[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] per jail security parameters

On 05/08/2013 13:01, kaltheat AT googlemail DOT com wrote:
On Wed, Jul 31, 2013 at 02:21:00PM +0200, kaltheat wrote:


I think that the jail-rc-script on these machines isn't able to handle parameters.
These machines run 9.1-RELEASE.

I looked into sources of jail-rc-script on HEAD and found that creation command of jail was
developed from

                 eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname} \
                         \"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1 \


eval ${_setfib} jail -n ${_jail} ${_flags} -i -c path=${_rootdir} host.hostname=${_hostname} \
			${_addrl:+ip4.addr=\"${_addrl}\"} ${_addr6l:+ip6.addr=\"${_addr6l}\"} \
			${_parameters} command=${_exec_start} > ${_tmp_jail} 2>&1 \

So I think without manipulating /etc/rc.d/jail on FreeBSD-9.1-RELEASE per jail parameters can't
be used with ezjail. Am I right?

Could anyone confirm my observation and conclusion?



The change was committed to stable/9 in r241801 [1], which is after
releng/9.1 was created in r239080 (i.e. it was committed to the 9.x
branch after 9.1-RELEASE).


Jase Thew.

[1] http://svnweb.freebsd.org/base?view=revision&revision=241801