Index: src/etc/defaults/rc.conf =================================================================== RCS file: /home/ncvs/src/etc/defaults/rc.conf,v retrieving revision 1.282 diff -u -r1.282 rc.conf --- src/etc/defaults/rc.conf 28 Apr 2006 12:03:33 -0000 1.282 +++ src/etc/defaults/rc.conf 11 May 2006 13:34:51 -0000 @@ -555,11 +555,15 @@ # # To use rc's built-in jail infrastructure create entries for # each jail, specified in jail_list, with the following variables. -# NOTE: replace 'example' with the jail's name. +# NOTES: +# - replace 'example' with the jail's name. +# - except rootdir, hostname and ip, all of the following variables may be +# global jail variables if you don't specify a jail name (ie. jail_interface). # #jail_example_rootdir="/usr/jail/default" # Jail's root directory #jail_example_hostname="default.domain.com" # Jail's hostname #jail_example_ip="192.168.0.10" # Jail's IP number +#jail_example_interface="" # Interface to create the IP alias on #jail_example_exec_start="/bin/sh /etc/rc" # command to execute in jail for starting #jail_example_exec_stop="/bin/sh /etc/rc.shutdown" # command to execute in jail for stopping #jail_example_devfs_enable="NO" # mount devfs in the jail Index: src/etc/rc.d/jail =================================================================== RCS file: /home/ncvs/src/etc/rc.d/jail,v retrieving revision 1.31 diff -u -r1.31 jail --- src/etc/rc.d/jail 11 May 2006 13:29:01 -0000 1.31 +++ src/etc/rc.d/jail 11 May 2006 13:34:51 -0000 @@ -27,73 +27,73 @@ return fi - eval jail_rootdir=\"\$jail_${_j}_rootdir\" - jail_devdir="${jail_rootdir}/dev" - jail_fdescdir="${jail_devdir}/fd" - jail_procdir="${jail_rootdir}/proc" - eval jail_hostname=\"\$jail_${_j}_hostname\" - eval jail_ip=\"\$jail_${_j}_ip\" - eval jail_interface=\"\${jail_${_j}_interface:-${jail_interface}}\" - eval jail_exec=\"\$jail_${_j}_exec\" - eval jail_exec_start=\"\${jail_${_j}_exec_start:-${jail_exec_start}}\" - eval jail_exec_stop=\"\${jail_${_j}_exec_stop:-${jail_exec_stop}}\" - if [ -n "${jail_exec}" ]; then + eval _rootdir=\"\$jail_${_j}_rootdir\" + _devdir="${_rootdir}/dev" + _fdescdir="${_devdir}/fd" + _procdir="${_rootdir}/proc" + eval _hostname=\"\$jail_${_j}_hostname\" + eval _ip=\"\$jail_${_j}_ip\" + eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\" + eval _exec=\"\$jail_${_j}_exec\" + eval _exec_start=\"\${jail_${_j}_exec_start:-${jail_exec_start}}\" + eval _exec_stop=\"\${jail_${_j}_exec_stop:-${jail_exec_stop}}\" + if [ -n "${_exec}" ]; then # simple/backward-compatible execution - jail_exec_start="${jail_exec}" - jail_exec_stop="" + _exec_start="${_exec}" + _exec_stop="" else # flexible execution - if [ -z "${jail_exec_start}" ]; then - jail_exec_start="/bin/sh /etc/rc" - if [ -z "${jail_exec_stop}" ]; then - jail_exec_stop="/bin/sh /etc/rc.shutdown" + if [ -z "${_exec_start}" ]; then + _exec_start="/bin/sh /etc/rc" + if [ -z "${_exec_stop}" ]; then + _exec_stop="/bin/sh /etc/rc.shutdown" fi fi fi # The default jail ruleset will be used by rc.subr if none is specified. - eval jail_ruleset=\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}}\" - eval jail_devfs=\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}\" - [ -z "${jail_devfs}" ] && jail_devfs="NO" - eval