From owner-freebsd-questions@FreeBSD.ORG Sat Jun 18 18:28:38 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 29F721065673 for ; Sat, 18 Jun 2011 18:28:38 +0000 (UTC) (envelope-from lars@oddbit.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id EF1C58FC1E for ; Sat, 18 Jun 2011 18:28:37 +0000 (UTC) Received: by iyj12 with SMTP id 12so3997128iyj.13 for ; Sat, 18 Jun 2011 11:28:37 -0700 (PDT) Received: by 10.42.1.12 with SMTP id 12mr3705019ice.366.1308419990051; Sat, 18 Jun 2011 10:59:50 -0700 (PDT) Received: from mail-iw0-f182.google.com (mail-iw0-f182.google.com [209.85.214.182]) by mx.google.com with ESMTPS id hw7sm3832318icc.3.2011.06.18.10.59.37 (version=SSLv3 cipher=OTHER); Sat, 18 Jun 2011 10:59:37 -0700 (PDT) Received: by iwr19 with SMTP id 19so2766529iwr.13 for ; Sat, 18 Jun 2011 10:59:36 -0700 (PDT) MIME-Version: 1.0 Received: by 10.231.10.138 with SMTP id p10mr3335600ibp.84.1308419976773; Sat, 18 Jun 2011 10:59:36 -0700 (PDT) Received: by 10.231.39.137 with HTTP; Sat, 18 Jun 2011 10:59:36 -0700 (PDT) Date: Sat, 18 Jun 2011 13:59:36 -0400 Message-ID: From: Lars Kellogg-Stedman To: freebsd-questions Content-Type: text/plain; charset=UTF-8 Subject: /etc/rc.d/jail using new-style jail command? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Jun 2011 18:28:38 -0000 Hello all, I'm curious if there's been any work done to make /etc/rc.d/jail use the new-style jail command (jail -c path=... name=..., etc)...or if there's been any work done to create a replacement? There are three features I would love to see in the stock version that I've had to implement myself: - The ability to reference jails by name. Passing the name= argument means that jails can be referenced by name when using, e.g., the jexec command, which is very convenient since jail ids aren't (normally) persistent. - The ability to create jails without starting them. The "persist" argument to the jail command is useful when attaching ZFS datasets to a jail. A ZFS dataset can't be attached until a JID has been allocated, but if with the existing implementation the jail will probably have booted by the time you complete the ZFS assignment, which impacts services that may need access to the jail. There are workarounds (such as a busy-wait loop that checks for the filesystem), but creating the jail with no processes, attaching the datasets, and then starting the jail is much cleaner. - Somewhat more flexibility in setting up jail permissions (via the enforce_statfs and allow.* arguments). Before I spend too much time making my own local changes, I was wondering if there was anything I should be looking at. I've been using ezjail recently, but since it relies on the stock /etc/rc.d/jail to actually boot and configure jails it suffers from the same limitations. Thanks, -- Lars