesystems, one of which lists read-only, +another lists read-write as specified by the administrator, +relative to the template root, into inside jail +.Ar jname +respectively, at jail startup. +.It Va jail_ Ns Ao Ar jname Ac Ns Va _skel_root +.Pq Vt str +Set to +.Dq Li / +by default. +Specifies the root directory that a skeleton template is based on. +.It Va jail_ Ns Ao Ar jname Ac Ns Va _skel_romounts +.Pq Vt str +Specifies a list of directories that is expected to be mounted from +the skeleton template, into inside jail +.Ar jname , +as read-only. +.It Va jail_ Ns Ao Ar jname Ac Ns Va _skel_rwmounts +.Pq Vt str +Specifies a list of directories that is expected to be mounted from +the skeleton template, into inside jail +.Ar jname , +as read-write. .It Va jail_set_hostname_allow .Pq Vt bool If set to Index: usr.sbin/jail/jail.8 =================================================================== --- usr.sbin/jail/jail.8 (版本 188424) +++ usr.sbin/jail/jail.8 (工作副本) @@ -412,6 +412,46 @@ /etc/rc.d/jail start myjail /etc/rc.d/jail stop myjail .Ed +.Ss "Setting up a Jail from a template directory" +A so-called skeleton jail, is an environment where part of its +directories comes from +.Xr mount_nullfs 8 +from a template directory. +.Pp +Such setup can save the time for the administrator because it makes +it possible to share certain binaries and libraries between several +jails, as well as easy experimenting different releases of the +operating system libraries by switching template directories. +Also, this type of setup would save certain amount of disk space. +.Pp +A template directory can be populated with +.Dq "make world" , +or, the host system environment +.Aq Dq "/" , +can be used as well. +.Pp +To set up a jail directory tree containing the jail, one can use +the following +.Xr sh 1 +command script: +.Bd -literal +D=/here/is/the/jail +cd /usr/src +mkdir -p $D +make installskel DESTDIR=$D +.Ed +.Pp +One should explicitly specify that the jail is skeleton jail, by +either enabling the global flag +.Dq jail_skel_enable , +or the per-jail flag +.Dq Va jail_ Ns Ao Ar jname Ac Ns Va _skel_enable +in +.Xr rc.conf 5 +configuration. The system supplied a set of defaults that is +useful for typical setup, and is tweakable through several variables +as described in +.Xr rc.conf 5 . .Ss "Managing the Jail" Normal machine shutdown commands, such as .Xr halt 8 , --------------010704020508080109030502-- From owner-freebsd-rc@FreeBSD.ORG Wed Feb 11 03:53:05 2009 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 228BD1065675; Wed, 11 Feb 2009 03:53:05 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.delphij.net (delphij-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:2c9::2]) by mx1.freebsd.org (Postfix) with ESMTP id BC2B48FC1F; Wed, 11 Feb 2009 03:53:04 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.geekcn.org (tarsier.geekcn.org [211.166.10.233]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by tarsier.delphij.net (Postfix) with ESMTPS id 3F9B528449; Wed, 11 Feb 2009 11:53:03 +0800 (CST) Received: from localhost (tarsier.geekcn.org [211.166.10.233]) by tarsier.geekcn.org (Postfix) with ESMTP id F2D55EC5F63; Wed, 11 Feb 2009 11:53:02 +0800 (CST) X-Virus-Scanned: amavisd-new at geekcn.org Received: from tarsier.geekcn.org ([211.166.10.233]) by localhost (mail.geekcn.org [211.166.10.233]) (amavisd-new, port 10024) with ESMTP id bT41jMwvSqdc; Wed, 11 Feb 2009 11:52:55 +0800 (CST) Received: from charlie.delphij.net (adsl-76-237-33-62.dsl.pltn13.sbcglobal.net [76.237.33.62]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by tarsier.geekcn.org (Postfix) with ESMTPSA id 4F0A9EC5F5F; Wed, 11 Feb 2009 11:52:53 +0800 (CST) DomainKey-Signature: a=rsa-sha1; s=default; d=delphij.net; c=nofws; q=dns; h=message-id:date:from:reply-to:organization:user-agent: mime-version:to:cc:subject:references:in-reply-to: x-enigmail-version:openpgp:content-type:content-transfer-encoding; b=jVxk19pNjLjcDfshSQWw3PmkO06J0h5V08vEzUcGntyu4tuXSIwc6t6HMDy/c1dsY lf8R//pJSAlJX3GHGd2oQ== Message-ID: <49924B92.6050307@delphij.net> Date: Tue, 10 Feb 2009 19:52:50 -0800 From: Xin LI Organization: The FreeBSD Project User-Agent: Thunderbird 2.0.0.19 (X11/20090202) MIME-Version: 1.0 To: Lawrence Stewart References: <499244E6.9030205@delphij.net> <499246D4.8020908@freebsd.org> In-Reply-To: <499246D4.8020908@freebsd.org> X-Enigmail-Version: 0.95.7 OpenPGP: id=18EDEBA0; url=http://www.delphij.net/delphij.asc Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-rc@freebsd.org, FreeBSD Current , d@delphij.net Subject: Re: [RFC] Skeleton jail (rc.d feature proposal) X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Feb 2009 03:53:05 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lawrence Stewart wrote: > Xin LI wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Hi, >> >> Ok, some local users has prodded me in committing the "skeleton jail" > > [snip] > > Can you describe how this differs from the functionality provided by the > ezjail port? (/usr/ports/sysutils/ezjail/) I think they have different targets. Skeleton jail is more lightweight which is only very few lines of changes to the base system (i.e. the aim is to provide convenient shortcut for common tasks, not to be a complete solution); the functionality provided by skeleton jail, on the other hand, could be useful building blocks to ezjail. Cheers, - -- Xin LI http://www.delphij.net/ FreeBSD - The Power to Serve! -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (FreeBSD) iEYEARECAAYFAkmSS5EACgkQi+vbBBjt66D4NQCfSL6g+UgptFPEAnea7HBjDZU4 /30AnAkF7eJU1/v6gD+irFrdO/aaLZvS =spnz -----END PGP SIGNATURE----- From owner-freebsd-rc@FreeBSD.ORG Wed Feb 11 03:56:45 2009 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B9D331065675; Wed, 11 Feb 2009 03:56:45 +0000 (UTC) (envelope-from lstewart@freebsd.org) Received: from lauren.room52.net (lauren.room52.net [210.50.193.198]) by mx1.freebsd.org (Postfix) with ESMTP id 321AF8FC0C; Wed, 11 Feb 2009 03:56:45 +0000 (UTC) (envelope-from lstewart@freebsd.org) Received: from lstewart.caia.swin.edu.au (lstewart.caia.swin.edu.au [136.186.229.95]) (authenticated bits=0) by lauren.room52.net (8.14.3/8.14.3) with ESMTP id n1B3WgES006675 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 11 Feb 2009 14:32:43 +1100 (EST) (envelope-from lstewart@freebsd.org) Message-ID: <499246D4.8020908@freebsd.org> Date: Wed, 11 Feb 2009 14:32:36 +1100 From: Lawrence Stewart User-Agent: Thunderbird 2.0.0.19 (X11/20090128) MIME-Version: 1.0 To: d@delphij.net References: <499244E6.9030205@delphij.net> In-Reply-To: <499244E6.9030205@delphij.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.0 required=5.0 tests=AWL,BAYES_00,SPF_SOFTFAIL autolearn=disabled version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on lauren.room52.net Cc: FreeBSD Current , freebsd-rc@freebsd.org Subject: Re: [RFC] Skeleton jail (rc.d feature proposal) X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Feb 2009 03:56:46 -0000 Xin LI wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > Ok, some local users has prodded me in committing the "skeleton jail" [snip] Can you describe how this differs from the functionality provided by the ezjail port? (/usr/ports/sysutils/ezjail/) Cheers, Lawrence From owner-freebsd-rc@FreeBSD.ORG Wed Feb 11 09:20:06 2009 Return-Path: Delivered-To: freebsd-rc@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0486C106566B for ; Wed, 11 Feb 2009 09:20:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id E76F78FC1D for ; Wed, 11 Feb 2009 09:20:05 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n1B9K5aq078750 for ; Wed, 11 Feb 2009 09:20:05 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n1B9K5aW078749; Wed, 11 Feb 2009 09:20:05 GMT (envelope-from gnats) Date: Wed, 11 Feb 2009 09:20:05 GMT Message-Id: <200902110920.n1B9K5aW078749@freefall.freebsd.org> To: freebsd-rc@FreeBSD.org From: dfilter@FreeBSD.ORG (dfilter service) Cc: Subject: Re: conf/131458: commit references a PR X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dfilter service List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Feb 2009 09:20:06 -0000 The following reply