ip6addrctl(8): Teach ip6addrctl to attach and run itself in a jail
ClosedPublic
Actions

Authored by zlei on Sat, Jan 25, 11:45 AM.

Details

Reviewers

dfr
markj

Group Reviewers

network

Commits

rG6dcdd79a251b: ip6addrctl(8): Teach ip6addrctl to attach and run itself in a jail

Summary

This will make it easier to manage address selection policies in vnet
jails, especially for those light weighted OCI containers or slim jails.

Requested by: dfr
MFC after: 1 week
Relnotes: yes

Test Plan

# ip6addrctl
...
# jail -c name=foo vnet persist
# ip6addrctl -j foo
no source-address-selection policy is installed
# echo "::/0 40 1" > /tmp/ip6addrctl.conf
# ip6addrctl -j foo install /tmp/ip6addrctl.conf
# ip6addrctl -j foo
Prefix                          Prec Label      Use
::/0                              40     1        0

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

zlei created this revision.Sat, Jan 25, 11:45 AM

Herald added a subscriber: imp. · View Herald TranscriptSat, Jan 25, 11:45 AM

zlei requested review of this revision.Sat, Jan 25, 11:45 AM

zlei added inline comments.

usr.sbin/ip6addrctl/ip6addrctl.8
112	I guess this should be refined.

zlei added inline comments.Sat, Jan 25, 11:49 AM

usr.sbin/ip6addrctl/ip6addrctl.8
72	That means `ip6addrctl show -j foo` does not work as intended.

dfr accepted this revision.Mon, Jan 27, 2:01 PM

dfr added inline comments.

usr.sbin/ip6addrctl/ip6addrctl.8
72	Perhaps clarify with an example, e.g. 'ip6addrctl -j foo show'?
112	I think the wording is ok - it seems clear that the file is read and processed on the host but applied in the jail.

This revision is now accepted and ready to land.Mon, Jan 27, 2:01 PM

markj accepted this revision as: markj.Mon, Jan 27, 2:17 PM

markj added inline comments.

usr.sbin/ip6addrctl/ip6addrctl.c
138

zlei added inline comments.Mon, Jan 27, 2:48 PM

usr.sbin/ip6addrctl/ip6addrctl.8
72	The `SYNOPSIS` section already has this usage. I intend to emphasize the words `should precede`, or users may make wrong usage, for example `ip6addrctl show -j foo` will succeed but actually operate in current jail.
usr.sbin/ip6addrctl/ip6addrctl.c
112	That means ip6addrctl show -j foo does not work as intended. Maybe it is better to strictly check the arg count ? For example `ip6addrctl add` accept exactly 3 extra arguments ? i.e --- if (argc < 4) +++ if (argc != 4)
138	Good catch, I copy-pasted the declaration of this function.

zlei added inline comments.Mon, Jan 27, 8:52 PM

usr.sbin/ip6addrctl/ip6addrctl.8
72	That means `ip6addrctl show -j foo` does not work as intended. With D48701, the above will be invalid, and `ip6addrctl` will prompt user the right usage. If you think that is the right approach, I can rebase this.