src-test/etc/rc.d/jail, branch release/7.2.0 FreeBSD source tree https://cgit-dev.freebsd.org/src-test/atom?h=release%2F7.2.0 2009-02-07T14:04:35Z MFC: r187708 2009-02-07T14:04:35Z Bjoern A. Zeeb bz@FreeBSD.org 2009-02-07T14:04:35Z urn:sha1:29941b15d70ce776fb6995a509684d4b86cdf0e9 Update jail startup script for multi-IPv4/v6/no-IP jails. Note: this is only really necessary because of the ifconfig logic to add/remove the jail IPs upon start/stop. Consensus among simon and I is that the logic should really be factored out from the startup script and put into a proper management solution. - We now support starting of no-IP jails. - Implement jail_<jname>_ip options to support both address familes with regard to ifconfig logic. - Implement _multi<n> support suffix to the jail_<jname>_ip option to configure additional addresses to avoid overlong, unreadbale jail_<jname>_ip lines with lots of addresses. MFC: r183100 2009-01-07T15:31:46Z Bjoern A. Zeeb bz@FreeBSD.org 2009-01-07T15:31:46Z urn:sha1:7848e60158d04f4ce8a4b96be3df1dfa8a0d6e53 Allow a jail to be started with a specific route fib. MFC functional changes to etc: 2008-01-29T00:18:08Z Doug Barton dougb@FreeBSD.org 2008-01-29T00:18:08Z urn:sha1:95aa7b101414f082f8a638d1c8100331dd4a9978 1. yar's "dry run" patch to Makefile 2. Add zfs to the list of filesystems to check in periodic/security/100.chksetuid 3. GC the nfslocking script, which has been superseded by lockd and statd 4. Add security warning to rc.d/jail 5. Add stop_cmd=':' to those rc.d scripts that do not start services, but did not already have a stop_cmd. Fix indentation. 2007-05-24T06:01:06Z Ralf S. Engelschall rse@FreeBSD.org 2007-05-24T06:01:06Z urn:sha1:f31380b23335e90bf201e8db9e88f9617db2e8e5 Fix jail rc.d script privilege escalation via symlink attack against 2007-01-11T18:18:57Z Simon L. B. Nielsen simon@FreeBSD.org 2007-01-11T18:18:57Z urn:sha1:26d67ea70f1bf968cf4535daf5be972064a8bc68 /var/log/console.log and mount points. Security: FreeBSD-SA-07:01.jail Jail_ip and jail_interface local variables were renamed to _ip and _interface 2007-01-02T11:07:13Z Florent Thoumie flz@FreeBSD.org 2007-01-02T11:07:13Z urn:sha1:eacc7cde7df896f1f9f673c130dd9404cfe19f91 in a previous commit to avoid namespace collisions, unfortunately I missed two of them. This leads to the ip alias being incorrectly removed in some cases when using the stop command. Reported by: Philipp Wuensche <cryx-freebsd@h3q.com> Add jail_<jname>_exec_afterstart<N> rc.conf variable, where <N> is 2006-05-30T16:20:48Z Matteo Riondato matteo@FreeBSD.org 2006-05-30T16:20:48Z urn:sha1:ce5c66f0b28dfacbf31ec3a56f9e16020ff391c3 1,2 and so on. It specifies the command to be run as Nth after jail startup. sh(1)-fu by: Dario Freni PR: conf/97697 MFC after: 2 weeks Reviewed by: ru@ (man page) style(9) 2006-05-30T16:07:59Z Matteo Riondato matteo@FreeBSD.org 2006-05-30T16:07:59Z urn:sha1:200ea5481224108d05ab49948ecce8beb3aba0bb - Change the "jail_" prefix for internal script variables. This fixes an 2006-05-11T14:23:43Z Florent Thoumie flz@FreeBSD.org 2006-05-11T14:23:43Z urn:sha1:b246e9314d7c6a2f57e343096f8068bf2eabf0c9 issue where some global jail_* variables were overriden in the script. [1] - Change "jid" to "jname" in rc.conf(5), since it's more a jail name than a jail id. [1] - Update examples and comments in defaults/rc.conf to advertise new variables and the fact that some of the jail-specific variables may be made jail-global. [2] Reported by: pjd [1], clsung [2] Approved by: cperciva X-MFC after: i got sufficient testing from people using rc.d/jail if we fail to start a jail and jail_foobar_*fs_enable or jail_foobar_mount_enable were set, umount those filesystem before exiting. If we set up an alias for jail's IP, remove that alias before exiting. 2006-05-11T13:29:01Z Matteo Riondato matteo@FreeBSD.org 2006-05-11T13:29:01Z urn:sha1:8fc80fd71f1e8fc47496a35aea7ac417846da9e4 MFC after: 2 weeks