From david@releaser.nfrance.com  Tue Jan 19 15:51:27 2010
Return-Path: <david@releaser.nfrance.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9A46010656A3
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 19 Jan 2010 15:51:27 +0000 (UTC)
	(envelope-from david@releaser.nfrance.com)
Received: from releaser.nfrance.com (cl-62.mrs-01.fr.sixxs.net [IPv6:2a01:240:fe00:3d::2])
	by mx1.freebsd.org (Postfix) with ESMTP id 076288FC24
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 19 Jan 2010 15:51:26 +0000 (UTC)
Received: from releaser.nfrance.com (localhost [127.0.0.1])
	by releaser.nfrance.com (8.14.3/8.14.3) with ESMTP id o0JFpOB9014787;
	Tue, 19 Jan 2010 16:51:24 +0100 (CET)
	(envelope-from david@releaser.nfrance.com)
Received: (from david@localhost)
	by releaser.nfrance.com (8.14.3/8.14.3/Submit) id o0JFpOeg014786;
	Tue, 19 Jan 2010 16:51:24 +0100 (CET)
	(envelope-from david)
Message-Id: <201001191551.o0JFpOeg014786@releaser.nfrance.com>
Date: Tue, 19 Jan 2010 16:51:24 +0100 (CET)
From: BERARD David <david@nfrance.com>
Reply-To: BERARD David <david@nfrance.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc: laurent@sintes.org
Subject: Support JAILv2 and vnet in rc.d/jail
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         142972
>Category:       conf
>Synopsis:       [jail] [patch] Support JAILv2 and vnet in rc.d/jail
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-jail
>State:          suspended
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jan 19 16:00:18 UTC 2010
>Closed-Date:    
>Last-Modified:  Tue Sep 18 22:30:08 UTC 2012
>Originator:     BERARD David
>Release:        FreeBSD 8.0-RELEASE
>Organization:
NFrance Conseil
>Environment:
System: FreeBSD releaser.nfrance.com 8.0-RELEASE-p2 FreeBSD 8.0-RELEASE-p2 #0: Mon Jan 18 17:32:06 CET 2010 root@releaser.nfrance.com:/usr/obj/usr/src/sys/LAB i386


>Description:
	The current /etc/rc.d/jail doesn't support the new jail parameter
	style. It doesn't support vnet (VIMAGE) and jail name.
>How-To-Repeat:
	Try to run a vnet compliant jail with rc.conf
>Fix:
	See the attached patch

--- jailv2rc.patch begins here ---
--- /usr/src/etc/rc.d/jail	2009-10-25 02:10:29.000000000 +0100
+++ /usr/src/etc/rc.d/jail	2010-01-19 16:14:43.000000000 +0100
@@ -38,6 +38,7 @@
 	_fdescdir="${_devdir}/fd"
 	_procdir="${_rootdir}/proc"
 	eval _hostname=\"\$jail_${_j}_hostname\"
+	eval _name=\"\$jail_${_j}_name\"
 	eval _ip=\"\$jail_${_j}_ip\"
 	eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\"
 	eval _exec=\"\$jail_${_j}_exec\"
@@ -95,6 +96,9 @@
 		fi
 	fi
 
+	# JAIL new style
+	eval _v2=\"\${jail_v2_enable:-"NO"}\"
+
 	# The default jail ruleset will be used by rc.subr if none is specified.
 	eval _ruleset=\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}}\"
 	eval _devfs=\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}\"
@@ -110,18 +114,26 @@
 	eval _fstab=\"\${jail_${_j}_fstab:-${jail_fstab}}\"
 	[ -z "${_fstab}" ] && _fstab="/etc/fstab.${_j}"
 	eval _flags=\"\${jail_${_j}_flags:-${jail_flags}}\"
-	[ -z "${_flags}" ] && _flags="-l -U root"
+	if checkyesno _v2; then
+		[ -z "${_flags}" ] && _flags="-l -U root -c"
+	else
+		[ -z "${_flags}" ] && _flags="-l -U root"
+	fi
 	eval _consolelog=\"\${jail_${_j}_consolelog:-${jail_consolelog}}\"
 	[ -z "${_consolelog}" ] && _consolelog="/var/log/jail_${_j}_console.log"
 	eval _fib=\"\${jail_${_j}_fib:-${jail_fib}}\"
+	eval _vnet=\"\${jail_${_j}_vnet_enable:-"NO"}\"
 
 	# Debugging aid
 	#
+	debug "$_j v2 enable: $_v2"
 	debug "$_j devfs enable: $_devfs"
 	debug "$_j fdescfs enable: $_fdescfs"
 	debug "$_j procfs enable: $_procfs"
 	debug "$_j mount enable: $_mount"
+	debug "$_j vnet enable: $_vnet"
 	debug "$_j hostname: $_hostname"
+	debug "$_j name: $_name"
 	debug "$_j ip: $_ip"
 	jail_show_addresses ${_j}
 	debug "$_j interface: $_interface"
@@ -635,11 +647,26 @@
 			i=$((i + 1))
 		done
 