jail_fdescfs=\"\${jail_${_j}_fdescfs_enable:-${jail_fdescfs_enable}}\" - [ -z "${jail_fdescfs}" ] && jail_fdescfs="NO" - eval jail_procfs=\"\${jail_${_j}_procfs_enable:-${jail_procfs_enable}}\" - [ -z "${jail_procfs}" ] && jail_procfs="NO" + eval _ruleset=\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}}\" + eval _devfs=\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}\" + [ -z "${_devfs}" ] && _devfs="NO" + eval _fdescfs=\"\${jail_${_j}_fdescfs_enable:-${jail_fdescfs_enable}}\" + [ -z "${_fdescfs}" ] && _fdescfs="NO" + eval _procfs=\"\${jail_${_j}_procfs_enable:-${jail_procfs_enable}}\" + [ -z "${_procfs}" ] && _procfs="NO" - eval jail_mount=\"\${jail_${_j}_mount_enable:-${jail_mount_enable}}\" - [ -z "${jail_mount}" ] && jail_mount="NO" + eval _mount=\"\${jail_${_j}_mount_enable:-${jail_mount_enable}}\" + [ -z "${_mount}" ] && _mount="NO" # "/etc/fstab.${_j}" will be used for {,u}mount(8) if none is specified. - eval jail_fstab=\"\${jail_${_j}_fstab:-${jail_fstab}}\" - [ -z "${jail_fstab}" ] && jail_fstab="/etc/fstab.${_j}" - eval jail_flags=\"\${jail_${_j}_flags:-${jail_flags}}\" - [ -z "${jail_flags}" ] && jail_flags="-l -U root" + eval _fstab=\"\${jail_${_j}_fstab:-${jail_fstab}}\" + [ -z "${_fstab}" ] && _fstab="/etc/fstab.${_j}" + eval _flags=\"\${jail_${_j}_flags:-${jail_flags}}\" + [ -z "${_flags}" ] && _flags="-l -U root" # Debugging aid # - debug "$_j devfs enable: $jail_devfs" - debug "$_j fdescfs enable: $jail_fdescfs" - debug "$_j procfs enable: $jail_procfs" - debug "$_j mount enable: $jail_mount" - debug "$_j hostname: $jail_hostname" - debug "$_j ip: $jail_ip" - debug "$_j interface: $jail_interface" - debug "$_j root: $jail_rootdir" - debug "$_j devdir: $jail_devdir" - debug "$_j fdescdir: $jail_fdescdir" - debug "$_j procdir: $jail_procdir" - debug "$_j ruleset: $jail_ruleset" - debug "$_j fstab: $jail_fstab" - debug "$_j exec start: $jail_exec_start" - debug "$_j exec stop: $jail_exec_stop" - debug "$_j flags: $jail_flags" + debug "$_j devfs enable: $_devfs" + debug "$_j fdescfs enable: $_fdescfs" + debug "$_j procfs enable: $_procfs" + debug "$_j mount enable: $_mount" + debug "$_j hostname: $_hostname" + debug "$_j ip: $_ip" + debug "$_j interface: $_interface" + debug "$_j root: $_rootdir" + debug "$_j devdir: $_devdir" + debug "$_j fdescdir: $_fdescdir" + debug "$_j procdir: $_procdir" + debug "$_j ruleset: $_ruleset" + debug "$_j fstab: $_fstab" + debug "$_j exec start: $_exec_start" + debug "$_j exec stop: $_exec_stop" + debug "$_j flags: $_flags" - if [ -z "${jail_hostname}" ]; then + if [ -z "${_hostname}" ]; then err 3 "$name: No hostname has been defined for ${_j}" fi - if [ -z "${jail_rootdir}" ]; then + if [ -z "${_rootdir}" ]; then err 3 "$name: No root directory has been defined for ${_j}" fi - if [ -z "${jail_ip}" ]; then + if [ -z "${_ip}" ]; then err 3 "$name: No IP address has been defined for ${_j}" fi @@ -133,24 +133,24 @@ # jail_umount_fs() { - if checkyesno jail_fdescfs; then - if [ -d "${jail_fdescdir}" ] ; then - umount -f ${jail_fdescdir} >/dev/null 2>&1 + if checkyesno _fdescfs; then + if [ -d "${_fdescdir}" ] ; then + umount -f ${_fdescdir} >/dev/null 2>&1 fi fi - if checkyesno jail_devfs; then - if [ -d "${jail_devdir}" ] ; then - umount -f ${jail_devdir} >/dev/null 