was made to PR conf/131458; it has been noted by GNATS. From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: conf/131458: commit references a PR Date: Wed, 11 Feb 2009 09:18:20 +0000 (UTC) Author: mtm Date: Wed Feb 11 09:18:09 2009 New Revision: 188478 URL: http://svn.freebsd.org/changeset/base/188478 Log: Reword informational message by rc.d/defaultroute. PR: conf/131458 Modified: head/etc/rc.d/defaultroute Modified: head/etc/rc.d/defaultroute ============================================================================== --- head/etc/rc.d/defaultroute Wed Feb 11 07:50:07 2009 (r188477) +++ head/etc/rc.d/defaultroute Wed Feb 11 09:18:09 2009 (r188478) @@ -45,7 +45,7 @@ defaultroute_start() break fi if [ ${delay} -eq ${if_up_delay} ]; then - echo -n "Waiting ${delay}s for an interface to come up: " + echo -n "Waiting ${delay}s for the default route interface: " else echo -n . fi _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org" From owner-freebsd-rc@FreeBSD.ORG Wed Feb 11 09:22:12 2009 Return-Path: Delivered-To: freebsd-rc@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2DC811065673; Wed, 11 Feb 2009 09:22:12 +0000 (UTC) (envelope-from mtm@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 0452A8FC27; Wed, 11 Feb 2009 09:22:12 +0000 (UTC) (envelope-from mtm@FreeBSD.org) Received: from freefall.freebsd.org (mtm@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n1B9MBMi085678; Wed, 11 Feb 2009 09:22:11 GMT (envelope-from mtm@freefall.freebsd.org) Received: (from mtm@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n1B9MBut085674; Wed, 11 Feb 2009 09:22:11 GMT (envelope-from mtm) Date: Wed, 11 Feb 2009 09:22:11 GMT Message-Id: <200902110922.n1B9MBut085674@freefall.freebsd.org> To: bruce@cran.org.uk, mtm@FreeBSD.org, freebsd-rc@FreeBSD.org From: mtm@FreeBSD.org Cc: Subject: Re: conf/131458: [rc] /etc/rc.d/defaultroute produces misleading output X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Feb 2009 09:22:12 -0000 Synopsis: [rc] /etc/rc.d/defaultroute produces misleading output State-Changed-From-To: open->closed State-Changed-By: mtm State-Changed-When: Wed Feb 11 09:21:05 UTC 2009 State-Changed-Why: Thanks! Fixed in r188478. http://www.freebsd.org/cgi/query-pr.cgi?pr=131458 From owner-freebsd-rc@FreeBSD.ORG Wed Feb 11 11:20:40 2009 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CBE8E1065670; Wed, 11 Feb 2009 11:20:40 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from redbull.bpaserver.net (redbullneu.bpaserver.net [213.198.78.217]) by mx1.freebsd.org (Postfix) with ESMTP id 568FD8FC0A; Wed, 11 Feb 2009 11:20:40 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from outgoing.leidinger.net (pD9E2D329.dip.t-dialin.net [217.226.211.41]) by redbull.bpaserver.net (Postfix) with ESMTP id 422532E0FD; Wed, 11 Feb 2009 12:02:30 +0100 (CET) Received: from webmail.leidinger.net (webmail.leidinger.net [192.168.1.102]) by outgoing.leidinger.net (Postfix) with ESMTP id EE277101720; Wed, 11 Feb 2009 12:02:26 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=Leidinger.net; s=outgoing-alex; t=1234350147; bh=jxLVqlWY4TSXDPobOtsS5FNixycUv3cqo W/mt1nBFfY=; h=Message-ID:Date:From:To:Cc:Subject:References: In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=Vc7sWlCIYcSDD2tbkEGeC3jnCzAXwFbK9mcVQoSrr3Peq8yjFY0K+JwcDNojZlwwb Bx1aXAj3bMbijmSYXqlOtyBvReJpXGdKE+S8ftYdmOg3IVAEiTY1vRisD899iV2c3O2 TbSwWlcIWGjvISU3e+5pQn+KQBOcRocIErI0GTT/7VyzFhPPzCvapVqjeDcxmxXxdTY /xo34wHw7D3Pe/tcEgeDIxg0zGsR2LJHOKVAoWB93W3BrcvyD4shsINOCMXFWRQRo/D em4BqnLRRP8rSupu6HI+rwQhOL7QnoTRaZHkX+RAYlMteHQdsrhdajhYuFKBuAtUQ8U L9LK72Lgg== Received: (from www@localhost) by webmail.leidinger.net (8.14.3/8.13.8/Submit) id n1BB2QfP075160; Wed, 11 Feb 2009 12:02:26 +0100 (CET) (envelope-from Alexander@Leidinger.net) Received: from entertainment.Leidinger.net (entertainment.Leidinger.net [192.168.1.113]) by webmail.leidinger.net (Horde Framework) with HTTP; Wed, 11 Feb 2009 12:02:26 +0100 Message-ID: <20090211120226.75402wimhlvv1fk0@webmail.leidinger.net> X-Priority: 3 (Normal) Date: Wed, 11 Feb 2009 12:02:26 +0100 From: Alexander Leidinger To: d@delphij.net, Xin LI References: <499244E6.9030205@delphij.net> <499246D4.8020908@freebsd.org> <49924B92.6050307@delphij.net> In-Reply-To: <49924B92.6050307@delphij.