diff options
| author | Florent Thoumie <flz@FreeBSD.org> | 2006-05-05 09:58:13 +0000 |
|---|---|---|
| committer | Florent Thoumie <flz@FreeBSD.org> | 2006-05-05 09:58:13 +0000 |
| commit | 96c54a017a746ebcf51ef294a2f54c13dd520da8 (patch) | |
| tree | 9baae23104fd6e48fb7ae14c635fb003a5585fb6 | |
| parent | b2de0ed23edf34d6bd3e0fd7d492e40221881472 (diff) | |
Notes
| -rw-r--r-- | etc/rc.d/jail | 26 | ||||
| -rw-r--r-- | share/man/man5/rc.conf.5 | 183 |
2 files changed, 194 insertions, 15 deletions
diff --git a/etc/rc.d/jail b/etc/rc.d/jail index b4b051fa71d1..0edf078dd3d9 100644 --- a/etc/rc.d/jail +++ b/etc/rc.d/jail @@ -33,9 +33,10 @@ init_variables() jail_procdir="${jail_rootdir}/proc" eval jail_hostname=\"\$jail_${_j}_hostname\" eval jail_ip=\"\$jail_${_j}_ip\" + eval jail_interface=\"\${jail_${_j}_interface:-${jail_interface}}\" eval jail_exec=\"\$jail_${_j}_exec\" - eval jail_exec_start=\"\$jail_${_j}_exec_start\" - eval jail_exec_stop=\"\$jail_${_j}_exec_stop\" + eval jail_exec_start=\"\${jail_${_j}_exec_start:-${jail_exec_start}}\" + eval jail_exec_stop=\"\${jail_${_j}_exec_stop:-${jail_exec_stop}}\" if [ -n "${jail_exec}" ]; then # simple/backward-compatible execution jail_exec_start="${jail_exec}" @@ -51,20 +52,20 @@ init_variables() fi # The default jail ruleset will be used by rc.subr if none is specified. - eval jail_ruleset=\"\$jail_${_j}_devfs_ruleset\" - eval jail_devfs=\"\$jail_${_j}_devfs_enable\" + eval jail_ruleset=\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}}\" + eval jail_devfs=\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}\" [ -z "${jail_devfs}" ] && jail_devfs="NO" - eval jail_fdescfs=\"\$jail_${_j}_fdescfs_enable\" + eval jail_fdescfs=\"\${jail_${_j}_fdescfs_enable:-${jail_fdescfs_enable}}\" [ -z "${jail_fdescfs}" ] && jail_fdescfs="NO" - eval jail_procfs=\"\$jail_${_j}_procfs_enable\" + eval jail_procfs=\"\${jail_${_j}_procfs_enable:-${jail_procfs_enable}}\" [ -z "${jail_procfs}" ] && jail_procfs="NO" - eval jail_mount=\"\$jail_${_j}_mount_enable\" + eval jail_mount=\"\${jail_${_j}_mount_enable:-${jail_mount_enable}}\" [ -z "${jail_mount}" ] && jail_mount="NO" # "/etc/fstab.${_j}" will be used for {,u}mount(8) if none is specified. - eval jail_fstab=\"\$jail_${_j}_fstab\" + eval jail_fstab=\"\${jail_${_j}_fstab:-${jail_fstab}}\" [ -z "${jail_fstab}" ] && jail_fstab="/etc/fstab.${_j}" - eval jail_flags=\"\$jail_${_j}_flags\" + eval jail_flags=\"\${jail_${_j}_flags:-${jail_flags}}\" [ -z "${jail_flags}" ] && jail_flags="-l -U root" # Debugging aid @@ -75,6 +76,7 @@ init_variables() debug "$_j mount enable: $jail_mount" debug "$_j hostname: $jail_hostname" debug "$_j ip: $jail_ip" + debug "$_j interface: $jail_interface" debug "$_j root: $jail_rootdir" debug "$_j devdir: $jail_devdir" debug "$_j fdescdir: $jail_fdescdir" @@ -162,6 +164,9 @@ jail_start() echo -n " [${jail_hostname} already running (/var/run/jail_${_jail}.id exists)]" continue; fi + if [ -n ${jail_interface} ]; then + ifconfig ${jail_interface} alias ${jail_ip} netmask 255.255.255.255 + fi if checkyesno jail_mount; then info "Mounting fstab for jail ${_jail} (${jail_fstab})" if [ ! -f "${jail_fstab}" ]; then @@ -234,6 +239,9 @@ jail_stop() jail_umount_fs echo -n " $jail_hostname" fi + if [ -n ${jail_interface} ]; then + ifconfig ${jail_interface} -alias ${jail_ip} + fi rm /var/run/jail_${_jail}.id else echo "cannot stop jail ${_jail}. No jail id in /var/run" diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5 index 151824e17ab2..c05fbd129ede 100644 --- a/share/man/man5/rc.conf.5 +++ b/share/man/man5/rc.conf.5 @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd March 9, 2006 +.Dd May 5, 2006 .Dt RC.CONF 5 .Os .Sh NAME @@ -3024,13 +3024,184 @@ you would have the following dependent variables: jail_vjail_hostname="jail.example.com" jail_vjail_ip="192.168.1.100" jail_vjail_rootdir="/var/jails/vjail/root" -jail_vjail_exec="/bin/sh /etc/rc" .Ed .Pp -The last one is optional. -It defaults to -.Pa /etc/rc -if it is not set. +.It Va jail_flags +.Pq Vt str +Unset by