-		eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname} \
-			\"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1
-
+		if checkyesno _v2; then
+			_start_cmd="${_setfib} jail -J ${_tmp_jail} ${_flags} path=${_rootdir} host.hostname=${_hostname} \
+				name=\"${_name}\""
+			if checkyesno _vnet; then
+				_start_cmd="${_start_cmd} vnet"
+			else
+				_start_cmd="${_start_cmd} ip4.addr=\"${_addrl}\""
+			fi
+			 _start_cmd="${_start_cmd} command=${_exec_start}"
+			eval ${_start_cmd} > /dev/null 2>&1
+		else
+			eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname} \
+				\"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1
+		fi
 		if [ "$?" -eq 0 ] ; then
-			_jail_id=$(head -1 ${_tmp_jail})
+			if checkyesno _v2; then
+				_jail_id=$(awk -F '=| ' '{print $2}' ${_tmp_jail})
+			else
+				_jail_id=$(head -1 ${_tmp_jail})
+			fi
 			i=1
 			while : ; do
 				eval out=\"\${_exec_afterstart${i}:-''}\"
--- jailv2rc.patch ends here ---


>Release-Note:
>Audit-Trail:

From: David BERARD <david@nfrance.com>
To: bug-followup@FreeBSD.org, david@nfrance.com
Cc:  
Subject: Re: conf/142972: Support JAILv2 and vnet in rc.d/jail
Date: Tue, 19 Jan 2010 18:24:21 +0100

 This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
 --------------enig469E27EF54D7CA5B242D3CA3
 Content-Type: text/plain; charset=ISO-8859-1
 Content-Transfer-Encoding: quoted-printable
 
 /etc/rc.conf example with this patch
 
 jail_list=3D"$jail_list example"
 jail_example_hostname=3D"example.nfrance.local"
 jail_example_name=3D"example"
 jail_example_rootdir=3D"/home/jails/example"
 jail_example_vnet_enable=3D"YES"
 jail_example_devfs_enable=3D"YES"
 jail_example_mount_enable=3D"YES"
 jail_example_fstab=3D"/etc/fstab.example"
 #network
 jail_example_exec_prestart0=3D"ifconfig epair0 create"
 
 jail_example_exec_poststart0=3D"ifconfig epair0b vnet example"
 jail_example_exec_afterstart1=3D"ifconfig lo0 127.0.0.1"
 jail_example_exec_poststop0=3D"ifconfig epair0a destroy
 
 
 --------------enig469E27EF54D7CA5B242D3CA3
 Content-Type: application/pgp-signature; name="signature.asc"
 Content-Description: OpenPGP digital signature
 Content-Disposition: attachment; filename="signature.asc"
 
 -----BEGIN PGP SIGNATURE-----
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
 iEYEARECAAYFAktV6sUACgkQYIAREn/GjrjIMgCfZceMqmPfHmobAaJerb+4njcC
 DLIAoJoeosmH6+jqOzuxPwiF/q1apl9f
 =kuw8
 -----END PGP SIGNATURE-----
 
 --------------enig469E27EF54D7CA5B242D3CA3--
Responsible-Changed-From-To: freebsd-bugs->freebsd-jail 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Tue Jan 19 22:34:19 UTC 2010 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=142972 

From: David BERARD <david@nfrance.com>
To: freebsd-jail@freebsd.org, bug-followup@freebsd.org
Cc: Merijn Verstraaten <merijn@inconsistent.nl>
Subject: Re: conf/142972: [jail] [patch] Support JAILv2 and vnet in rc.d/jail
Date: Wed, 20 Jan 2010 10:16:57 +0100

 This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
 --------------enig63BF9C8D2DF19443C3D812C4
 Content-Type: multipart/mixed;
  boundary="------------020001070709060807020708"
 
 This is a multi-part message in MIME format.
 --------------020001070709060807020708
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: quoted-printable
 
 > This patch seems to lack support for adding IPv6 addresses to the jails=
 =2E
 > It passes $_addrl (which can contain both IPv4 and IPv6 addresses) as a=
 n
 > argument to ip4.addr and doesn't include ipv6.addr at all.
 
 You're right, Fixed in this new patch.
 
 Best regards.
 
 --=20
 David BERARD
 ---------------------------------------
 NFrance Conseil
 david(at)nfrance.com
 GPG|PGP KeyId 0x7FC68EB8
 GPG|PGP Key http://tinyurl.com/gpgdavid
 ---------------------------------------
 *     No electrons were harmed in     *
 *    the transmission of this email   *
 
 --------------020001070709060807020708
 Content-Type: text/plain;
  name="jailv2rcip6.patch"
 Content-Transfer-Encoding: base64
 Content-Disposition: inline;
  filename="jailv2rcip6.patch"
 
