From owner-freebsd-jail@freebsd.org Mon Feb 8 22:57:42 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 30788AA2A8F for ; Mon, 8 Feb 2016 22:57:42 +0000 (UTC) (envelope-from jamie@gritton.org) Received: from gritton.org (gritton.org [162.220.209.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "www.gritton.org", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id EEB3B178F for ; Mon, 8 Feb 2016 22:57:41 +0000 (UTC) (envelope-from jamie@gritton.org) Received: from gritton.org (gritton.org [162.220.209.3]) by gritton.org (8.15.2/8.15.2) with ESMTPS id u18MvTAR036199 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 8 Feb 2016 15:57:29 -0700 (MST) (envelope-from jamie@gritton.org) Received: (from www@localhost) by gritton.org (8.15.2/8.15.2/Submit) id u18MvSTw036198; Mon, 8 Feb 2016 15:57:28 -0700 (MST) (envelope-from jamie@gritton.org) X-Authentication-Warning: gritton.org: www set sender to jamie@gritton.org using -f To: freebsd-jail@freebsd.org Subject: Re: exec_poststart X-PHP-Originating-Script: 0:rcube.php MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Mon, 08 Feb 2016 15:57:28 -0700 From: James Gritton Cc: markham breitbach In-Reply-To: <56B529AF.90901@ssimicro.com> References: <56B529AF.90901@ssimicro.com> Message-ID: <484049c61c523206507e2b06e6a0c948@gritton.org> X-Sender: jamie@gritton.org User-Agent: Roundcube Webmail/1.1.2 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Feb 2016 22:57:42 -0000 On 2016-02-05 16:01, markham breitbach wrote: > I am trying to figure out how to get a script to figure out the > hostname > of the jail that is starting without having to manual set that as a > command line parameter (as illustrated). It seems that the script is > getting executed in a clean environment, regardless of the exec.clean > setting. Is this a bug? The man pages aren't particularly clear on > the > expected behaviour of this. I am running FreeBSD 10.2. > > I would like to be able to set exec.poststart as a global default so it > doesn't need to be defined per jail. > > Thanks, > -Markham > > ####################JAIL.CONF######################### > exec.clean = 0 ; > > # HOW TO PASS THE JAILNAME TO THIS SCRIPT? > exec.poststart += "/path/to/script.sh"; > > # My test jail > testjail_example_com { > # THIS WORKS > exec.poststart += "/path/to/script.sh testjail.example.com"; > exec.clean = 0 ; > host.hostname = "testjail.example.com"; > path = "/usr/jails/testjail.example.com"; > ip4.addr += "net0|192.0.2.1/24"; > exec.system_user = "root"; > exec.jail_user = "root"; > exec.start += "/bin/sh /etc/rc"; > exec.stop = ""; > exec.consolelog = "/var/log/jail_testjail_example_com_console.log"; > mount.fstab = "/etc/testjail_example_com"; > mount.devfs; > devfs_ruleset = "5"; > mount.fdescfs; > mount.procfs; > allow.mount; > allow.set_hostname = 0; > allow.sysvipc = 0; > allow.raw_sockets=1; > } You can reference jail parameters within other parameters, much like you'd use shell variables. In the global part of the definition, you can set: exec.poststart = "/path/to/script.sh ${host.hostname}" Then you won't need to define a separate exec.poststart within each jail. Note you can also do this with the path parameter, since your path is based on the hostname. And exec.consolelog and mount.fstab are based on the jail name, so you can similarly globally set something like mount.fstab = "/etc/$name". exec.clean=0 should indeed avoid scrubbing the environment, but note that if your jail starts by running /etc/rc, the top of rc will reset at least the path on its own, probably other stuff as well. - Jamie From owner-freebsd-jail@freebsd.org Tue Feb 9 21:41:52 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C4C37AA3C23 for ; Tue, 9 Feb 2016 21:41:52 +0000 (UTC) (envelope-from marquis@roble.com) Received: from mx5.roble.com (mx5.roble.com [206.40.34.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx5.roble.com", Issuer "mx5.roble.