[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ezjail] Processing jail pseudo-parameters
Glen Barber писал 23.05.2013 04:54:
On Thu, May 23, 2013 at 12:34:53AM +0000, Andrew Hotlab wrote:
> On Thu, May 23, 2013 at 12:21:53AM +0000, Andrew Hotlab wrote:
> > Hi to all. I'm using ezjail 3.3 on FreeBSD RELENG_9_1.
> > I'm trying to assign a specific parameter to a single jail (for
> > example, the "allow.raw_sockets"). I was believing that I only
> > to write it in the line "export jail_jailname_parameters=" of
> > file /usr/local/etc/ezjail/jailname, but it does not seem to
> > I read the file /etc/rc.d/jail, and it does not seem able to
> > process the jail_jailname_parameters variable, thus I'm
> > if I missed something... or it is a "work-in-progress" feature?
> I add the following to my /usr/local/etc/ezjail/NAME config:
> export jail_NAME_exec_poststart0="/usr/sbin/jail -m name=NAME
> Hope this helps.
Thank you Glen, it's a functioning workaround, but I was interested
into know the status of this feature: the integration of ezjail
with the new security.jail.param tunables. I read that Jamie Gritton
did a significant job on this (these parameters cam be defined into
the new /etc/jail.conf), but I missed the info about ezjail support
Well, I don't really consider it a workaround. It is differentiation
how ezjail works versus using jail.conf.
Thanks from me too, Glen.
Sorry for my question, but how you set name for your jail in
export jail_NAME_flags="-n NAME -l -U root"?
With best regards,