[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] per jail security parameters



On 05/08/2013 13:01, kaltheat AT googlemail DOT com wrote:
On Wed, Jul 31, 2013 at 02:21:00PM +0200, kaltheat wrote:

...

I think that the jail-rc-script on these machines isn't able to handle parameters.
These machines run 9.1-RELEASE.

I looked into sources of jail-rc-script on HEAD and found that creation command of jail was
developed from

                 eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname} \
                         \"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1 \
                         </dev/null

to

eval ${_setfib} jail -n ${_jail} ${_flags} -i -c path=${_rootdir} host.hostname=${_hostname} \
			${_addrl:+ip4.addr=\"${_addrl}\"} ${_addr6l:+ip6.addr=\"${_addr6l}\"} \
			${_parameters} command=${_exec_start} > ${_tmp_jail} 2>&1 \
			</dev/null

.
So I think without manipulating /etc/rc.d/jail on FreeBSD-9.1-RELEASE per jail parameters can't
be used with ezjail. Am I right?


Could anyone confirm my observation and conclusion?

Regards,
kaltheat



Hi,

The change was committed to stable/9 in r241801 [1], which is after
releng/9.1 was created in r239080 (i.e. it was committed to the 9.x
branch after 9.1-RELEASE).

Regards,

Jase Thew.

[1] http://svnweb.freebsd.org/base?view=revision&revision=241801