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id BB7D2EFE for ; Tue, 9 Feb 2016 21:41:51 +0000 (UTC) (envelope-from marquis@roble.com) Received: from alba.roble.net (mx5.roble.com [206.40.34.5]) by mx5.roble.com (Postfix) with ESMTP id 349426786B for ; Tue, 9 Feb 2016 13:41:45 -0800 (PST) In-Reply-To: References: Date: Tue, 9 Feb 2016 13:41:45 -0800 Subject: Re: exec_poststart From: "Roger Marquis" To: freebsd-jail@freebsd.org Reply-To: marquis@roble.com MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Feb 2016 21:41:52 -0000 James Gritton wrote: > You can reference jail parameters within other parameters, much like > you'd use shell variables. In the global part of the definition, you > can set: > exec.poststart = "/path/to/script.sh ${host.hostname}" This is perhaps a tangent but I'm wondering if this syntax could be clarified so 'exec' isn't used to mean 'jexec'? Would also simplify things if subsequent j/exec's didn't require the use of '+=' instead of '='. Ideally both should be deprecated in favor of a sysrc-compatible ':'. Would also be nice if non-0 exit codes didn't abort the entire sequence (without hacking in a subshell;exit 0) and if the man page mentioned some of this. Regarding the man page, there's a URL under AUTHORS that doesn't lead where you might expect... Makes a good case for a policy forbidding non-freebsd.org URLs in man pages. Just MO, Roger Marquis From owner-freebsd-jail@freebsd.org Wed Feb 10 14:37:58 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 94412AA36C1 for ; Wed, 10 Feb 2016 14:37:58 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org (gritton.org [162.220.209.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "www.gritton.org", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 69ACC7B5 for ; Wed, 10 Feb 2016 14:37:57 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org (gritton.org [162.220.209.3]) by gritton.org (8.15.2/8.15.2) with ESMTPS id u1AEbpEw061471 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 10 Feb 2016 07:37:51 -0700 (MST) (envelope-from jamie@freebsd.org) Received: (from www@localhost) by gritton.org (8.15.2/8.15.2/Submit) id u1AEbow8061470; Wed, 10 Feb 2016 07:37:50 -0700 (MST) (envelope-from jamie@freebsd.org) X-Authentication-Warning: gritton.org: www set sender to jamie@freebsd.org using -f To: freebsd-jail@freebsd.org Subject: Re: exec_poststart X-PHP-Originating-Script: 0:rcube.php MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Wed, 10 Feb 2016 07:37:50 -0700 From: James Gritton Cc: marquis@roble.com In-Reply-To: <56ba5d24.8b00620a.e1560.fffff48cSMTPIN_ADDED_MISSING@mx.google.com> References: <56ba5d24.8b00620a.e1560.fffff48cSMTPIN_ADDED_MISSING@mx.google.com> Message-ID: X-Sender: jamie@freebsd.org User-Agent: Roundcube Webmail/1.1.2 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Feb 2016 14:37:58 -0000 On 2016-02-09 14:41, Roger Marquis wrote: > James Gritton wrote: >> You can reference jail parameters within other parameters, much like >> you'd use shell variables. In the global part of the definition, you >> can set: >> exec.poststart = "/path/to/script.sh ${host.hostname}" > > This is perhaps a tangent but I'm wondering if this syntax could be > clarified > so 'exec' isn't used to mean 'jexec'? Would also simplify things if > subsequent > j/exec's didn't require the use of '+=' instead of '='. Ideally both > should be > deprecated in favor of a sysrc-compatible ':'. I'm not sure what you mean by exec meaning jexec - yes, jexec(8) is a program that runs things inside a jail, and the exec.* paramaters run programs (usually) inside the jail. But it doesn't actually run jexec, and "exec" is the more natural word to describe something that is executed. Besides, this is based on the old shell-based rc name that have always been "exec_*". Speaking of the old ways, being sysrc-compatible wasn't really the goal. When creating a config file, I found C-style and DOS-style were both pretty common; I went with C. I'm not sure what you mean by ':' being sysrc-compatible though - I have no idea what part a colon has ever played in the old-style jail specification. But '=' and '+=' are not going to be deprecated. If you don't want the '=', you can always do without: other programs with C-style configs don't use '=' but just have names and values with whitespace between them, and you can do the same in jail.conf. There's a good reason why it's '+=' instead of just '='. You need to keep '=' available to totally replace a parameter, so you