 LS0tIC91c3Ivc3JjL2V0Yy9yYy5kL2phaWwJMjAwOS0xMC0yNSAwMjoxMDoyOS4wMDAwMDAw
 MDAgKzAxMDAKKysrIC9ldGMvcmMuZC9qYWlsCTIwMTAtMDEtMjAgMDk6NDg6MDQuMDAwMDAw
 MDAwICswMTAwCkBAIC0zOCw2ICszOCw3IEBACiAJX2ZkZXNjZGlyPSIke19kZXZkaXJ9L2Zk
 IgogCV9wcm9jZGlyPSIke19yb290ZGlyfS9wcm9jIgogCWV2YWwgX2hvc3RuYW1lPVwiXCRq
 YWlsXyR7X2p9X2hvc3RuYW1lXCIKKwlldmFsIF9uYW1lPVwiXCRqYWlsXyR7X2p9X25hbWVc
 IgogCWV2YWwgX2lwPVwiXCRqYWlsXyR7X2p9X2lwXCIKIAlldmFsIF9pbnRlcmZhY2U9XCJc
 JHtqYWlsXyR7X2p9X2ludGVyZmFjZTotJHtqYWlsX2ludGVyZmFjZX19XCIKIAlldmFsIF9l
 eGVjPVwiXCRqYWlsXyR7X2p9X2V4ZWNcIgpAQCAtOTUsNiArOTYsOSBAQAogCQlmaQogCWZp
 CiAKKwkjIEpBSUwgbmV3IHN0eWxlCisJZXZhbCBfdjI9XCJcJHtqYWlsX3YyX2VuYWJsZTot
 Ik5PIn1cIgorCiAJIyBUaGUgZGVmYXVsdCBqYWlsIHJ1bGVzZXQgd2lsbCBiZSB1c2VkIGJ5
 IHJjLnN1YnIgaWYgbm9uZSBpcyBzcGVjaWZpZWQuCiAJZXZhbCBfcnVsZXNldD1cIlwke2ph
 aWxfJHtfan1fZGV2ZnNfcnVsZXNldDotJHtqYWlsX2RldmZzX3J1bGVzZXR9fVwiCiAJZXZh
 bCBfZGV2ZnM9XCJcJHtqYWlsXyR7X2p9X2RldmZzX2VuYWJsZTotJHtqYWlsX2RldmZzX2Vu
 YWJsZX19XCIKQEAgLTExMCwxOCArMTE0LDI2IEBACiAJZXZhbCBfZnN0YWI9XCJcJHtqYWls
 XyR7X2p9X2ZzdGFiOi0ke2phaWxfZnN0YWJ9fVwiCiAJWyAteiAiJHtfZnN0YWJ9IiBdICYm
 IF9mc3RhYj0iL2V0Yy9mc3RhYi4ke19qfSIKIAlldmFsIF9mbGFncz1cIlwke2phaWxfJHtf
 an1fZmxhZ3M6LSR7amFpbF9mbGFnc319XCIKLQlbIC16ICIke19mbGFnc30iIF0gJiYgX2Zs
 YWdzPSItbCAtVSByb290IgorCWlmIGNoZWNreWVzbm8gX3YyOyB0aGVuCisJCVsgLXogIiR7
 X2ZsYWdzfSIgXSAmJiBfZmxhZ3M9Ii1sIC1VIHJvb3QgLWMiCisJZWxzZQorCQlbIC16ICIk
 e19mbGFnc30iIF0gJiYgX2ZsYWdzPSItbCAtVSByb290IgorCWZpCiAJZXZhbCBfY29uc29s
 ZWxvZz1cIlwke2phaWxfJHtfan1fY29uc29sZWxvZzotJHtqYWlsX2NvbnNvbGVsb2d9fVwi
 CiAJWyAteiAiJHtfY29uc29sZWxvZ30iIF0gJiYgX2NvbnNvbGVsb2c9Ii92YXIvbG9nL2ph
 aWxfJHtfan1fY29uc29sZS5sb2ciCiAJZXZhbCBfZmliPVwiXCR7amFpbF8ke19qfV9maWI6
 LSR7amFpbF9maWJ9fVwiCisJZXZhbCBfdm5ldD1cIlwke2phaWxfJHtfan1fdm5ldF9lbmFi
 bGU6LSJOTyJ9XCIKIAogCSMgRGVidWdnaW5nIGFpZAogCSMKKwlkZWJ1ZyAiJF9qIHYyIGVu
 YWJsZTogJF92MiIKIAlkZWJ1ZyAiJF9qIGRldmZzIGVuYWJsZTogJF9kZXZmcyIKIAlkZWJ1
 ZyAiJF9qIGZkZXNjZnMgZW5hYmxlOiAkX2ZkZXNjZnMiCiAJZGVidWcgIiRfaiBwcm9jZnMg
 ZW5hYmxlOiAkX3Byb2NmcyIKIAlkZWJ1ZyAiJF9qIG1vdW50IGVuYWJsZTogJF9tb3VudCIK
 KwlkZWJ1ZyAiJF9qIHZuZXQgZW5hYmxlOiAkX3ZuZXQiCiAJZGVidWcgIiRfaiBob3N0bmFt
 ZTogJF9ob3N0bmFtZSIKKwlkZWJ1ZyAiJF9qIG5hbWU6ICRfbmFtZSIKIAlkZWJ1ZyAiJF9q
 IGlwOiAkX2lwIgogCWphaWxfc2hvd19hZGRyZXNzZXMgJHtfan0KIAlkZWJ1ZyAiJF9qIGlu
