[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] Processing jail pseudo-parameters



On Thu, May 23, 2013 at 12:34:53AM +0000, Andrew Hotlab wrote:
> > On Thu, May 23, 2013 at 12:21:53AM +0000, Andrew Hotlab wrote:
> > > 
> > > Hi to all. I'm using ezjail 3.3 on FreeBSD RELENG_9_1.
> > > I'm trying to assign a specific parameter to a single jail (for
> > > example, the "allow.raw_sockets"). I was believing that I only need
> > > to write it in the line "export jail_jailname_parameters=" of the
> > > file /usr/local/etc/ezjail/jailname, but it does not seem to work.
> > > I read the file /etc/rc.d/jail, and it does not seem able to
> > > process the jail_jailname_parameters variable, thus I'm wondering
> > > if I missed something... or it is a "work-in-progress" feature?
> > 
> > I add the following to my /usr/local/etc/ezjail/NAME config:
> > 
> > export jail_NAME_exec_poststart0="/usr/sbin/jail -m name=NAME allow.raw_sockets"
> > 
> > Hope this helps.
> > 
> 
> Thank you Glen, it's a functioning workaround, but I was interested
> into know the status of this feature: the integration of ezjail
> with the new security.jail.param tunables. I read that Jamie Gritton
> did a significant job on this (these parameters cam be defined into
> the new /etc/jail.conf), but I missed the info about ezjail support
> for it.
>  		 	   		  

Well, I don't really consider it a workaround.  It is differentiation in
how ezjail works versus using jail.conf.

Glen