From frank@pinky.sax.de Fri Apr 22 11:13:28 2005 Return-Path: Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E193016A4CF for ; Fri, 22 Apr 2005 11:13:27 +0000 (GMT) Received: from pinky.frank-behrens.de (pinky.frank-behrens.de [82.139.199.24]) by mx1.FreeBSD.org (Postfix) with ESMTP id D8A8743D45 for ; Fri, 22 Apr 2005 11:13:26 +0000 (GMT) (envelope-from frank@pinky.sax.de) Received: from moon.behrens (localhost [127.0.0.1]) by pinky.frank-behrens.de (8.13.3/8.13.3/FreeBSD 5.4-STABLE) with ESMTP id j3MBDNGJ094975 for ; Fri, 22 Apr 2005 13:13:23 +0200 (CEST) (envelope-from frank@moon.behrens) Received: (from frank@localhost) by moon.behrens (8.13.3/8.13.3/Submit) id j3MBDNdf094974; Fri, 22 Apr 2005 13:13:23 +0200 (CEST) (envelope-from frank) Message-Id: <200504221113.j3MBDNdf094974@moon.behrens> Date: Fri, 22 Apr 2005 13:13:23 +0200 (CEST) From: Frank Behrens Reply-To: Frank Behrens To: FreeBSD-gnats-submit@freebsd.org Cc: Subject: [PATCH] rc.conf + rc.d/jail should enable input of jail(8) flags X-Send-Pr-Version: 3.113 X-GNATS-Notify: >Number: 80244 >Category: conf >Synopsis: [PATCH] rc.conf + rc.d/jail should enable input of jail(8) flags >Confidential: no >Severity: non-critical >Priority: low >Responsible: pjd >State: closed >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Apr 22 11:20:07 GMT 2005 >Closed-Date: Sun Jun 26 16:30:58 GMT 2005 >Last-Modified: Sun Jun 26 16:30:58 GMT 2005 >Originator: Frank Behrens >Release: FreeBSD 5.4-STABLE i386 >Organization: >Environment: System: FreeBSD moon.behrens 5.4-STABLE FreeBSD 5.4-STABLE #2: Tue Apr 12 10:41:41 CEST 2005 root@moon.behrens:/data2/sys/obj/usr/src/sys/FRANK01 i386 >Description: There is no possibility to start a jail via rc.conf(5) with a different user. In /etc/rc.d/jail the flags for jail(8) are hardcoded as "-l -U root". Both files should be changed to enable flexible jail(8) flags. >How-To-Repeat: >Fix: This patch implements flexible jail(8) flags in rc.conf(5). --- jailrc_d.patch begins here --- --- /usr/src/etc/rc.d/jail Tue Dec 28 11:43:33 2004 +++ /etc/rc.d/jail Wed Apr 20 18:43:31 2005 @@ -36,6 +36,7 @@ eval jail_exec=\"\$jail_${_j}_exec\" eval jail_exec_start=\"\$jail_${_j}_exec_start\" eval jail_exec_stop=\"\$jail_${_j}_exec_stop\" + eval jail_flags=\"\$jail_${_j}_flags\" if [ -n "${jail_exec}" ]; then # simple/backward-compatible execution jail_exec_start="${jail_exec}" @@ -81,6 +82,7 @@ debug "$_j fstab: $jail_fstab" debug "$_j exec start: $jail_exec_start" debug "$_j exec stop: $jail_exec_stop" + debug "$_j flags: $jail_flags" } # set_sysctl rc_knob mib msg @@ -193,7 +195,7 @@ fi fi _tmp_jail=${_tmp_dir}/jail.$$ - eval jail -l -U root -i ${jail_rootdir} ${jail_hostname} \ + eval jail ${jail_flags} -i ${jail_rootdir} ${jail_hostname} \ ${jail_ip} ${jail_exec_start} > ${_tmp_jail} 2>&1 [ "$?" -eq 0 ] && echo -n " $jail_hostname" _jail_id=$(head -1 ${_tmp_jail}) --- etc/defaults/rc.conf.orig Thu Mar 31 13:28:52 2005 +++ etc/defaults/rc.conf Fri Apr 22 12:53:20 2005 @@ -496,6 +496,7 @@ #jail_example_ip="192.168.0.10" # Jail's IP number #jail_example_exec_start="/bin/sh /etc/rc" # command to execute in jail for starting #jail_example_exec_stop="/bin/sh /etc/rc.shutdown" # command to execute in jail for stopping +#jail_example_flags="-l -U root" # additional flags for jail(8) #jail_example_devfs_enable="NO" # mount devfs in the jail #jail_example_fdescfs_enable="NO" # mount fdescfs in the jail #jail_example_procfs_enable="NO" # mount procfs in jail --- jailrc_d.patch ends here --- >Release-Note: >Audit-Trail: Responsible-Changed-From-To: freebsd-bugs->freebsd-rc Responsible-Changed-By: arved Responsible-Changed-When: Fri Apr 22 18:29:41 GMT 2005 Responsible-Changed-Why: Over to freebsd-rc mailinglist http://www.freebsd.org/cgi/query-pr.cgi?pr=80244 Responsible-Changed-From-To: freebsd-rc->pjd Responsible-Changed-By: pjd Responsible-Changed-When: Sun Jun 26 14:51:36 GMT 2005 Responsible-Changed-Why: I'll take this one. http://www.freebsd.org/cgi/query-pr.cgi?pr=80244 State-Changed-From-To: open->closed State-Changed-By: pjd State-Changed-When: Sun Jun 26 16:26:17 GMT 2005 State-Changed-Why: I corrected and commited the patch. Thanks! http://www.freebsd.org/cgi/query-pr.cgi?pr=80244 >Unformatted: