diff options
author | mtm <mtm@FreeBSD.org> | 2003-08-24 06:29:32 +0000 |
---|---|---|
committer | mtm <mtm@FreeBSD.org> | 2003-08-24 06:29:32 +0000 |
commit | 83aa2d3a0b86119a65cff58bd55817dbee03b9d7 (patch) | |
tree | 6d9ca0d2e30bdfcef7279427fed83625fbcef81a /etc/defaults | |
parent | 45596532dbd557423c773fa858ef675180a16923 (diff) | |
download | FreeBSD-src-83aa2d3a0b86119a65cff58bd55817dbee03b9d7.zip FreeBSD-src-83aa2d3a0b86119a65cff58bd55817dbee03b9d7.tar.gz |
Enhance the jail start/stop script.
o The following additional configuration attributes of a jail can be
controlled from rc.conf:
- mounting devfs(5)
- mounting fdescfs(5)
- mounting procfs(5)
- custom devfs(8) ruleset
If no ruleset is specified, the default jail ruleset is used.
o The output of executing /etc/rc in the jail is now redirected
to /dev/null. Instead, the hostname of the jail is echoed if
the jail(8) command exited successfully. If the output is wanted
it can probably be redirected to a file (/var/run/$jail maybe)
instead of /dev/null.
Submitted by: Scot W. Hetzel <hetzels@westbend.net>
with modifications by Jens Rehsack <rehsack@liwing.de>
and me.
Diffstat (limited to 'etc/defaults')
-rw-r--r-- | etc/defaults/rc.conf | 29 |
1 files changed, 24 insertions, 5 deletions
diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index 8a0907d..0a287a9 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -428,16 +428,35 @@ harvest_interrupt="YES" # Entropy device harvests interrupt randomness harvest_ethernet="YES" # Entropy device harvests ethernet randomness harvest_p_to_p="YES" # Entropy device harvests point-to-point randomness dmesg_enable="YES" # Save dmesg(8) to /var/run/dmesg.boot -jail_enable="NO" # Set to NO to disable starting of any jails -jail_list="" # Space separated list of names of jails -jail_set_hostname_allow="YES" # Allow root user in a jail to change its hostname -jail_socket_unixiproute_only="YES" # Route only TCP/IP within a jail -jail_sysvipc_allow="NO" # Allow SystemV IPC use from within a jail watchdogd_enable="NO" # Start the software watchdog daemon devfs_rulesets="/etc/defaults/devfs.rules /etc/devfs.rules" # Files containing # devfs(8) rules. devfs_system_ruleset="" # The name of a ruleset to apply to /dev +############################################################## +### Jail Configuration ####################################### +############################################################## +jail_enable="NO" # Set to NO to disable starting of any jails +jail_list="" # Space separated list of names of jails +jail_set_hostname_allow="YES" # Allow root user in a jail to change its hostname +jail_socket_unixiproute_only="YES" # Route only TCP/IP within a jail +jail_sysvipc_allow="NO" # Allow SystemV IPC use from within a jail +jail_stop_jailer="NO" # Only stop jailer. Requires jail_*_exec be set + # to use sysutils/jailer port to start the jail. + +# +# To use rc's built-in jail infrastructure create entries for +# each jail, specified in jail_list, with the following variables. +# NOTE: replace 'example' with the jail's name. +# +#jail_example_rootdir="/usr/jail/default" # Jail's root directory +#jail_example_hostname="default.domain.com" # Jail's hostname +#jail_example_ip="192.168.0.10" # Jail's IP number +#jail_example_exec="/bin/sh /etc/rc" # command to execute in jail +#jail_example_devfs_enable="NO" # mount devfs in the jail +#jail_example_fdescfs_enable="NO" # mount fdescfs in the jail +#jail_example_procfs_enable="NO" # mount procfs in jail +#jail_example_devfs_ruleset="123" # devfs ruleset to apply to jail ############################################################## ### Define source_rc_confs, the mechanism used by /etc/rc.* ## |