Paths

Table of Contentst

Differential D35630

[hb][jails] Fix jail configuration example
ClosedPublic
Actions

Authored by fernape on Jun 28 2022, 4:19 PM.

Details

Reviewers

0mp

Group Reviewers

Jails

Commits

R9:14e46a298293: [hb][jails] Fix jail configuration example

Summary

jail.conf(8) accepts a devfs_ruleset that should be specified as a number
according to jail(8):

devfs_ruleset
The number of the devfs ruleset that is enforced for mounting
devfs in this jail. A value of zero (default) means no ruleset.

With the example in the handbook, we get this error when trying to launch the
jail:

Starting jails: cannot start jail  "www":
jail: www: devfs_ruleset: non-integer value "www_ruleset"

Remove that from the handbook and left the default value of 0, meaning no
ruleset is enforced. No need to go into explaining devfs(8) at this point.

Test Plan

Create an entry in /etc/jail.conf with the contents from the handbook:

www {
    host.hostname = www.example.org;           # Hostname
    ip4.addr = 192.168.0.10;                   # IP address of the jail
    path = "/usr/jail/www";                    # Path to the jail
    devfs_ruleset = "www_ruleset";             # devfs ruleset
    mount.devfs;                               # Mount devfs inside the jail
    exec.start = "/bin/sh /etc/rc";            # Start command
    exec.stop = "/bin/sh /etc/rc.shutdown";    # Stop command
}

No need to create the real jail, just try to start it:

$ sudo service jail onestart www
Starting jails: cannot start jail  "www":
jail: www: devfs_ruleset: non-integer value "www_ruleset"

Diff Detail

Repository

R9 FreeBSD doc repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

fernape requested review of this revision.Jun 28 2022, 4:19 PM

fernape created this revision.

Harbormaster completed remote builds in B46156: Diff 107486.Jun 28 2022, 4:19 PM

fernape added reviewers: Jails, 0mp.Jun 28 2022, 4:21 PM

0mp accepted this revision.Jun 29 2022, 5:31 AM

This revision is now accepted and ready to land.Jun 29 2022, 5:31 AM

Remove that from the handbook and left the default value of 0, meaning no
ruleset is enforced

This seems to be inconsistent with mount.devfs, which says the default devfs_ruleset is 4 ( devfsrules_jail ).

Great catch!

In D35630#808272, @zlei.huang_gmail.com wrote:

Remove that from the handbook and left the default value of 0, meaning no
ruleset is enforced

This seems to be inconsistent with mount.devfs, which says the default devfs_ruleset is 4 ( devfsrules_jail ).

Hmm, that’s true. The manual page is a bit confusing.

In D35630#808274, @0mp wrote:

In D35630#808272, @zlei.huang_gmail.com wrote:

Remove that from the handbook and left the default value of 0, meaning no
ruleset is enforced

This seems to be inconsistent with mount.devfs, which says the default devfs_ruleset is 4 ( devfsrules_jail ).

Hmm, that’s true. The manual page is a bit confusing.

The code confirms what Zlei Huang pointed out.
I can go with the update of the Handbook and try to clarify jail(8) in another review.

Closed by commit R9:14e46a298293: [hb][jails] Fix jail configuration example (authored by fernape). · Explain WhyJun 30 2022, 4:26 PM

This revision was automatically updated to reflect the committed changes.

fernape added a commit: R9:14e46a298293: [hb][jails] Fix jail configuration example.

Landed. Thanks for the review!

So IIUC, devfs_ruleset is 0 if not defined. Then, mount.devfs takes the value of devfs_ruleset if defined and != 0. If undefined or 0, then it takes value 4 (devfsrules_jail)

Revision Contents
Changeset List

Path

Size

documentation/

content/

en/

books/

handbook/

jails/

_index.adoc

1 line

Diff 107607

View Options

documentation/content/en/books/handbook/jails/_index.adoc

[hb][jails] Fix jail configuration exampleClosedPublicActions