Date: Thu, 21 Jan 2010 18:00:23 GMT From: David BERARD <david@nfrance.com> To: freebsd-jail@FreeBSD.org Subject: Re: conf/142972: [jail] [patch] Support JAILv2 and vnet in rc.d/jail Message-ID: <201001211800.o0LI0NQv048837@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR conf/142972; it has been noted by GNATS.
From: David BERARD <david@nfrance.com>
To: bug-followup@FreeBSD.org
Cc: Philipp Wuensche <cryx-freebsd@h3q.com>
Subject: Re: conf/142972: [jail] [patch] Support JAILv2 and vnet in rc.d/jail
Date: Thu, 21 Jan 2010 18:55:10 +0100
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig5C8C54383CDA0037FC28999C
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
> I did some testing with vnet and I find the way of using _poststart and=
> _afterstart to configure ip-addr. inside a vimage jail very impractical=
=2E
> First we loose all the nice features of configuring ipaddrs. via
> ipv4_addrs_if in rc.conf from inside the jail and second, more
> important, the jail will be fully bootet before any ipaddr. is
> configured or even interfaces are configured. This will result in
> services not starting correctly, firewalling going nuts, routing-daemon=
s
> not working etc.pp.
>=20
I had to patch rc to support this, and use this in rc.conf
jail_example_exec_earlypoststart0=3D"ifconfig epair0b vnet example"
jail_example_exec_afterstart0=3D"ifconfig epair0b x.x.x.x"
--- jailv2rc_earlypoststart.patch begins here ---
--- /usr/src/etc/rc.d/jail 2009-10-25 02:10:29.000000000 +0100
+++ /etc/rc.d/jail 2010-01-20 10:40:57.000000000 +0100
@@ -38,6 +38,7 @@
_fdescdir=3D"${_devdir}/fd"
_procdir=3D"${_rootdir}/proc"
eval _hostname=3D\"\$jail_${_j}_hostname\"
+ eval _name=3D\"\$jail_${_j}_name\"
eval _ip=3D\"\$jail_${_j}_ip\"
eval _interface=3D\"\${jail_${_j}_interface:-${jail_interface}}\"=
eval _exec=3D\"\$jail_${_j}_exec\"
@@ -51,12 +52,19 @@
eval _exec_start=3D\"\${jail_${_j}_exec_start:-${jail_exec_start}=
}\"
- i=3D1
+ i=3D0
while : ; do
eval _exec_afterstart${i}=3D\"\${jail_${_j}_exec_aftersta=
rt${i}:-\${jail_exec_afterstart${i}}}\"
[ -z "$(eval echo \"\$_exec_afterstart${i}\")" ] && brea=
k
i=3D$((i + 1))
done
+
+ i=3D0
+ while : ; do
+ eval _exec_earlypoststart${i}=3D\"\${jail_${_j}_exec_earl=
ypoststart${i}:-\${jail_exec_earlypoststart${i}}}\"
+ [ -z "$(eval echo \"\$_exec_poststart${i}\")" ] && break
+ i=3D$((i + 1))
+ done
i=3D0
while : ; do
@@ -95,6 +103,9 @@
fi
fi
+ # JAIL new style
+ eval _v2=3D\"\${jail_v2_enable:-"NO"}\"
+
# The default jail ruleset will be used by rc.subr if none is spe=
cified.
eval _ruleset=3D\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_rules=
et}}\"
eval _devfs=3D\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}=
\"
@@ -110,18 +121,26 @@
eval _fstab=3D\"\${jail_${_j}_fstab:-${jail_fstab}}\"
[ -z "${_fstab}" ] && _fstab=3D"/etc/fstab.${_j}"
eval _flags=3D\"\${jail_${_j}_flags:-${jail_flags}}\"
- [ -z "${_flags}" ] && _flags=3D"-l -U root"
+ if checkyesno _v2; then
+ [ -z "${_flags}" ] && _flags=3D"-l -U root -c"
+ else
+ [ -z "${_flags}" ] && _flags=3D"-l -U root"
+ fi
eval _consolelog=3D\"\${jail_${_j}_consolelog:-${jail_consolelog}=
}\"
[ -z "${_consolelog}" ] && _consolelog=3D"/var/log/jail_${_j}_con=
sole.log"
eval _fib=3D\"\${jail_${_j}_fib:-${jail_fib}}\"
+ eval _vnet=3D\"\${jail_${_j}_vnet_enable:-"NO"}\"
# Debugging aid
#
+ debug "$_j v2 enable: $_v2"
debug "$_j devfs enable: $_devfs"
debug "$_j fdescfs enable: $_fdescfs"
debug "$_j procfs enable: $_procfs"
debug "$_j mount enable: $_mount"
+ debug "$_j vnet enable: $_vnet"
debug "$_j hostname: $_hostname"
+ debug "$_j name: $_name"
debug "$_j ip: $_ip"
jail_show_addresses ${_j}
debug "$_j interface: $_interface"
@@ -145,7 +164,7 @@
debug "$_j exec start: $_exec_start"
- i=3D1
+ i=3D0
while : ; do
eval out=3D\"\${_exec_afterstart${i}:-''}\"
@@ -481,6 +500,20 @@
*) ;;
esac
+
+ # Append address to list of addresses for the jail comman=
d.
+ case "${_type}" in
+ "inet") case "${_addrlv4}" in
+ "") _addrlv4=3D"${_addr}" ;;
+ *) _addrlv4=3D"${_addrlv4},${_addr}" ;;
+ esac;;
+ "inet6") case "${_addrlv6}" in
+ "") _addrlv6=3D"${_addr}" ;;
+ *) _addrlv6=3D"${_addrlv6},${_addr}" ;;
+ esac;;
+ esac
+
+
# Append address to list of addresses for the jail comman=
d.
case "${_addrl}" in
"") _addrl=3D"${_addr}" ;;
@@ -567,6 +600,8 @@
continue;
fi
_addrl=3D""
+ _addrlv4=3D""
+ _addrlv6=3D""
jail_ips "add"
if [ -n "${_fib}" ]; then
_setfib=3D"setfib -F '${_fib}'"
@@ -634,13 +669,36 @@
${out}
i=3D$((i + 1))
done
-
- eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname=
} \
- \"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1
-
+ if checkyesno _v2; then
+ _start_cmd=3D"${_setfib} jail -J ${_tmp_jail} ${_=
flags} path=3D${_rootdir} host.hostname=3D${_hostname} \
+ name=3D\"${_name}\""
+ if checkyesno _vnet; then
+ _start_cmd=3D"${_start_cmd} vnet"
+ else
+ _start_cmd=3D"${_start_cmd} ip4.addr=3D\"=
${_addrlv4}\" ip6.addr=3D\"${_addrlv6}\""
+ fi
+ _start_cmd=3D"${_start_cmd} command=3D${_exec_st=
art}"
+ eval ${_start_cmd} > /dev/null 2>&1
+ else
+ eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_=
hostname} \
+ \"${_addrl}\" ${_exec_start} > ${_tmp_jai=
l} 2>&1
+ fi
if [ "$?" -eq 0 ] ; then
- _jail_id=3D$(head -1 ${_tmp_jail})
- i=3D1
+ if checkyesno _v2; then
+ _jail_id=3D$(awk -F '=3D| ' '{print $2}' =
${_tmp_jail})
+ else
+ _jail_id=3D$(head -1 ${_tmp_jail})
+ fi
+
+ i=3D0
+ while : ; do
+ eval out=3D\"\${_exec_earlypoststart${i}:=
-''}\"
+ [ -z "$out" ] && break
+ ${out}
+ i=3D$((i + 1))
+ done
+
+ i=3D0
while : ; do
eval out=3D\"\${_exec_afterstart${i}:-''}=
\"
--- jailv2rc_earlypoststart.patch ends here ---
--=20
David BERARD
---------------------------------------
NFrance Conseil
david(at)nfrance.com
GPG|PGP KeyId 0x7FC68EB8
GPG|PGP Key http://tinyurl.com/gpgdavid
---------------------------------------
* No electrons were harmed in *
* the transmission of this email *
--------------enig5C8C54383CDA0037FC28999C
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAktYlP4ACgkQYIAREn/GjriIIgCfdy6Zj9reUcNRypeqlV9Iy/20
D7UAoIHOBP+qlHy6R5rBLPBC5c72xGjH
=6y/A
-----END PGP SIGNATURE-----
--------------enig5C8C54383CDA0037FC28999C--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201001211800.o0LI0NQv048837>