2>&1 + if checkyesno _devfs; then + if [ -d "${_devdir}" ] ; then + umount -f ${_devdir} >/dev/null 2>&1 fi fi - if checkyesno jail_procfs; then - if [ -d "${jail_procdir}" ] ; then - umount -f ${jail_procdir} >/dev/null 2>&1 + if checkyesno _procfs; then + if [ -d "${_procdir}" ] ; then + umount -f ${_procdir} >/dev/null 2>&1 fi fi - if checkyesno jail_mount; then - [ -f "${jail_fstab}" ] || warn "${jail_fstab} does not exist" - umount -a -F "${jail_fstab}" >/dev/null 2>&1 + if checkyesno _mount; then + [ -f "${_fstab}" ] || warn "${_fstab} does not exist" + umount -a -F "${_fstab}" >/dev/null 2>&1 fi } @@ -172,29 +172,29 @@ do init_variables $_jail if [ -f /var/run/jail_${_jail}.id ]; then - echo -n " [${jail_hostname} already running (/var/run/jail_${_jail}.id exists)]" + echo -n " [${_hostname} already running (/var/run/jail_${_jail}.id exists)]" continue; fi - if [ -n "${jail_interface}" ]; then - ifconfig ${jail_interface} alias ${jail_ip} netmask 255.255.255.255 + if [ -n "${_interface}" ]; then + ifconfig ${_interface} alias ${_ip} netmask 255.255.255.255 fi - if checkyesno jail_mount; then - info "Mounting fstab for jail ${_jail} (${jail_fstab})" - if [ ! -f "${jail_fstab}" ]; then - err 3 "$name: ${jail_fstab} does not exist" + if checkyesno _mount; then + info "Mounting fstab for jail ${_jail} (${_fstab})" + if [ ! -f "${_fstab}" ]; then + err 3 "$name: ${_fstab} does not exist" fi - mount -a -F "${jail_fstab}" + mount -a -F "${_fstab}" fi - if checkyesno jail_devfs; then + if checkyesno _devfs; then # If devfs is already mounted here, skip it. - df -t devfs "${jail_devdir}" >/dev/null + df -t devfs "${_devdir}" >/dev/null if [ $? -ne 0 ]; then - info "Mounting devfs on ${jail_devdir}" - devfs_mount_jail "${jail_devdir}" ${jail_ruleset} + info "Mounting devfs on ${_devdir}" + devfs_mount_jail "${_devdir}" ${_ruleset} # Transitional symlink for old binaries - if [ ! -L "${jail_devdir}/log" ]; then + if [ ! -L "${_devdir}/log" ]; then __pwd="`pwd`" - cd "${jail_devdir}" + cd "${_devdir}" ln -sf ../var/run/log log cd "$__pwd" fi @@ -204,27 +204,27 @@ # is a devfs(5) device of the same name. # Jail console output # __pwd="`pwd`" - # cd "${jail_devdir}" + # cd "${_devdir}" # ln -sf ../var/log/console console # cd "$__pwd" fi - if checkyesno jail_fdescfs; then - info "Mounting fdescfs on ${jail_fdescdir}" - mount -t fdescfs fdesc "${jail_fdescdir}" - fi - if checkyesno jail_procfs; then - info "Mounting procfs onto ${jail_procdir}" - if [ -d "${jail_procdir}" ] ; then - mount -t procfs proc "${jail_procdir}" + if checkyesno _fdescfs; then + info "Mounting fdescfs on ${_fdescdir}" + mount -t fdescfs fdesc "${_fdescdir}" + fi + if checkyesno _procfs; then + info "Mounting procfs onto ${_procdir}" + if [ -d "${_procdir}" ] ; then + mount -t procfs proc "${_procdir}" fi fi _tmp_jail=${_tmp_dir}/jail.