 dGVyZmFjZTogJF9pbnRlcmZhY2UiCkBAIC00ODEsNiArNDkzLDIwIEBACiAJCSopCTs7CiAJ
 CWVzYWMKIAorCQkKKwkJIyBBcHBlbmQgYWRkcmVzcyB0byBsaXN0IG9mIGFkZHJlc3NlcyBm
 b3IgdGhlIGphaWwgY29tbWFuZC4KKwkJY2FzZSAiJHtfdHlwZX0iIGluCisJCSJpbmV0IikJ
 Y2FzZSAiJHtfYWRkcmx2NH0iIGluCisJCQkiIikJX2FkZHJsdjQ9IiR7X2FkZHJ9IiA7Owor
 CQkJKikJX2FkZHJsdjQ9IiR7X2FkZHJsdjR9LCR7X2FkZHJ9IiA7OworCQkJZXNhYzs7CisJ
 CSJpbmV0NiIpIGNhc2UgIiR7X2FkZHJsdjZ9IiBpbgorCQkJIiIpCV9hZGRybHY2PSIke19h
 ZGRyfSIgOzsKKwkJCSopCV9hZGRybHY2PSIke19hZGRybHY2fSwke19hZGRyfSIgOzsKKwkJ
 CWVzYWM7OworCQllc2FjCisJCQorCQkKIAkJIyBBcHBlbmQgYWRkcmVzcyB0byBsaXN0IG9m
 IGFkZHJlc3NlcyBmb3IgdGhlIGphaWwgY29tbWFuZC4KIAkJY2FzZSAiJHtfYWRkcmx9IiBp
 bgogCQkiIikJX2FkZHJsPSIke19hZGRyfSIgOzsKQEAgLTU2Nyw2ICs1OTMsOCBAQAogCQkJ
 Y29udGludWU7CiAJCWZpCiAJCV9hZGRybD0iIgorCQlfYWRkcmx2ND0iIgorCQlfYWRkcmx2
 Nj0iIgogCQlqYWlsX2lwcyAiYWRkIgogCQlpZiBbIC1uICIke19maWJ9IiBdOyB0aGVuCiAJ
 CQlfc2V0ZmliPSJzZXRmaWIgLUYgJyR7X2ZpYn0nIgpAQCAtNjM0LDEyICs2NjIsMjYgQEAK
 IAkJCSR7b3V0fQogCQkJaT0kKChpICsgMSkpCiAJCWRvbmUKLQotCQlldmFsICR7X3NldGZp
 Yn0gamFpbCAke19mbGFnc30gLWkgJHtfcm9vdGRpcn0gJHtfaG9zdG5hbWV9IFwKLQkJCVwi
 JHtfYWRkcmx9XCIgJHtfZXhlY19zdGFydH0gPiAke190bXBfamFpbH0gMj4mMQotCisJCWlm
 IGNoZWNreWVzbm8gX3YyOyB0aGVuCisJCQlfc3RhcnRfY21kPSIke19zZXRmaWJ9IGphaWwg
 LUogJHtfdG1wX2phaWx9ICR7X2ZsYWdzfSBwYXRoPSR7X3Jvb3RkaXJ9IGhvc3QuaG9zdG5h
 bWU9JHtfaG9zdG5hbWV9IFwKKwkJCQluYW1lPVwiJHtfbmFtZX1cIiIKKwkJCWlmIGNoZWNr
 eWVzbm8gX3ZuZXQ7IHRoZW4KKwkJCQlfc3RhcnRfY21kPSIke19zdGFydF9jbWR9IHZuZXQi
 CisJCQllbHNlCisJCQkJX3N0YXJ0X2NtZD0iJHtfc3RhcnRfY21kfSBpcDQuYWRkcj1cIiR7
 X2FkZHJsdjR9XCIgaXA2LmFkZHI9XCIke19hZGRybHY2fVwiIgorCQkJZmkKKwkJCSBfc3Rh
 cnRfY21kPSIke19zdGFydF9jbWR9IGNvbW1hbmQ9JHtfZXhlY19zdGFydH0iCisJCQlldmFs
 ICR7X3N0YXJ0X2NtZH0gPiAvZGV2L251bGwgMj4mMQorCQllbHNlCisJCQlldmFsICR7X3Nl
 dGZpYn0gamFpbCAke19mbGFnc30gLWkgJHtfcm9vdGRpcn0gJHtfaG9zdG5hbWV9IFwKKwkJ
 CQlcIiR7X2FkZHJsfVwiICR7X2V4ZWNfc3RhcnR9ID4gJHtfdG1wX2phaWx9IDI+JjEKKwkJ
 ZmkKIAkJaWYgWyAiJD8iIC1lcSAwIF0gOyB0aGVuCi0JCQlfamFpbF9pZD0kKGhlYWQgLTEg
 JHtfdG1wX2phaWx9KQorCQkJaWYgY2hlY2t5ZXNubyBfdjI7IHRoZW4KKwkJCQlfamFpbF9p
 ZD0kKGF3ayAtRiAnPXwgJyAne3ByaW50ICQyfScgJHtfdG1wX2phaWx9KQorCQkJZWxzZQor
 CQkJCV9qYWlsX2lkPSQoaGVhZCAtMSAke190bXBfamFpbH0pCisJCQlmaQogCQkJaT0xCiAJ
 CQl3aGlsZSA6IDsgZG8KIAkJCQlldmFsIG91dD1cIlwke19leGVjX2FmdGVyc3RhcnQke2l9
 Oi0nJ31cIgo=
 --------------020001070709060807020708--
 
