[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

HEADS UP: shutdown scripts in a jail are not run by default



This seems to be a FreeBSD issue, not an ezjail issue but I'm willing to be convinced otherwise.

The shutdown scripts (/usr/local/etc/rc.d) are not run when your jail is stopped.

In many cases, this has no downside, but I strongly feel that shutdown scripts should be run so that applications can be given the opportunity to do the right thing.

I discovered this situation late last week and have been running some tests. The solution isn't that difficult, but I feel the default situation is wrong. It breaks POLA.

Full details here but highlights follow: http://dan.langille.org/2014/07/26/are-freebsd-jails-being-shutdown-properly/


Highlights:


This setting in /etc/rc.conf ensures that each jail is properly shutdown:

jail_exec_stop="/bin/sh /etc/rc.shutdown"


This setting can be applied to an individual jail via its file in /usr/local/etc/ezjail. The example shown is for jail JAILNAME:

jail_JAILNAME_exec_stop="/bin/sh /etc/rc.shutdown"

--
Dan Langille - http://langille.org/