can specify a default value in the global section and allow some jails to substitute their own value. Or, in some cases (e.g. ip addresses, exec) a parameter may have a list of values and you need a way to build that list. The old *_0, *_1, etc worked for shell, but was always an inelegance tied to shell's limitations. > Would also be nice if non-0 exit codes didn't abort the entire sequence > (without > hacking in a subshell;exit 0) and if the man page mentioned some of > this. It has always been this way, so changing it would cause more problems than they would solve. And I don't think they would solve any anyway - it's always a good idea to pay attention to error returns, at least by default. It is in fact explicitly mentioned in the jail(8) man page, in the heading paragraph above the various exec.* parameters, that the commands must return a zero exit status or the jail will not be created. > Regarding the man page, there's a URL under AUTHORS that doesn't lead > where you > might expect... Makes a good case for a policy forbidding > non-freebsd.org URLs > in man pages. That definitely doesn't go where I expected (though after your warning, I was thinking it might end up on a porn site). I'll scrub the URL from the documentation. - Jamie From owner-freebsd-jail@freebsd.org Wed Feb 10 16:14:32 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 30CB6AA4546 for ; Wed, 10 Feb 2016 16:14:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 21FDF1C9A for ; Wed, 10 Feb 2016 16:14:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u1AGEVN2071677 for ; Wed, 10 Feb 2016 16:14:32 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 196152] jail_list is not reversed when stopping jails Date: Wed, 10 Feb 2016 16:14:31 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: conf X-Bugzilla-Version: 10.1-RELEASE X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Feb 2016 16:14:32 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D196152 --- Comment #9 from commit-hook@freebsd.org --- A commit references this bug: Author: feld Date: Wed Feb 10 16:13:59 UTC 2016 New revision: 295471 URL: https://svnweb.freebsd.org/changeset/base/295471 Log: Add new rc.conf parameter "jail_reverse_stop" When a user defines "jail_list" in rc.conf the jails are started in the order defined. Currently the jails are not are stopped in reverse order which may break dependencies between jails/services and prevent a clean shutdown. The new parameter "jail_reverse_stop" will shutdown jails in "jail_list" in reverse order when set to "YES". Please note that this does not affect manual invocation of the jail rc script. If a user runs the command # service jail stop jail1 jail2 jail3 the jails will be stopped in exactly the order specified regardless of jail_reverse_stop being defined in rc.conf. PR: 196152 Approved by: jamie MFC after: 1 week Relnotes: yes Differential Revision: https://reviews.freebsd.org/D5233 Changes: head/etc/defaults/rc.conf head/etc/rc.d/jail --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-jail@freebsd.org Wed Feb 10 16:37:51 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C12E6AA4DBA for ; Wed, 10 Feb 2016 16:37:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B1FDDD66 for ; Wed, 10 Feb 2016 16:37:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u1AGbpUS018868 for ; Wed, 10 Feb 2016 16:37:51 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 196152] jail_list is not reversed when stopping jails Date: Wed, 10 Feb 2016 16:37:51 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: conf X-Bugzilla-Version: 10.1-RELEASE X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: feld@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: feld@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Feb 2016 16:37:51 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D196152 Mark Felder changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-jail@FreeBSD.org |feld@FreeBSD.org --- Comment #10 from Mark Felder --- taking this and keeping it open until I get the documentation for jail_list= and jail_reverse_stop in rc.conf.5 https://reviews.freebsd.org/D5243 --=20 You are receiving this mail because: You are the assignee for the bug.=