 --------------enig63BF9C8D2DF19443C3D812C4
 Content-Type: application/pgp-signature; name="signature.asc"
 Content-Description: OpenPGP digital signature
 Content-Disposition: attachment; filename="signature.asc"
 
 -----BEGIN PGP SIGNATURE-----
 
 iEYEARECAAYFAktWyhAACgkQYIAREn/GjriZ7wCgl/nT0a5JlOZClGuJJgNn6pER
 aLEAnjgcSEbBzTzH0jS0SWMSvJz19ONm
 =2ezt
 -----END PGP SIGNATURE-----
 
 --------------enig63BF9C8D2DF19443C3D812C4--

From: David BERARD <david@nfrance.com>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: conf/142972: [jail] [patch] Support JAILv2 and vnet in rc.d/jail
Date: Wed, 20 Jan 2010 10:30:13 +0100

 This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
 --------------enig17DF4DD3D8D95299AD818873
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: quoted-printable
 
 Sorry for base64 encoded data
 
 --- jailv2rc_ip6.patch begins here ---
 --- /usr/src/etc/rc.d/jail      2009-10-25 02:10:29.000000000 +0100
 +++ /usr/src/etc/rc.d/jail      2010-01-20 09:48:04.000000000 +0100
 @@ -38,6 +38,7 @@
         _fdescdir=3D"${_devdir}/fd"
         _procdir=3D"${_rootdir}/proc"
         eval _hostname=3D\"\$jail_${_j}_hostname\"
 +       eval _name=3D\"\$jail_${_j}_name\"
         eval _ip=3D\"\$jail_${_j}_ip\"
         eval _interface=3D\"\${jail_${_j}_interface:-${jail_interface}}\"=
 
         eval _exec=3D\"\$jail_${_j}_exec\"
 @@ -95,6 +96,9 @@
                 fi
         fi
 
 +       # JAIL new style
 +       eval _v2=3D\"\${jail_v2_enable:-"NO"}\"
 +
         # The default jail ruleset will be used by rc.subr if none is spe=
 cified.
         eval _ruleset=3D\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_rules=
 et}}\"
         eval _devfs=3D\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}=
 \"
 @@ -110,18 +114,26 @@
         eval _fstab=3D\"\${jail_${_j}_fstab:-${jail_fstab}}\"
         [ -z "${_fstab}" ] && _fstab=3D"/etc/fstab.${_j}"
         eval _flags=3D\"\${jail_${_j}_flags:-${jail_flags}}\"
 -       [ -z "${_flags}" ] && _flags=3D"-l -U root"
 +       if checkyesno _v2; then
 +               [ -z "${_flags}" ] && _flags=3D"-l -U root -c"
 +       else
 +               [ -z "${_flags}" ] && _flags=3D"-l -U root"
 +       fi
         eval _consolelog=3D\"\${jail_${_j}_consolelog:-${jail_consolelog}=
 }\"
         [ -z "${_consolelog}" ] && _consolelog=3D"/var/log/jail_${_j}_con=
 sole.log"
         eval _fib=3D\"\${jail_${_j}_fib:-${jail_fib}}\"
 +       eval _vnet=3D\"\${jail_${_j}_vnet_enable:-"NO"}\"
 
         # Debugging aid
         #
 +       debug "$_j v2 enable: $_v2"
         debug "$_j devfs enable: $_devfs"
         debug "$_j fdescfs enable: $_fdescfs"
         debug "$_j procfs enable: $_procfs"
         debug "$_j mount enable: $_mount"
 +       debug "$_j vnet enable: $_vnet"
         debug "$_j hostname: $_hostname"
 +       debug "$_j name: $_name"
         debug "$_j ip: $_ip"
         jail_show_addresses ${_j}
         debug "$_j interface: $_interface"
 @@ -481,6 +493,20 @@
                 *)      ;;
                 esac
 
 +
 +               # Append address to list of addresses for the jail comman=
 d.
 +               case "${_type}" in
 +               "inet") case "${_addrlv4}" in
 +                       "")     _addrlv4=3D"${_addr}" ;;
 +                       *)      _addrlv4=3D"${_addrlv4},${_addr}" ;;
 +                       esac;;
 +               "inet6") case "${_addrlv6}" in
 +                       "")     _addrlv6=3D"${_addr}" ;;
 +                       *)      _addrlv6=3D"${_addrlv6},${_addr}" ;;
 +                       esac;;
 +               esac
 +
 +
                 # Append address to list of addresses for the jail comman=
 d.
                 case "${_addrl}" in
                 "")     _addrl=3D"${_addr}" ;;
 @@ -567,6 +593,8 @@
                         continue;
                 fi
                 _addrl=3D""
 +               _addrlv4=3D""
 +               _addrlv6=3D""
                 jail_ips "add"
                 if [ -n "${_fib}" ]; then
                         _setfib=3D"setfib -F '${_fib}'"
 @@ -634,12 +662,26 @@
                         ${out}
                         i=3D$((i + 1))
                 done
 -
 -               eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname=
 } \
 -                       \"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1
 -
 +               if checkyesno _v2; then
 +                       _start_cmd=3D"${_setfib} jail -J ${_tmp_jail} ${_=
 flags} path=3D${_rootdir} host.hostname=3D${_hostname} \
 +                               name=3D\"${_name}\""
 +                       if checkyesno _vnet; then
 +                               _start_cmd=3D"${_start_cmd} vnet"
 +                       else
 +                               _start_cmd=3D"${_start_cmd} ip4.addr=3D\"=
 ${_addrlv4}\" ip6.addr=3D\"${_addrlv6}\""
 +                       fi
 +                        _start_cmd=3D"${_start_cmd} command=3D${_exec_st=
 art}"
 +                       eval ${_start_cmd} > /dev/null 2>&1
 +               else
 +                       eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_=
 hostname} \
 +                               \"${_addrl}\" ${_exec_start} > ${_tmp_jai=
 l} 2>&1
 +               fi
                 if [ "$?" -eq 0 ] ; then
 -                       _jail_id=3D$(head -1 ${_tmp_jail})
 +                       if checkyesno _v2; then
 +                               _jail_id=3D$(awk -F '=3D| ' '{print $2}' =
 ${_tmp_jail})
 +                       else
 +                               _jail_id=3D$(head -1 ${_tmp_jail})
 +                       fi
                         i=3D1
                         while : ; do
                                 eval out=3D\"\${_exec_afterstart${i}:-''}=
 \"
 --- jailv2rc_ip6.patch ends here ---
 
 
 --------------enig17DF4DD3D8D95299AD818873
 Content-Type: application/pgp-signature; name="signature.asc"
 Content-Description: OpenPGP digital signature
 Content-Disposition: attachment; filename="signature.asc"
 
 -----BEGIN PGP SIGNATURE-----
 
 iEYEARECAAYFAktWzSUACgkQYIAREn/Gjrj/7ACgw+LGIJyA4YZ2uXeKx+6+8wYb
 HsgAnAj60qPyGyfwTSUUtR+9yQv4U9oY
 =iskM
 -----END PGP SIGNATURE-----
 
 --------------enig17DF4DD3D8D95299AD818873--

From: David BERARD <david@nfrance.com>
To: bug-followup@FreeBSD.org
Cc: Philipp Wuensche <cryx-freebsd@h3q.com>
Subject: Re: conf/142972: [jail] [patch] Support JAILv2 and vnet in rc.d/jail
Date: Thu, 21 Jan 2010 18:55:10 +0100

 This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
 --------------enig5C8C54383CDA0037FC28999C
 Content-Type: text/plain; charset=ISO-8859-1
 Content-Transfer-Encoding: quoted-printable
 
 > I did some testing with vnet and I find the way of using _poststart and=
 
 > _afterstart to configure ip-addr. inside a vimage jail very impractical=
 =2E
 > First we loose all the nice features of configuring ipaddrs. via
 > ipv4_addrs_if in rc.conf from inside the jail and second, more
 > important, the jail will be fully bootet before any ipaddr. is
 > configured or even interfaces are configured. This will result in
 > services not starting correctly, firewalling going nuts, routing-daemon=
 s
 > not working etc.pp.
 >=20
 
 
 I had to patch rc to support this, and use this in rc.conf
 jail_example_exec_earlypoststart0=3D"ifconfig epair0b vnet example"
 jail_example_exec_afterstart0=3D"ifconfig epair0b x.x.x.x"
 
 --- jailv2rc_earlypoststart.patch begins here ---
 --- /usr/src/etc/rc.d/jail      2009-10-25 02:10:29.000000000 +0100
 +++ /etc/rc.d/jail      2010-01-20 10:40:57.000000000 +0100
 @@ -38,6 +38,7 @@
         _fdescdir=3D"${_devdir}/fd"
         _procdir=3D"${_rootdir}/proc"
         eval _hostname=3D\"\$jail_${_j}_hostname\"
 +       eval _name=3D\"\$jail_${_j}_name\"
         eval _ip=3D\"\$jail_${_j}_ip\"
         eval _interface=3D\"\${jail_${_j}_interface:-${jail_interface}}\"=
 
         eval _exec=3D\"\$jail_${_j}_exec\"
 @@ -51,12 +52,19 @@
 
         eval _exec_start=3D\"\${jail_${_j}_exec_start:-${jail_exec_start}=
 }\"
 
 -       i=3D1
 +       i=3D0
         while : ; do
                 eval _exec_afterstart${i}=3D\"\${jail_${_j}_exec_aftersta=
 rt${i}:-\${jail_exec_afterstart${i}}}\"
                 [ -z "$(eval echo \"\$_exec_afterstart${i}\")" ] &&  brea=
 k
                 i=3D$((i + 1))
         done
 +
 +       i=3D0
 +       while : ; do
 +               eval _exec_earlypoststart${i}=3D\"\${jail_${_j}_exec_earl=
 ypoststart${i}:-\${jail_exec_earlypoststart${i}}}\"
 +               [ -z "$(eval echo \"\$_exec_poststart${i}\")" ] && break
 +               i=3D$((i + 1))
 +       done
 
         i=3D0
         while : ; do
 @@ -95,6 +103,9 @@
                 fi
         fi
 
 +       # JAIL new style
 +       eval _v2=3D\"\${jail_v2_enable:-"NO"}\"
 +
         # The default jail ruleset will be used by rc.subr if none is spe=
 cified.
         eval _ruleset=3D\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_rules=
 et}}\"
         eval _devfs=3D\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}=
 \"
 @@ -110,18 +121,26 @@
         eval _fstab=3D\"\${jail_${_j}_fstab:-${jail_fstab}}\"
         [ -z "${_fstab}" ] && _fstab=3D"/etc/fstab.${_j}"
         eval _flags=3D\"\${jail_${_j}_flags:-${jail_flags}}\"
 -       [ -z "${_flags}" ] && _flags=3D"-l -U root"
 +       if checkyesno _v2; then
 +               [ -z "${_flags}" ] && _flags=3D"-l -U root -c"
 +       else
 +               [ -z "${_flags}" ] && _flags=3D"-l -U root"
 +       fi
         eval _consolelog=3D\"\${jail_${_j}_consolelog:-${jail_consolelog}=
 }\"
         [ -z "${_consolelog}" ] && _consolelog=3D"/var/log/jail_${_j}_con=
 sole.log"
         eval _fib=3D\"\${jail_${_j}_fib:-${jail_fib}}\"
 +       eval _vnet=3D\"\${jail_${_j}_vnet_enable:-"NO"}\"
 
