jexec -n

SirDice · Apr 2, 2009

I've been looking at http://wiki.freebsd.org/Jails and saw it should now be possible to use jexec with the jail's name instead of the jail id.

man jexec:

The jexec utility executes command inside the jail identified by either jailname or jid or both.

But it seems it's not fully implemented yet as it still requires the jail id..

Code:

root@molly:~#jls
   JID  IP Address      Hostname                      Path
     5  192.168.1.192   build.dicelan.home            /jail/j2
     1  192.168.1.191   internetz.dicelan.home        /jail/j1
root@molly:~#jexec -n build su -
jexec: Unable to parse jail ID.: Invalid argument
root@molly:~#jexec -n build 5 su -
jexec: Could not uniquely identify the jail.
root@molly:~#jexec 5 su -
root@build:~#uname -a
FreeBSD build.dicelan.home 7.1-STABLE FreeBSD 7.1-STABLE #2: Sun Feb  8 20:34:01 CET 2009     root@molly.dicelan.home:/usr/obj/usr/src/sys/MOLLY  i386

Should I reopen http://www.freebsd.org/cgi/query-pr.cgi?pr=119305 ?

SirDice · Apr 2, 2009

Hmm... It seems I don't have a security.jail.list sysctl.
I was also expecting the /etc/rc.d/jail script to start the jail with the -n flag, which it doesn't. Looks like this is still a WIP.

dthomas53 · Apr 16, 2009

So does anyone know if this is even still under development?

richardpl · Apr 17, 2009

Do you ever care to read jexec(8) manul page before posting this thread.

Huh, that link contains obsolete information, pick manual page for CURRENT instead:

Code:

The following options are available:

     -n jailname
             The name of the jail, if given upon creation of the jail.  This
             is not the hostname of the jail

DutchDaemon · Apr 17, 2009

It becomes available in 8-CURRENT
http://www.freebsd.org/cgi/man.cgi?...ktion=8&manpath=FreeBSD+8-current&format=html

SirDice · Apr 17, 2009

richardpl said:
Do you ever care to read jexec(8) manul page before posting this thread.

I quoted the man page from 7-stable. The -n option IS available on 7-stable.

Doesn't really matter, the jail name isn't set in the /etc/rc.d/jail script on 7-stable anyway. Which is probably the reason for the error.

SirDice · Apr 17, 2009

To elaborate a bit on this, this is the relevant bit from my rc.conf:

Code:

jail_enable="YES"
jail_list="internetz build"
jail_internetz_rootdir="/jail/j1/"
jail_internetz_hostname="internetz.dicelan.home"
jail_internetz_ip="192.168.1.191"
jail_internetz_interface="rl0"
jail_internetz_mount_enable="YES"
jail_internetz_devfs_enable="YES"
jail_internetz_devfs_rules="jail"

jail_build_rootdir="/jail/j2"
jail_build_hostname="build.dicelan.home"
jail_build_ip="192.168.1.192"
jail_build_interface="rl0"
jail_build_mount_enable="YES"
jail_build_devfs_enable="YES"
jail_build_devfs_rules="jail"

I was more or less expecting the /etc/rc.d/jail script to use the names in jail_list as the names for the jails. That they are similar to the hostname is just for me to avoid confusion :e

It looks rather trivial to hack this into the /etc/rc.d/jail script, how's this done on -CURRENT?

ctaranotte · Apr 17, 2009

did you try this?

Code:

jexec -n [B]"internetz build"[/B]

EDIT: my mistake: it doesn't work on 7.2 RC1

radix · Jun 27, 2009

Real solution

Geez -- after all the talk and speculation, here is the solution:

Code:

jexec -n jailname '' command ...

Note the '' for the empty string.

jexec -n

SirDice

Administrator

SirDice

Administrator

dthomas53

richardpl

DutchDaemon

Administrator

SirDice

Administrator

SirDice

Administrator

ctaranotte

radix