default. +When set, use as default value for +.Va jail_ Ns Ao Ar jid Ac Ns Va _flags +for every jail in +.Va jail_list . +.It Va jail_interface +.Pq Vt str +Unset by default. +When set, use as default value for +.Va jail_ Ns Ao Ar jid Ac Ns Va _interface +for every jail in +.Va jail_list . +.It Va jail_fstab +.Pq Vt str +Unset by default. +When set, use as default value for +.Va jail_ Ns Ao Ar jid Ac Ns Va _fstab +for every jail in +.Va jail_list . +.It Va jail_mount_enable +.Pq Vt bool +Set to +.Dq Li NO +by default. +When set to +.Dq Li YES , +sets +.Va jail_ Ns Ao Ar jid Ac Ns Va _mount_enable +to YES by default for every jail in +.Va jail_list . +.It Va jail_devfs_ruleset +.Pq Vt str +Unset by default. +When set, sets +.Va jail_ Ns Ao Ar jid Ac Ns Va _devfs_ruleset +to given value for every jail in +.Va jail_list . +.It Va jail_devfs_enable +.Pq Vt bool +Set to +.Dq Li NO +by default. +When set to +.Dq Li YES , +sets +.Va jail_ Ns Ao Ar jid Ac Ns Va _devfs_enable +to YES by default for every jail in +.Va jail_list . +.It Va jail_fdescfs_enable +.Pq Vt bool +Set to +.Dq Li NO +by default. +When set to +.Dq Li YES , +sets +.Va jail_ Ns Ao Ar jid Ac Ns Va _fdescfs_enable +to YES by default for every jail in +.Va jail_list . +.It Va jail_procfs_enable +.Pq Vt bool +Set to +.Dq Li NO +by default. +When set to +.Dq Li YES , +sets +.Va jail_ Ns Ao Ar jid Ac Ns Va _fdescfs_enable +to YES by default for every jail in +.Va jail_list . +.It Va jail_exec_start +.Pq Vt str +Unset by default. +When set, use as default value for +.Va jail_ Ns Ao Ar jid Ac Ns Va _exec_start +for every jail in +.Va jail_list . +.It Va jail_exec_stop +Unset by default. +When set, use as default value for +.Va jail_ Ns Ao Ar jid Ac Ns Va _exec_stop +for every jail in +.Va jail_list . +.It Va jail_ Ns Ao Ar jid Ac Ns Va _rootdir +.Pq Vt str +Unset by default. +Set to the root directory used by jail +.Va jid . +.It Va jail_ Ns Ao Ar jid Ac Ns Va _hostname +.Pq Vt str +Unset by default. +Set to the fully qualified domain name (FQDN) assigned to jail +.Va jid . +.It Va jail_ Ns Ao Ar jid Ac Ns Va _ip +.Pq Vt str +Unset by default. +Set to the IP address assigned to jail +.Va jid . +.It Va jail_ Ns Ao Ar jid Ac Ns Va _flags +.Pq Vt str +Set to +.Dq Li -l -U root +by default. +These are flags to pass to +.Xr jail . +.It Va jail_ Ns Ao Ar jid Ac Ns Va _interface +.Pq Vt str +Unset by default. +When set, sets the interface to use when setting IP address alias. +Note that the alias is created at jail startup and removed at jail shutdown. +.It Va jail_ Ns Ao Ar jid Ac Ns Va _fstab +.Pq Vt str +Set to +.Pa /etc/fstab. Ns Ao Ar jid Ac +by default. +This is the file system information file to use for jail +.Va jid . +.It Va jail_ Ns Ao Ar jid Ac Ns Va _mount_enable +.Pq Vt bool +Set to +.Dq Li NO +by default. +When set to +.Dq Li YES , +mount all file systems from +.Va jail_ Ns Ao Ar jid Ac Ns Va _fstab +at jail startup. +.It Va jail_ Ns Ao Ar jid Ac Ns Va _devfs_ruleset +.Pq Vt str +Unset by default. +When set, defines the device file system ruleset file to use for jail +.Va jid . +.It Va jail_ Ns Ao Ar jid Ac Ns Va _devfs_enable +.Pq Vt bool +Set to +.Dq Li NO +by default. +When set to +.Dq Li YES , +mount the device file system inside jail +.Ar jid +at jail startup. +.It Va jail_ Ns Ao Ar jid Ac Ns Va _fdescfs_enable +.Pq Vt bool +Set to +.Dq Li NO +by default. +When set to +.Dq Li YES , +mount the file-descriptor file system inside jail +.Ar jid +at jail startup. +.It Va jail_ Ns Ao Ar jid Ac Ns Va _procfs_enable +.Pq Vt bool +Set to +.Dq Li NO +by default. +When set to +.Dq Li YES , +mount the process file system inside jail +.Ar jid +at jail startup. +.It Va jail_ Ns Ao Ar jid Ac Ns Va _exec_start +.Pq Vt str +Set to +.Dq Li /bin/sh /etc/rc +by default. +This is the command executed at jail startup. +.It Va jail_ Ns Ao Ar jid Ac Ns Va _exec_stop +.Pq Vt str +Set to +.Dq Li /bin/sh /etc/rc.shutdown +by default. +This is the command executed at jail shutdown. .It Va jail_set_hostname_allow .Pq Vt bool If set to |