[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [ezjail] Setting security.jail.sysvipc_allowed won't work with ezjail



 Hi Glen, I've had a similar problem and apply the following patch to ezjail.sh

--- /usr/local/etc/rc.d/ezjail.sh.orig  2011-07-20 10:12:51.000000000 +0000
+++ /usr/local/etc/rc.d/ezjail.sh       2011-07-25 10:53:27.000000000 +0000
@@ -112,6 +112,7 @@

       eval ezjail_zfs_datasets=\"\$jail_${ezjail_safename}_zfs_datasets\"
       eval ezjail_cpuset=\"\$jail_${ezjail_safename}_cpuset\"
+      eval ezjail_parameters=\"\$jail_${ezjail_safename}_parameters\"

       # Attach ZFS-datasets to the jail
       for zfs in ${ezjail_zfs_datasets}; do
@@ -123,6 +124,17 @@
     done
   fi

+  if [ "${action}" = "start" -o "${action}" = "restart" ]; then
+    for ezjail in ${ezjail_list}; do
+      ezjail_safename=`echo -n "${ezjail}" | tr -c '[:alnum:]' _`
+      [ -f "/var/run/jail_${ezjail_safename}.id" ] && ezjail_id=`cat /var/run/jail_${ezjail_safename}.id`
+      # Assign parameters to the newly created jail per man 8 jail
+      [ -z "${ezjail_parameters}" ] || /usr/sbin/jail -m jid=${ezjail_id} ${ezjail_parameters}
+      # This should be in /etc/rc.d/jail, but...
+      /usr/sbin/jail -m jid=${ezjail_id} name=${ezjail_safename}
+    done
+  fi
+
   # Can only detach after unmounting (from fstab.JAILNAME in /etc/rc.d/jail)
   attach_detach_post
 }


Then I append, things like:
export jail_t2_parameters="allow.raw_sockets=1 allow.sysvipc=1 securelevel=2 host.hostuuid=00000000-0000-0000-0000-000000000002"
To /usr/local/etc/ezjail/t2, so the changes take effect after the jail starts without further effort from me.

I hope that this provides some assistance.