[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [ezjail] Processing jail pseudo-parameters

> Date: Wed, 22 May 2013 20:26:15 -0400
> From: glen.j.barber AT gmail DOT com
> To: ezjail AT erdgeist DOT org
> Subject: Re: [ezjail] Processing jail pseudo-parameters
> On Thu, May 23, 2013 at 12:21:53AM +0000, Andrew Hotlab wrote:
> >
> > Hi to all. I'm using ezjail 3.3 on FreeBSD RELENG_9_1.
> > I'm trying to assign a specific parameter to a single jail (for
> > example, the "allow.raw_sockets"). I was believing that I only need
> > to write it in the line "export jail_jailname_parameters=" of the
> > file /usr/local/etc/ezjail/jailname, but it does not seem to work.
> > I read the file /etc/rc.d/jail, and it does not seem able to
> > process the jail_jailname_parameters variable, thus I'm wondering
> > if I missed something... or it is a "work-in-progress" feature?
> I add the following to my /usr/local/etc/ezjail/NAME config:
> export jail_NAME_exec_poststart0="/usr/sbin/jail -m name=NAME allow.raw_sockets"
> Hope this helps.

Thank you Glen, it's a functioning workaround, but I was interested into know the status of this feature: the integration of ezjail with the new security.jail.param tunables. I read that Jamie Gritton did a significant job on this (these parameters cam be defined into the new /etc/jail.conf), but I missed the info about ezjail support for it.