[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freebsd-hackers
Subject:    Re: starting jails within jails using rc
From:       Dan Langille <dan () langille ! org>
Date:       2021-08-15 16:56:33
Message-ID: 2fde54a8-1f19-28e0-46b2-74b5ef2c2e65 () langille ! org
[Download RAW message or body]

James Gritton wrote on 8/15/21 12:29 PM:
> On 2021-08-14 12:59, Dan Langille wrote:
>> The problem:
>>
>> The parent jail cannot automatically start the child jail. The child
>> jail can be started manually.
>>
>> Running this command in the parent child succeeds: service jail start 
>> freshports
>>
>> Why? I think it's because /etc/rc.d/jail contains:
>>
>> # KEYWORD: nojail shutdown
>>
>> This tells the rc system not to run the jail script if the host is a 
>> jail.
>>
>> How can I trick it?
>>
>> My two ideas so far:
>>
>> * remove the keyword from the script (I've tested this; it works)
>> * duplicate the script, removing the keyword from the script
>> * mangle security.jail.jailed in the parent jail it thinks it's not in
>> a jail and runs it anyway
>>
>> The downsides to these:
>>
>> * the first two require I keep up to date with the jail script.
>> * the last one will have unintended consequences I'm sure, many which
>> I most likely would not like.
>
> Since jails with jails is a supported (though not defaulted) feature,
> I see no reason why simply removing the "nojail" keyword from the
> script shouldn't be the default.   The only cost is typical jail
> startup having to run the script to no effect, but the rc system is
> already built of dozens of such seldom-used scripts.
Wow.

I had not considered a patch until now.

Submitted.

https://github.com/freebsd/freebsd-src/pull/525

-- 
Dan Langille - dan@langille.org
https://langille.org/

[prev in list] [next in list] [prev in thread] [next in thread]