[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] Processing jail pseudo-parameters



Glen Barber писал 23.05.2013 04:54:
On Thu, May 23, 2013 at 12:34:53AM +0000, Andrew Hotlab wrote:
> On Thu, May 23, 2013 at 12:21:53AM +0000, Andrew Hotlab wrote:
> >
> > Hi to all. I'm using ezjail 3.3 on FreeBSD RELENG_9_1.
> > I'm trying to assign a specific parameter to a single jail (for
> > example, the "allow.raw_sockets"). I was believing that I only need > > to write it in the line "export jail_jailname_parameters=" of the > > file /usr/local/etc/ezjail/jailname, but it does not seem to work.
> > I read the file /etc/rc.d/jail, and it does not seem able to
> > process the jail_jailname_parameters variable, thus I'm wondering
> > if I missed something... or it is a "work-in-progress" feature?
>
> I add the following to my /usr/local/etc/ezjail/NAME config:
>
> export jail_NAME_exec_poststart0="/usr/sbin/jail -m name=NAME allow.raw_sockets"
>
> Hope this helps.
>

Thank you Glen, it's a functioning workaround, but I was interested
into know the status of this feature: the integration of ezjail
with the new security.jail.param tunables. I read that Jamie Gritton
did a significant job on this (these parameters cam be defined into
the new /etc/jail.conf), but I missed the info about ezjail support
for it.


Well, I don't really consider it a workaround. It is differentiation in
how ezjail works versus using jail.conf.

Glen


Thanks from me too, Glen.

Sorry for my question, but how you set name for your jail in ezjail-config?

export jail_NAME_flags="-n NAME -l -U root"?

--
                With best regards,
                    Kondakov Roman