1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

/etc/rc.d/jail Patch for allowing paramater specification

Discussion in 'FreeBSD Development' started by mhunet, May 11, 2011.

  1. mhunet

    mhunet New Member

    Messages:
    12
    Thanks Received:
    1
    I created a patch for /etc/rc.d/jail that allows paramaters to be set for a jail in rc.conf in the format
    Code:
    jail_example_params="children.max=99 allow.raw_sockets


    Seeing as there is no other way to set the majority of a jail's paramaters at boot I was wondering if anybody would be interested in this or how I would go about contributing this to the base system.
     
  2. SirDice

    SirDice Moderator Staff Member Moderator

    Messages:
    17,515
    Thanks Received:
    2,351
    Allow.raw_sockets can't be set per jail and is already covered by jail_socket_unixiproute_only. Besides that there's also already a jail_*_flags.

    What parameters are you trying to set?
     
  3. mhunet

    mhunet New Member

    Messages:
    12
    Thanks Received:
    1
    • cpuset.id
    • enforce_statfs
    • children.max
    • allow.set_hostname
    • allow.sysvipc
    • allow.chflags
    • allow.mount
    • allow.quotas
    • allow.socket_af

    As far as I know none of the above paramaters are able to be set through the use of jail_*_flags. And I would say that this is quite limiting.

    And even for the couple of jail paramaters that can be set from rc.conf removing their associated lines from /etc/rc.d/jail and passing them through jail_example_params would increase the efficiency of /etc/rc.d/jail by decreasing its size and amount of cpu usage. This may not be a significant amount but I think the increase in funtionality while staying true to the rc system and increasing its efficiency is a no-brainer.
     
  4. mhunet

    mhunet New Member

    Messages:
    12
    Thanks Received:
    1
    VK thanks for this.
  5. cqexbesd

    cqexbesd New Member

    Messages:
    3
    Thanks Received:
    0
    You can submit patches using send-pr. I know the page talks mainly about bugs but new features can be submitted that way as well. Your report will then go in the list of PRs and hopefully come to the attention of a committer. Make sure you read the guidelines about filling out the PR form to give a smoother ride!

    HTH,

    Andrew