From c7a82d99e1fa759a0766c6b42f8bcc046d21a86a Mon Sep 17 00:00:00 2001 From: erdgeist Date: Sun, 14 Apr 2013 18:32:38 +0000 Subject: document the new jail(8) behaviour regarding the interface prefix on the ip address --- man7/ezjail.7 | 23 ++++++++++++++++++++--- man8/ezjail-admin.8 | 6 ++++-- 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/man7/ezjail.7 b/man7/ezjail.7 index a9f1056..41d22ca 100644 --- a/man7/ezjail.7 +++ b/man7/ezjail.7 @@ -193,8 +193,16 @@ are handled by ezjail, replacing JAILNAME with the actual name of the jail: The hostname of the jail. Defaults to the name of the jail, unless special characters needed to be stripped. .It jail_JAILNAME_ip -The IP addresses the jail is allowed to use. Since FreeBSD 7.2, +The IP addresses the jail is allowed to use. +.Pp +Since FreeBSD 7.2, several IP addresses may be given, separated by commas. +.Pp +Since FreeBSD 9.0 +each IP address can be prefixed by an interface name followed by the pipe +symbol. It will then automatically be configured on that interface when the +jail is started and removed from the interface when the jail stops. (You +will probably have to escape the pipe symbol, though.) .It jail_JAILNAME_rootdir The directory holding the jail files (the directory used as a mount point for file-based jails). Defaults to the jail name inside @@ -284,6 +292,14 @@ The network view to give to the jail (see when starting it. Taken from the .Fl f option when configuring the jail; the empty string otherwise. +.It ezjail_JAILNAME_parameters +The parameter set to be configured to the jail (see +.Xr jail 8 ) +when starting it. You need to configure this by hand. +.It ezjail_JAILNAME_post_start_script +The path to a script that will be executed after the jail +successfully was created. The script receives two parameters, +the jid and the jail name. You need to configure this by hand. .El .Pp In addition to these @@ -625,12 +641,13 @@ Remember this passphrase, you will be asked for the passphrase every time you want to start this jail. As they require administrator interaction, jails backed by an encrypted file are not automatically started when the system boots. -.It Nm Cm create Fl c Ar zfs Fl s Ar 1G sandbox4 10.0.10.6 +.It Nm Cm create Fl c Ar zfs Fl s Ar 1G sandbox4 em1\[rs]|10.0.10.6 This creates a new zfs filesystem based jail with a default quota of 1 gigabyte using lzjb compression. It uses the parent ZFS filesystem configured in the .Dq Li $ezjail_jailzfs -variable to create the filesystem in. +variable to create the filesystem in. The jail command will add the ip +address 10.0.10.6 as an alias on the device em1 before starting the jail. .El .Sh FILES .Pa EZJAIL_PREFIX/bin/ezjail-admin diff --git a/man8/ezjail-admin.8 b/man8/ezjail-admin.8 index 5cda975..5feab39 100644 --- a/man8/ezjail-admin.8 +++ b/man8/ezjail-admin.8 @@ -184,13 +184,15 @@ assign several several IPv4 or IPv6 addresses to a jail, by separating them with commas. Previous versions of FreeBSD allowed only a single IPv4 address per jail. .Pp -The addresses of the jail are not configured on the host. +From FreeBSD 9.0 the ipaddresses may be prefixed with an interface name, followed +by the pipe symbol. It will then automatically be configured as an alias on that +interface when the jail starts. Else .Nm will display a warning if the requested address is not found on any interface, and the jail will probably not start. .Pp It is common to bind jails to loopback addresses, so they provide services -visible to other jails only. +visible to other jails only. .El .Pp The following options are available: -- cgit v1.2.3