[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] Setting security.jail.sysvipc_allowed won't work with ezjail



Hi,

thank you very much, you patch works great!

Johannes

2011/7/26 Dewayne Geraghty <dewayne.geraghty AT heuristicsystems.com DOT au>:
>  Hi Glen, I've had a similar problem and apply the following patch to ezjail.sh
>
> --- /usr/local/etc/rc.d/ezjail.sh.orig  2011-07-20 10:12:51.000000000 +0000
> +++ /usr/local/etc/rc.d/ezjail.sh       2011-07-25 10:53:27.000000000 +0000
> @@ -112,6 +112,7 @@
>
>       eval ezjail_zfs_datasets=\"\$jail_${ezjail_safename}_zfs_datasets\"
>       eval ezjail_cpuset=\"\$jail_${ezjail_safename}_cpuset\"
> +      eval ezjail_parameters=\"\$jail_${ezjail_safename}_parameters\"
>
>       # Attach ZFS-datasets to the jail
>       for zfs in ${ezjail_zfs_datasets}; do
> @@ -123,6 +124,17 @@
>     done
>   fi
>
> +  if [ "${action}" = "start" -o "${action}" = "restart" ]; then
> +    for ezjail in ${ezjail_list}; do
> +      ezjail_safename=`echo -n "${ezjail}" | tr -c '[:alnum:]' _`
> +      [ -f "/var/run/jail_${ezjail_safename}.id" ] && ezjail_id=`cat /var/run/jail_${ezjail_safename}.id`
> +      # Assign parameters to the newly created jail per man 8 jail
> +      [ -z "${ezjail_parameters}" ] || /usr/sbin/jail -m jid=${ezjail_id} ${ezjail_parameters}
> +      # This should be in /etc/rc.d/jail, but...
> +      /usr/sbin/jail -m jid=${ezjail_id} name=${ezjail_safename}
> +    done
> +  fi
> +
>   # Can only detach after unmounting (from fstab.JAILNAME in /etc/rc.d/jail)
>   attach_detach_post
>  }
>
>
> Then I append, things like:
> export jail_t2_parameters="allow.raw_sockets=1 allow.sysvipc=1 securelevel=2 host.hostuuid=00000000-0000-0000-0000-000000000002"
> To /usr/local/etc/ezjail/t2, so the changes take effect after the jail starts without further effort from me.
>
> I hope that this provides some assistance.
>
>