jail.conf

hedgehog

hedgehog

Greetings.
FreeBSD 9.1 brought a separate configuration file for jails: /etc/jail.conf

I've successfully set up a jail, but I can't get how to use mount.devfs option (I assume it's the same as jail_name_devfs_enable="YES" in rc.conf

According to jail() I made the following configuration in /etc/jail.conf:
Code: 
portsbuild {
        path = /jails/portsbuild;
        allow.mount;
        mount.devfs;
        host.hostname = portsbuild.home;
        ip4.addr = 192.168.0.200;
        interface = nfe0;
        exec.start = "/bin/sh /etc/rc";
        exec.stop = "/bin/sh /etc/rc.shutdown";
}

Then I'm starting the jail:
Code: 
$ sudo jail -c portsbuild
portsbuild: created
Setting hostname: portsbuild.home.
Creating and/or trimming log files.
ln: /dev/log: Operation not permitted
Starting syslogd.
ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib
32-bit compatibility ldconfig path: /usr/lib32
Clearing /tmp (X related).
Updating motd:.
Starting cron.

The problem is: looks like devfs gets mounted each time I start the jail, here is the host's output:
Code: 
$ df -h
...
devfs               1.0k    1.0k      0B   100%    /jails/portsbuild/dev
devfs               1.0k    1.0k      0B   100%    /jails/portsbuild/dev
devfs               1.0k    1.0k      0B   100%    /jails/portsbuild/dev
devfs               1.0k    1.0k      0B   100%    /jails/portsbuild/dev
/usr/ports          174G     28G    146G    16%    /jails/portsbuild/usr/ports
devfs               1.0k    1.0k      0B   100%    /jails/portsbuild/dev

I'm killing jail using this command within the jail:
Code: 
kill -KILL -1
After this jls() shows no active jails, but devfs is still listed as mounted on the host.

Am I doing something wrong? I'm totally new to jails and completely lost here. The official documentation doesn't describe jail.conf as it's not oficially released yet.
 
hedgehog said:
I'm killing jail using this command within the jail:
Code: 
kill -KILL -1
After this jls() shows no active jails, but devfs is still listed as mounted on the host.
Click to expand...
That's because you killed it instead of shutting it down. These options are new to me but looking at the manpage I think you're supposed to do:
# jail -r portsbuild

Normally you'd:
# service jail start portsbuild
And
# service jail stop portsbuild
 
SirDice said:
That's because you killed it instead of shutting it down. These options are new to me but looking at the manpage I think you're supposed to do:
# jail -r portsbuild
Click to expand...
You're abolutely right! I've got confused by manpages a bit:
-r Remove the jail specified by jid or name. All jailed processes are killed, and all children of this jail are also removed.
Click to expand...
Thought it removes the jail completely or something :)

SirDice said:
Normally you'd:
# service jail start portsbuild
And
# service jail stop portsbuild
Click to expand...
It works only if you define jails in rc.conf. I really like idea to separate jails configuration from rc.conf.

Anyway, -r option did the trick.
 
Sorry, I have another question regarding jail.conf

As far as I know, you can create /etc/fstab.jailname file that will be used to mount/unmount filesystems when a jail started/stopped.

However, I couldn't achieve this using /etc/jail.conf. I have /etc/fstab.portsbuild file on the host:
Code: 
/usr/ports              /jails/portsbuild/usr/ports      nullfs  rw          0  0
/usr/src                /jails/portsbuild/usr/src        nullfs  ro,noatime  0  0
Here is /etc/jail.conf:
Code: 
portsbuild {
        path = /jails/portsbuild;
        mount.devfs;
        allow.mount;
        mount;
        host.hostname = portsbuild.home;
        ip4.addr = 192.168.0.200;
        interface = nfe0;
        exec.start = "/bin/sh /etc/rc";
        exec.stop = "/bin/sh /etc/rc.shutdown";
}
devfs is mounted automatically, but entries in /etc/fstab.portsbuild - aren't.

UPDATE:
Thanks to SirDice on irc channel :)
Code: 
mount.fstab="/etc/fstab.portsbuild";
 
  • Thanks
Reactions: oed
You must log in or register to reply here.
Back
Top