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Internet Messaging Program (IMP) H3 (4.3) / FreeBSD-8.0 X-BPAnet-MailScanner-Information: Please contact the ISP for more information X-MailScanner-ID: 422532E0FD.302CB X-BPAnet-MailScanner: Found to be clean X-BPAnet-MailScanner-SpamCheck: not spam, ORDB-RBL, SpamAssassin (not cached, score=-14.223, required 6, BAYES_00 -15.00, DKIM_SIGNED 0.00, DKIM_VERIFIED -0.00, J_CHICKENPOX_21 0.60, RDNS_DYNAMIC 0.10, TW_ZJ 0.08) X-BPAnet-MailScanner-From: alexander@leidinger.net X-Spam-Status: No Cc: Lawrence Stewart , FreeBSD Current , freebsd-rc@freebsd.org, d@delphij.net Subject: Re: [RFC] Skeleton jail (rc.d feature proposal) X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Feb 2009 11:20:41 -0000 Quoting Xin LI (from Tue, 10 Feb 2009 19:52:50 -0800): > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Lawrence Stewart wrote: >> Xin LI wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Hi, >>> >>> Ok, some local users has prodded me in committing the "skeleton jail" >> >> [snip] >> >> Can you describe how this differs from the functionality provided by the >> ezjail port? (/usr/ports/sysutils/ezjail/) > > I think they have different targets. Skeleton jail is more lightweight > which is only very few lines of changes to the base system (i.e. the aim > is to provide convenient shortcut for common tasks, not to be a complete > solution); the functionality provided by skeleton jail, on the other > hand, could be useful building blocks to ezjail. Ezjail already has this skeleon feature. It's used for every jail you =20 create with ezjail. You can then upadate this skeleton, and you update =20 the basesystem of all jails at once. Your solution looks a little bit =20 more generic, as you can use a different skeleton for each jail. The =20 make installskel part could be compatible with ezjail, but I'm not =20 sure if the rc.d part could be used easily by ezjail. Ezjail is =20 nullfs-mounting (RO) the skeleton into each jail, and it has symlinks =20 from the normal directory layout to the "/basejail/..." =20 location. It creates the basejail by doing a full install and then =20 removing some parts. Maybe you can have a look at ezjail to see the requirements of it? =20 It's simple to setup, you just need to specify the path to the =20 location where you want all jails to be installed to, and then you can =20 install a jail (it does a buildworld if ou do not tell to skip this =20 part, e.g. becuse you already did one yourself). Bye, Alexander. --=20 God said it, I believe it and that's all there is to it. http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID =3D B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID =3D 72077137 From owner-freebsd-rc@FreeBSD.ORG Thu Feb 12 13:20:42 2009 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 894351065747 for ; Thu, 12 Feb 2009 13:20:42 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id 2F8118FC08 for ; Thu, 12 Feb 2009 13:20:41 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id DFAEC41C70C; Thu, 12 Feb 2009 14:05:06 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id OlWeUiC4ysJ7; Thu, 12 Feb 2009 14:05:06 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id 71C9E41C707; Thu, 12 Feb 2009 14:05:06 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 882934448EC; Thu, 12 Feb 2009 13:02:28 +0000 (UTC) Date: Thu, 12 Feb 2009 13:02:27 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: d@delphij.net In-Reply-To: <499244E6.9030205@delphij.net> Message-ID: <20090212122419.Q53478@maildrop.int.zabbadoz.net> References: <499244E6.9030205@delphij.net> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-jail@freebsd.org, freebsd-rc@FreeBSD.org, FreeBSD Current Subject: Re: [RFC] Skeleton jail (rc.d feature proposal) X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Feb 2009 13:20:43 -0000 On Tue, 10 Feb 2009, Xin