$$ - eval jail ${jail_flags} -i ${jail_rootdir} ${jail_hostname} \ - ${jail_ip} ${jail_exec_start} > ${_tmp_jail} 2>&1 + eval jail ${_flags} -i ${_rootdir} ${_hostname} \ + ${_ip} ${_exec_start} > ${_tmp_jail} 2>&1 if [ "$?" -eq 0 ] ; then - echo -n " $jail_hostname" + echo -n " $_hostname" _jail_id=$(head -1 ${_tmp_jail}) - tail +2 ${_tmp_jail} >${jail_rootdir}/var/log/console.log + tail +2 ${_tmp_jail} >${_rootdir}/var/log/console.log echo ${_jail_id} > /var/run/jail_${_jail}.id else jail_umount_fs @@ -249,18 +249,18 @@ _jail_id=$(cat /var/run/jail_${_jail}.id) if [ ! -z "${_jail_id}" ]; then init_variables $_jail - if [ -n "${jail_exec_stop}" ]; then - eval env -i /usr/sbin/jexec ${_jail_id} ${jail_exec_stop} \ - >> ${jail_rootdir}/var/log/console.log 2>&1 + if [ -n "${_exec_stop}" ]; then + eval env -i /usr/sbin/jexec ${_jail_id} ${_exec_stop} \ + >> ${_rootdir}/var/log/console.log 2>&1 fi killall -j ${_jail_id} -TERM > /dev/null 2>&1 sleep 1 killall -j ${_jail_id} -KILL > /dev/null 2>&1 jail_umount_fs - echo -n " $jail_hostname" + echo -n " $_hostname" fi - if [ -n "${jail_interface}" ]; then - ifconfig ${jail_interface} -alias ${jail_ip} + if [ -n "${_interface}" ]; then + ifconfig ${_interface} -alias ${_ip} fi rm /var/run/jail_${_jail}.id else Index: src/share/man/man5/rc.conf.5 =================================================================== RCS file: /home/ncvs/src/share/man/man5/rc.conf.5,v retrieving revision 1.293 diff -u -r1.293 rc.conf.5 --- src/share/man/man5/rc.conf.5 18 Apr 2006 15:02:24 -0000 1.293 +++ src/share/man/man5/rc.conf.5 11 May 2006 13:34:52 -0000 @@ -3010,21 +3010,21 @@ .Pq Vt str Unset by default. When set, use as default value for -.Va jail_ Ns Ao Ar jid Ac Ns Va _flags +.Va jail_ Ns Ao Ar jname Ac Ns Va _flags for every jail in .Va jail_list . .It Va jail_interface .Pq Vt str Unset by default. When set, use as default value for -.Va jail_ Ns Ao Ar jid Ac Ns Va _interface +.Va jail_ Ns Ao Ar jname Ac Ns Va _interface for every jail in .Va jail_list . .It Va jail_fstab .Pq Vt str Unset by default. When set, use as default value for -.Va jail_ Ns Ao Ar jid Ac Ns Va _fstab +.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab for every jail in .Va jail_list . .It Va jail_mount_enable @@ -3035,14 +3035,14 @@ When set to .Dq Li YES , sets -.Va jail_ Ns Ao Ar jid Ac Ns Va _mount_enable +.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable to YES by default for every jail in .Va jail_list . .It Va jail_devfs_ruleset .Pq Vt str Unset by default. When set, sets -.Va jail_ Ns Ao Ar jid Ac Ns Va _devfs_ruleset +.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset to given value for every jail in .Va jail_list . .It Va jail_devfs_enable @@ -3053,7 +3053,7 @@ When set to .Dq Li YES , sets -.Va jail_ Ns Ao Ar jid Ac Ns Va _devfs_enable +.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable to YES by default for every jail in .Va jail_list . .It Va jail_fdescfs_enable @@ -3064,7 +3064,7 @@ When set to .Dq Li YES , sets -.Va jail_ Ns Ao Ar jid Ac Ns Va _fdescfs_enable +.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable to YES by default for every jail in .Va jail_list . .It Va jail_procfs_enable @@ -3075,57 +3075,57 @@ When set to .Dq Li YES , sets -.Va jail_ Ns Ao Ar jid Ac Ns Va _fdescfs_enable +.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable to YES by default for every jail in .Va jail_list . .It Va jail_exec_start .Pq Vt str Unset by default. When set, use as default value for -.Va jail_ Ns Ao Ar jid Ac Ns Va _exec_start +.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start for every jail in .Va jail_list . .It Va jail_exec_stop Unset by default. When set, use as default value for -.Va jail_ Ns Ao Ar jid Ac Ns Va _exec_stop +.