jails in FreeBSD 10

[ikevin8me]

I got this message:

/etc/rc.d/jail: WARNING: Per-jail configuration via jail_* variables is obsolete. Please consider to migrate to /etc/jail.conf.

Where is the documentation for that?

 

[dpejesh]

man jail.conf

 

[SirDice]

It's also mentioned in /usr/src/UPDATING:

20131010:
        The rc.d/jail script has been updated to support jail(8)
        configuration file.  The "jail_<jname>_*" rc.conf(5) variables
        for per-jail configuration are automatically converted to
        /var/run/jail.<jname>.conf before the jail(8) utility is invoked.
        This is transparently backward compatible.  See below about some
        incompatibilities and rc.conf(5) manual page for more details.

        These variables are now deprecated in favor of jail(8) configuration
        file.  One can use "rc.d/jail config <jname>" command to generate
        a jail(8) configuration file in /var/run/jail.<jname>.conf without
        running the jail(8) utility.   The default pathname of the
        configuration file is /etc/jail.conf and can be specified by
        using $jail_conf or $jail_<jname>_conf variables.

        Please note that jail_devfs_ruleset accepts an integer at
        this moment.  Please consider to rewrite the ruleset name
        with an integer.

 

[scottro]

I have a page that covers this at http://home.roadrunner.com/~computertai ... djail.html. (Just search for jail.conf on the page, it's around the middle of it.)

The man page, even for 9.x, states that you should use /etc/jail.conf, but in practice, I found that it seemed to be ignored. (I didn't investigate it thoroughly, it worked with /etc/rc.conf, so that's what I did.).

However, in 10.x, it's apparently necessary to use /etc/jail.conf. This has been my experience, and again, not heavily tested. My procedure was to try the conf file in 9.x, find it didn't work, put the lines in /etc/rc.conf, and continue to use that in 9.x. On FreeBSD-10, once again tried with /etc/jail.conf, found that it worked, with

jail_enable="YES"

as the only jail reference in /etc/rc.conf, and that was the extent of my testing.

 

[SirDice]

I think on 9.x you need to use jail2_enable="YES" instead of jail_enable="YES" to make it use /etc/jail.conf.

 

[scottro]

Thanks. I'll have to give that a test at some point (though probably not this week).
(I'm going to add the information on my page, with a note that it's untested by me.)

A bit more googling indicates that to make that jail2_enable line work, one needs to install syutils/jail2.

http://lists.freebsd.org/pipermail/free ... 46891.html

 

[scottro]

Ok, just tested this in a VM. I created a jail, and put

jails2_enable="YES"

in /etc/rc.conf. At that point, it told me that I should add

jail_enable="YES"

to /etc/rc.conf. As far as I can tell, my post above was correct, one needs to install the jails2 port for the jails2_enable part to work. I didn't take it that far though, as it's not something I would bother to do. (That doesn't mean it's bad--it's probably better to get jails working with the jails.conf file, which will mean less work if a system is upgraded to FreeBSD-10--it just means that for my needs, it's work and testing that I don't feel like doing.)

So, I'll go with my original statement, that 9.x seems to still use entries in /etc/rc.conf.