jails How to set allow.mlock on an ezjail jail?

Hi all,

I'm trying to install emby-server into an ezjail-created jail. I need to set the "allow.mlock" jail configuration value to "1" but am being thwarted at every attempt. Host runs FreeBSD 13.1.

  • I can't seem to find the right value to put in /usr/local/etc/ezjail/jailname.conf, and I the manpage for rc.conf doesn't list any jail_* variable for allow.mlock. The variable name for "allow.sysvipc" is `export jail_jailname_sysvipc_allow="YES"`, so I thought I might try `export jail_jailname_mlock_allow="YES"`, but naturally this is ignored. Same with jail_jailname_allow_mlock.
  • The jail config files in /var/run gets overwritten by /etc/rc.d whenver the jail is restarted, so I can't put anything in there and expect it to stick (naturally)
  • /etc/jail.conf does not exist, /etc/jail.conf.d/ is empty, and it seems this is intentional as ezjail doesn't seem to follow this convention
  • Googling for many combinations of "allow.mlock", "ezjail", "ezjail mlock", "emby mlock" etc etc don't seem to get me anywhere relevant.

So I'm at a loss. emby-server needs allow.mlock enabled, and I can't figure out how to specify this. Any ideas? At this point I feel like all I can do is write-protect the conf file in /var/run, but isn't that folder cleared out on reboot? Or do I have to migrate/rebuild this jail in something other than ezjail?

Thanks!
 
EZJail is getting old, the developer stopped developing it a long time ago. The cracks are now starting to show. I've migrated most of my jails to sysutils/bastille.
 
EZJail is getting old, the developer stopped developing it a long time ago. The cracks are now starting to show. I've migrated most of my jails to sysutils/bastille.
This seems to be the case. I really don't like ezjail anyway, it seems to spread its config out all over the system. Though now it seems there are several options in this space (iocage + bastille + others?), what made you go with bastille?
 
it seems to spread its config out all over the system.
It's not that bad, the biggest 'problem' is that it still relies on the deprecated jail_* variables. Although there are many people that still use ezjail to create and manage the jails themselves and build their own jail.conf for it.

Though now it seems there are several options in this space (iocage + bastille + others?), what made you go with bastille?
Many more options have arisen since, ezjail was just one of the first ones. Iocage and cbsd did too much, if there is such a thing. My only 'need' was a simple command line tool to easily create and maintain a couple of jails. I do like the template feature of bastille. That's a really useful feature for me.
 
Back
Top