         # Debugging aid
         #
 +       debug "$_j v2 enable: $_v2"
         debug "$_j devfs enable: $_devfs"
         debug "$_j fdescfs enable: $_fdescfs"
         debug "$_j procfs enable: $_procfs"
         debug "$_j mount enable: $_mount"
 +       debug "$_j vnet enable: $_vnet"
         debug "$_j hostname: $_hostname"
 +       debug "$_j name: $_name"
         debug "$_j ip: $_ip"
         jail_show_addresses ${_j}
         debug "$_j interface: $_interface"
 @@ -145,7 +164,7 @@
 
         debug "$_j exec start: $_exec_start"
 
 -       i=3D1
 +       i=3D0
         while : ; do
                 eval out=3D\"\${_exec_afterstart${i}:-''}\"
 
 @@ -481,6 +500,20 @@
                 *)      ;;
                 esac
 
 +
 +               # Append address to list of addresses for the jail comman=
 d.
 +               case "${_type}" in
 +               "inet") case "${_addrlv4}" in
 +                       "")     _addrlv4=3D"${_addr}" ;;
 +                       *)      _addrlv4=3D"${_addrlv4},${_addr}" ;;
 +                       esac;;
 +               "inet6") case "${_addrlv6}" in
 +                       "")     _addrlv6=3D"${_addr}" ;;
 +                       *)      _addrlv6=3D"${_addrlv6},${_addr}" ;;
 +                       esac;;
 +               esac
 +
 +
                 # Append address to list of addresses for the jail comman=
 d.
                 case "${_addrl}" in
                 "")     _addrl=3D"${_addr}" ;;
 @@ -567,6 +600,8 @@
                         continue;
                 fi
                 _addrl=3D""
 +               _addrlv4=3D""
 +               _addrlv6=3D""
                 jail_ips "add"
                 if [ -n "${_fib}" ]; then
                         _setfib=3D"setfib -F '${_fib}'"
 @@ -634,13 +669,36 @@
                         ${out}
                         i=3D$((i + 1))
                 done
 -
 -               eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname=
 } \
 -                       \"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1
 -
 +               if checkyesno _v2; then
 +                       _start_cmd=3D"${_setfib} jail -J ${_tmp_jail} ${_=
 flags} path=3D${_rootdir} host.hostname=3D${_hostname} \
 +                               name=3D\"${_name}\""
 +                       if checkyesno _vnet; then
 +                               _start_cmd=3D"${_start_cmd} vnet"
 +                       else
 +                               _start_cmd=3D"${_start_cmd} ip4.addr=3D\"=
 ${_addrlv4}\" ip6.addr=3D\"${_addrlv6}\""
 +                       fi
 +                        _start_cmd=3D"${_start_cmd} command=3D${_exec_st=
 art}"
 +                       eval ${_start_cmd} > /dev/null 2>&1
 +               else
 +                       eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_=
 hostname} \
 +                               \"${_addrl}\" ${_exec_start} > ${_tmp_jai=
 l} 2>&1
 +               fi
                 if [ "$?" -eq 0 ] ; then
 -                       _jail_id=3D$(head -1 ${_tmp_jail})
 -                       i=3D1
 +                       if checkyesno _v2; then
 +                               _jail_id=3D$(awk -F '=3D| ' '{print $2}' =
 ${_tmp_jail})
 +                       else
 +                               _jail_id=3D$(head -1 ${_tmp_jail})
 +                       fi
 +
 +                       i=3D0
 +                       while : ; do
 +                               eval out=3D\"\${_exec_earlypoststart${i}:=
 -''}\"
 +                               [ -z "$out" ] && break
 +                               ${out}
 +                               i=3D$((i + 1))
 +                       done
 +
 +                       i=3D0
                         while : ; do
                                 eval out=3D\"\${_exec_afterstart${i}:-''}=
 \"
 
 --- jailv2rc_earlypoststart.patch ends here ---
 
 --=20
 David BERARD
 ---------------------------------------
 NFrance Conseil
 david(at)nfrance.com
 GPG|PGP KeyId 0x7FC68EB8
 GPG|PGP Key http://tinyurl.com/gpgdavid
 ---------------------------------------
 *     No electrons were harmed in     *
 *    the transmission of this email   *
 
 
 --------------enig5C8C54383CDA0037FC28999C
 Content-Type: application/pgp-signature; name="signature.asc"
 Content-Description: OpenPGP digital signature
 Content-Disposition: attachment; filename="signature.asc"
 
 -----BEGIN PGP SIGNATURE-----
 
 iEYEARECAAYFAktYlP4ACgkQYIAREn/GjriIIgCfdy6Zj9reUcNRypeqlV9Iy/20
 D7UAoIHOBP+qlHy6R5rBLPBC5c72xGjH
 =6y/A
 -----END PGP SIGNATURE-----
 
 --------------enig5C8C54383CDA0037FC28999C--
State-Changed-From-To: open->suspended 
State-Changed-By: bz 
State-Changed-When: Mon Jan 25 11:12:44 UTC 2010 
State-Changed-Why:  
As was said multiple times before, it is very unlikely that 
the current rc script will be changed for the experimental 
feature and a more complete mgmt solution is being sought of 
for the final support. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=142972 

From: Marcin Wisnicki <mwisnicki+freebsd@gmail.com>
To: bug-followup <bug-followup@FreeBSD.org>
Cc:  
Subject: Re: conf/142972: [jail] [patch] Support JAILv2 and vnet in rc.d/jail
Date: Wed, 16 Jun 2010 01:04:21 +0200

 # man 8 jail | grep -i experimental
 Usage: .Va variable_name ... (#71)
 #
 
 There is nothing in manual page that this is experimental (but there
 is a syntax error?).

