jails Execute exec.release even when Jail is dying/failed to start (Old title: Cleaning Jails If Dying)

[parworks]

Dear all,

Setting up jail.conf, I've setup some exec.prestart & exec.release scripts for the jail service to run before starting up jail. I'll take one example where I create epair for the jail's interface in exec.prestart & destroy them in exec.release. My problem is that if, for any reason, the jail failed to start or went dying, the exec.prestart was already done, hence the epair has already been made, but since it failed to run, the exec.release won't run to destroy the epair.

Is there a way to make jail run the exec.relase or exec.poststop if the jail failed to start (e.g. if i mistype the interface name, hence jail failed to run since interface not found) or dying (e.g. make slight mistake in exec.start or the rc.conf file)?

Thank you

EDIT: Edited the title, since I though my old title wasn't really clear on what I asked for.

 

[parworks]

OK, so far I can only do one thing: Take all exec.prepare, exec.prestart, exec.poststop, and exec.release away from jail.conf and move it to custom script.

The custom script will call all the scripts and commands used to be called in exec.prepare and exec.prestart, and check the jail -c return value ( echo $?). If it returns non-zero value, then the custom script will call all scripts and commands which used to be in exec.poststop and exec.release.

Anyone can think of a more robust method than this? I'm sure this works as workaround, but I'm sure this is no way robust or reliable.

EDIT: Yeah, as suspected, not 100% robust. It takes care jails that failed to start (e.g. wrong interface name), but wouldn't do much if the jail is dying (e.g. forget to add persist flag to jail that has no exec.start and exec.stop). If the jail is dying, the return value of jail -c is still 0 with no further explanation if it is dying. Grep-ing jls output might do some magic, but that's definitely not a robust way to do this.