Date: Fri, 22 Apr 2005 13:13:23 +0200 (CEST) From: Frank Behrens <frank@pinky.sax.de> To: FreeBSD-gnats-submit@FreeBSD.org Subject: conf/80244: [PATCH] rc.conf + rc.d/jail should enable input of jail(8) flags Message-ID: <200504221113.j3MBDNdf094974@moon.behrens> Resent-Message-ID: <200504221120.j3MBK764098431@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 80244 >Category: conf >Synopsis: [PATCH] rc.conf + rc.d/jail should enable input of jail(8) flags >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Apr 22 11:20:07 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Frank Behrens >Release: FreeBSD 5.4-STABLE i386 >Organization: >Environment: System: FreeBSD moon.behrens 5.4-STABLE FreeBSD 5.4-STABLE #2: Tue Apr 12 10:41:41 CEST 2005 root@moon.behrens:/data2/sys/obj/usr/src/sys/FRANK01 i386 >Description: There is no possibility to start a jail via rc.conf(5) with a different user. In /etc/rc.d/jail the flags for jail(8) are hardcoded as "-l -U root". Both files should be changed to enable flexible jail(8) flags. >How-To-Repeat: >Fix: This patch implements flexible jail(8) flags in rc.conf(5). --- jailrc_d.patch begins here --- --- /usr/src/etc/rc.d/jail Tue Dec 28 11:43:33 2004 +++ /etc/rc.d/jail Wed Apr 20 18:43:31 2005 @@ -36,6 +36,7 @@ eval jail_exec=\"\$jail_${_j}_exec\" eval jail_exec_start=\"\$jail_${_j}_exec_start\" eval jail_exec_stop=\"\$jail_${_j}_exec_stop\" + eval jail_flags=\"\$jail_${_j}_flags\" if [ -n "${jail_exec}" ]; then # simple/backward-compatible execution jail_exec_start="${jail_exec}" @@ -81,6 +82,7 @@ debug "$_j fstab: $jail_fstab" debug "$_j exec start: $jail_exec_start" debug "$_j exec stop: $jail_exec_stop" + debug "$_j flags: $jail_flags" } # set_sysctl rc_knob mib msg @@ -193,7 +195,7 @@ fi fi _tmp_jail=${_tmp_dir}/jail.$$ - eval jail -l -U root -i ${jail_rootdir} ${jail_hostname} \ + eval jail ${jail_flags} -i ${jail_rootdir} ${jail_hostname} \ ${jail_ip} ${jail_exec_start} > ${_tmp_jail} 2>&1 [ "$?" -eq 0 ] && echo -n " $jail_hostname" _jail_id=$(head -1 ${_tmp_jail}) --- etc/defaults/rc.conf.orig Thu Mar 31 13:28:52 2005 +++ etc/defaults/rc.conf Fri Apr 22 12:53:20 2005 @@ -496,6 +496,7 @@ #jail_example_ip="192.168.0.10" # Jail's IP number #jail_example_exec_start="/bin/sh /etc/rc" # command to execute in jail for starting #jail_example_exec_stop="/bin/sh /etc/rc.shutdown" # command to execute in jail for stopping +#jail_example_flags="-l -U root" # additional flags for jail(8) #jail_example_devfs_enable="NO" # mount devfs in the jail #jail_example_fdescfs_enable="NO" # mount fdescfs in the jail #jail_example_procfs_enable="NO" # mount procfs in jail --- jailrc_d.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200504221113.j3MBDNdf094974>