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop for every jail in .Va jail_list . -.It Va jail_ Ns Ao Ar jid Ac Ns Va _rootdir +.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir .Pq Vt str Unset by default. Set to the root directory used by jail -.Va jid . -.It Va jail_ Ns Ao Ar jid Ac Ns Va _hostname +.Va jname . +.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname .Pq Vt str Unset by default. Set to the fully qualified domain name (FQDN) assigned to jail -.Va jid . -.It Va jail_ Ns Ao Ar jid Ac Ns Va _ip +.Va jname . +.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip .Pq Vt str Unset by default. Set to the IP address assigned to jail -.Va jid . -.It Va jail_ Ns Ao Ar jid Ac Ns Va _flags +.Va jname . +.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags .Pq Vt str Set to .Dq Li -l -U root by default. These are flags to pass to .Xr jail . -.It Va jail_ Ns Ao Ar jid Ac Ns Va _interface +.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface .Pq Vt str Unset by default. When set, sets the interface to use when setting IP address alias. Note that the alias is created at jail startup and removed at jail shutdown. -.It Va jail_ Ns Ao Ar jid Ac Ns Va _fstab +.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab .Pq Vt str Set to -.Pa /etc/fstab. Ns Ao Ar jid Ac +.Pa /etc/fstab. Ns Ao Ar jname Ac by default. This is the file system information file to use for jail -.Va jid . -.It Va jail_ Ns Ao Ar jid Ac Ns Va _mount_enable +.Va jname . +.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable .Pq Vt bool Set to .Dq Li NO @@ -3133,14 +3133,14 @@ When set to .Dq Li YES , mount all file systems from -.Va jail_ Ns Ao Ar jid Ac Ns Va _fstab +.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab at jail startup. -.It Va jail_ Ns Ao Ar jid Ac Ns Va _devfs_ruleset +.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset .Pq Vt str Unset by default. When set, defines the device file system ruleset file to use for jail -.Va jid . -.It Va jail_ Ns Ao Ar jid Ac Ns Va _devfs_enable +.Va jname . +.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable .Pq Vt bool Set to .Dq Li NO @@ -3148,9 +3148,9 @@ When set to .Dq Li YES , mount the device file system inside jail -.Ar jid +.Ar jname at jail startup. -.It Va jail_ Ns Ao Ar jid Ac Ns Va _fdescfs_enable +.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable .Pq Vt bool Set to .Dq Li NO @@ -3158,9 +3158,9 @@ When set to .Dq Li YES , mount the file-descriptor file system inside jail -.Ar jid +.Ar jname at jail startup. -.It Va jail_ Ns Ao Ar jid Ac Ns Va _procfs_enable +.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable .Pq Vt bool Set to .Dq Li NO @@ -3168,15 +3168,15 @@ When set to .Dq Li YES , mount the process file system inside jail -.Ar jid +.Ar jname at jail startup. -.It Va jail_ Ns Ao Ar jid Ac Ns Va _exec_start +.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start .Pq Vt str Set to .Dq Li /bin/sh /etc/rc by default. This is the command executed at jail startup. -.It Va jail_ Ns Ao Ar jid Ac Ns Va _exec_stop +.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop .Pq Vt str Set to .Dq Li /bin/sh /etc/rc.shutdown