Date: Thu, 13 Sep 2018 21:11:40 +0200 From: "Kristof Provost" <kp@FreeBSD.org> To: "Michael W. Lucas" <mwlucas@michaelwlucas.com> Cc: freebsd-jail@freebsd.org Subject: Re: does anyone use these any more? Message-ID: <B9B9D3DC-5BC6-48B3-B6EB-6F84013FF73F@FreeBSD.org> In-Reply-To: <20180913131108.GA899@mail.michaelwlucas.com> References: <20180913131108.GA899@mail.michaelwlucas.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 13 Sep 2018, at 15:11, Michael W. Lucas wrote: > Context: I'm writing a book on jails on FreeBSD. > > There's a few options that I can't figure out why anyone would use > them. Does anyone use any of these any more, or are they leftovers > from the primordial jail era? > > If you do use any of these on FreeBSD 11+, would you mind saying why > and how? > > allow.dying - it's not dying very long, why make changes? > persist - why keep it around? > The pf tests (/usr/src/tests/sys/netpfil/pf) use persisted vnet jails to test pf. They set up jails with varying configurations and throw traffic at them. There’s no need for any process to be running in the jail. The relevant part is the network configuration. Regards, Kristof From owner-freebsd-jail@freebsd.org Fri Sep 14 08:45:23 2018 Return-Path: <owner-freebsd-jail@freebsd.org> Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 78F6A10A7FD5 for <freebsd-jail@mailman.ysv.freebsd.org>; Fri, 14 Sep 2018 08:45:23 +0000 (UTC) (envelope-from Alexander@leidinger.net) Received: from mailgate.Leidinger.net (bastille.leidinger.net [89.238.82.207]) (using TLSv1.2 with cipher DHE-RSA-CAMELLIA128-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0BDDD79AB9 for <freebsd-jail@freebsd.org>; Fri, 14 Sep 2018 08:45:22 +0000 (UTC) (envelope-from Alexander@leidinger.net) Date: Fri, 14 Sep 2018 10:44:52 +0200 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=leidinger.net; s=outgoing-alex; t=1536914715; bh=urnwRNZxU96BHzylgMxMBCrZHGv4b9swQ5fnw+192/M=; h=Date:From:To:Cc:Subject:In-Reply-To; b=2eA5GC7UX9kS7tZ3icGpivg2DbJHZhDCxcHcRRn9xSoPEYXj65i+af1IftH80y/6p dmUnncRg9qAwAmbQHRzNqE7EtMGcPmLTC0GTtvtF2NCB0eIjWM3EryrgQmQ1qGA39C yoOTO0+xoUrYtj54DNh9Y0tcIc0gTFqslv3DW2oPaOZpufB4jEM4OVXhe7En9k/kaP CN7GIEbDqePFWZYJZyFF86Pg3DgSUEiXe/+L7LFTVyELGY9Q38BCubE/qm5eFfRvZ2 r/Fzvn6zyp2ZWQVL5MWnlkg4oOXCeI4Hu4qq/PpXsyT497uWCwtNsIAR7Hyhxoi0OG sohBz69QaeTeA== Message-ID: <20180914104452.Horde.LO19bmX4iYFEelx2yJSI8fw@webmail.leidinger.net> From: Alexander Leidinger <Alexander@leidinger.net> To: Oleg Ginzburg <olevole@olevole.ru> Cc: "Michael W. Lucas" <mwlucas@michaelwlucas.com>, freebsd-jail@freebsd.org Subject: Re: does anyone use these any more? In-Reply-To: <CAMsb+mZc7GEnmSNh2yhAf7AtPzknZXo0LM2muaP7K-ABdsWViA@mail.gmail.com> User-Agent: Horde Application Framework 5 Accept-Language: de,en Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes MIME-Version: 1.0 Content-Disposition: inline X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>, <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/> List-Post: <mailto:freebsd-jail@freebsd.org> List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>, <mailto:freebsd-jail-request@freebsd.org?subject=subscribe> X-List-Received-Date: Fri, 14 Sep 2018 08:45:23 -0000 Quoting Oleg Ginzburg <olevole@olevole.ru> (from Thu, 13 Sep 2018 18:45:51 +0300): > With persist mode, CBSD created jail in follow scenario: > > 1) jail -c (create jail) in persist mode ( with empty exec.start script ) > 2) exec inside jail something (zfs attach, /sbin/ifconfig ... ), what > you need to do before launching /etc/rc -> /etc/rc.d/* > 3) execute normal /etc/rc sequence > > in this way, /etc/rc.d/zfs can mount ZFS on 'start' stage without > execution from CBSD wrapper 'late' commands after jail start, e.g ( > jexec X /sbin/zfs mount + restart all services )) > > Perhaps because of a misunderstanding of this option, exec.created > hook was created in FreeBSD 12-HEAD ;-): You could also call exec.created to be a much cleaner solution to this problem which also allows to do something like this with the base system only without the need for replacements for the jail rc scripts (additionally it makes it more easy for 3rd party jail management tools). > https://lists.freebsd.org/pipermail/freebsd-jail/2018-August/003616.html Note, the MFC to 11 of this is on my TODO list. Bye, Alexander. -- http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B9B9D3DC-5BC6-48B3-B6EB-6F84013FF73F>