LI wrote: Hi, PreS: I added freebsd-jail@ to Cc:. > Ok, some local users has prodded me in committing the "skeleton jail" > feature, I find it useful myself but not sure if it's appropriate to > commit it against -HEAD, so I'd like to explain it, try to present it in > a better way, and request for comments. I have seen lots of "skeleton jail" features the last years working with lots of different parties and I have a private one myself tied into some other stuff which is even more meagre than most. It's 2 files and 7 lines of sh and that's only because I am lazy. I have seen everything from sh scripts to install worlds/distribution for a jail, to the same and then remove stuff, unionfs tries and nullfs mounts. From mergemaster setups populating worlds for jail from private trees to restores from master images. Some were really nice, others were .. improvable. They all helped the people in their environment but few could use what the others had done in their environment. > The rc.d infrastructure would automatically mount the following > directories from the template (when not specified, /) as read-only: > > bin > lib > libexec > sbin > usr/bin > usr/include > usr/lib > usr/libdata > usr/libexec > usr/sbin > usr/share I do not have the following two on most/any of my machines: > usr/src > usr/obj The correct way to do this I think would leave rc.d/jail untouched and (pre-)populate an /etc/fstab. and use that. Considering that my last commit messages already said that Simon and I have big worries about all the features in /etc/rc.d/jail and would rather remove than than keep them and that this is basically two things: 1) pre-seed a jail hierachy and etc from a source tree 2) mount some nullfs into the jail on start, unmount on stop (I hope I didn't miss anything else) I am wondering if this large patch cannot be reduced to a few line sh script to seed the jail + fstab, not needing to fiddle with base for that. 1 #/bin/sh 2 # $1 is DESTDIR of the jail 3 # $2 is the jail name as in rc.conf 4 # $3 is the skel root to mount from 5 # other arguments are rw nullfs mounts 6 cd /usr/src 7 make hierachy DESTDIR=$1 8 make distribution DESTDIR=$1 9 for d in bin lib libexec ..; do 10 echo "$3/${d} $1/$3 nullfs ro 0 0" >> /etc/fstab.$2 11 done 12 shift; shift; shift 13 for d in bin lib libexec ..; do 14 echo "$3/${d} $1/$3 nullfs rw 0 0" >> /etc/fstab.$2 15 done 16 echo "Add jail_$2_mount_enable='YES' to /etc/rc.conf" This is untested and doesn't have error checking etc. I would even put it in a Makefile instead of doing it in sh. A lot more flexible than anything in base will ever be. Just my 5ct. /bz -- Bjoern A. Zeeb The greatest risk is not taking one. From owner-freebsd-rc@FreeBSD.ORG Sat Feb 14 22:40:04 2009 Return-Path: Delivered-To: freebsd-rc@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D0FA1106567F for ; Sat, 14 Feb 2009 22:40:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id A391B8FC21 for ; Sat, 14 Feb 2009 22:40:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n1EMe4nI025652 for ; Sat, 14 Feb 2009 22:40:04 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n1EMe4vc025651; Sat, 14 Feb 2009 22:40:04 GMT (envelope-from gnats) Date: Sat, 14 Feb 2009 22:40:04 GMT Message-Id: <200902142240.n1EMe4vc025651@freefall.freebsd.org> To: freebsd-rc@FreeBSD.org From: Dominic Fandrey Cc: Subject: Re: conf/130414: [patch] rc services started with onestart are not stopped upon shutdown X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Dominic Fandrey List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Feb 2009 22:40:06 -0000 The following reply was made to PR conf/130414; it has been noted by GNATS. From: Dominic Fandrey To: bug-followup@FreeBSD.org, kamikaze@bsdforen.de Cc: Subject: Re: conf/130414: [patch] rc services started with onestart are not stopped upon shutdown Date: Sat, 14 Feb 2009 23:34:38 +0100 I've been using that for a month, now and it solves more problems for me than I actually had in mind without causing any problems. I really want to see this committed. Is there any reason not to do so?