From: "Johannes Totz" <johannes@jo-t.de>
To: <bug-followup@FreeBSD.org>,
	<david@nfrance.com>
Cc:  
Subject: Re: conf/142972: [jail] [patch] Support JAILv2 and vnet in rc.d/jail
Date: Sat, 25 Aug 2012 22:55:30 +0100

 Has there been any conclusion to this yet? How this is supposed to be
 handled "properly"?
 Just looking through jails and vnet on stable/9@r237006...
 

From: "Totz, Johannes" <j.totz07@imperial.ac.uk>
To: "bug-followup@FreeBSD.org" <bug-followup@FreeBSD.org>, "david@nfrance.com"
	<david@nfrance.com>
Cc:  
Subject: Re: conf/142972: [jail] [patch] Support JAILv2 and vnet in rc.d/jail
Date: Tue, 18 Sep 2012 22:23:17 +0000

 --_002_1049F4FB37CFFD43AF91A7451ED70A6B1335DDB8icexchm2icacuk_
 Content-Type: text/plain; charset="us-ascii"
 Content-Transfer-Encoding: quoted-printable
 
 How about something really simple like this.
 Works for me on 9-stable (to some extent).
 
 
 --_002_1049F4FB37CFFD43AF91A7451ED70A6B1335DDB8icexchm2icacuk_
 Content-Type: application/octet-stream; name="jail.diff"
 Content-Description: jail.diff
 Content-Disposition: attachment; filename="jail.diff"; size=1145;
 	creation-date="Tue, 18 Sep 2012 22:20:29 GMT";
 	modification-date="Tue, 18 Sep 2012 22:20:29 GMT"
 Content-Transfer-Encoding: base64
 
 LS0tIGEvZXRjL3JjLmQvamFpbCAgICAgVGh1IEF1ZyAzMCAyMDo0NDoyMyAyMDEyICswMTAwDQor
 KysgYi9ldGMvcmMuZC9qYWlsICAgICBUdWUgU2VwIDE4IDIzOjE2OjMyIDIwMTIgKzAxMDANCkBA
 IC02NDEsOSArNjQxLDE3IEBADQogICAgICAgICAgICAgICAgICAgICAgICBpPSQoKGkgKyAxKSkN
 CiAgICAgICAgICAgICAgICBkb25lDQoNCi0gICAgICAgICAgICAgICBldmFsICR7X3NldGZpYn0g
 amFpbCAtbiAke19qYWlsfSAke19mbGFnc30gLWkgJHtfcm9vdGRpcn0gJHtfaG9zdG5hbWV9IFwN
 Ci0gICAgICAgICAgICAgICAgICAgICAgIFwiJHtfYWRkcmx9XCIgJHtfZXhlY19zdGFydH0gPiAk
 e190bXBfamFpbH0gMj4mMSBcDQotICAgICAgICAgICAgICAgICAgICAgICA8L2Rldi9udWxsDQor
 DQorICAgICAgICAgICAgICAgaWYgWyAtbiAiJHtfYWRkcmx9IiBdDQorICAgICAgICAgICAgICAg
 dGhlbg0KKyAgICAgICAgICAgICAgICAgICAgICAgZXZhbCAke19zZXRmaWJ9IGphaWwgLWkgLWNt
 ICR7X2ZsYWdzfSBwYXRoPVwiJHtfcm9vdGRpcn1cIiBob3N0Lmhvc3RuYW1lPVwiJHtfaG9zdG5h
 bWV9XCIgbmFtZT1cIiR7X2phaWx9XCIgXA0KKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
 ICBpcDQuYWRkcj1cIiR7X2FkZHJsfVwiIGNvbW1hbmQ9JHtfZXhlY19zdGFydH0gPiAke190bXBf
 amFpbH0gMj4mMSBcDQorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvZGV2L251bGwN
 CisgICAgICAgICAgICAgICBlbHNlDQorICAgICAgICAgICAgICAgICAgICAgICBldmFsICR7X3Nl
 dGZpYn0gamFpbCAtaSAtY20gJHtfZmxhZ3N9IHBhdGg9XCIke19yb290ZGlyfVwiIGhvc3QuaG9z
 dG5hbWU9XCIke19ob3N0bmFtZX1cIiBuYW1lPVwiJHtfamFpbH1cIiBcDQorICAgICAgICAgICAg
 ICAgICAgICAgICAgICAgICAgICBjb21tYW5kPSR7X2V4ZWNfc3RhcnR9ID4gJHtfdG1wX2phaWx9
 IDI+JjEgXA0KKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9kZXYvbnVsbA0KKyAg
 ICAgICAgICAgICAgIGZpDQoNCiAgICAgICAgICAgICAgICBpZiBbICIkPyIgLWVxIDAgXSA7IHRo
 ZW4NCiAgICAgICAgICAgICAgICAgICAgICAgIF9qYWlsX2lkPSQoaGVhZCAtMSAke190bXBfamFp
 bH0pDQo=
 
 --_002_1049F4FB37CFFD43AF91A7451ED70A6B1335DDB8icexchm2icacuk_--
>Unformatted:
