[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] per jail security parameters



On Wed, Jul 31, 2013 at 02:21:00PM +0200, kaltheat wrote:
> 
> ...
> 
> I think that the jail-rc-script on these machines isn't able to handle parameters.
> These machines run 9.1-RELEASE.
> 
> I looked into sources of jail-rc-script on HEAD and found that creation command of jail was
> developed from
> 
>                 eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname} \
>                         \"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1 \
>                         </dev/null
> 
> to
> 
> eval ${_setfib} jail -n ${_jail} ${_flags} -i -c path=${_rootdir} host.hostname=${_hostname} \
> 			${_addrl:+ip4.addr=\"${_addrl}\"} ${_addr6l:+ip6.addr=\"${_addr6l}\"} \
> 			${_parameters} command=${_exec_start} > ${_tmp_jail} 2>&1 \
> 			</dev/null
> 
> .
> So I think without manipulating /etc/rc.d/jail on FreeBSD-9.1-RELEASE per jail parameters can't
> be used with ezjail. Am I right?
> 

Could anyone confirm my observation and conclusion?

Regards,
kaltheat