diff options
author | erdgeist <erdgeist@erdgeist.org> | 2013-04-14 18:32:38 +0000 |
---|---|---|
committer | erdgeist <erdgeist@erdgeist.org> | 2013-04-14 18:32:38 +0000 |
commit | c7a82d99e1fa759a0766c6b42f8bcc046d21a86a (patch) | |
tree | 4b9a92c17ed7744a84cce81beee5e9788f0bf6b7 | |
parent | 0832cfa91d3f032acf70e600d7e3d3db9c9c4c9b (diff) |
document the new jail(8) behaviour regarding the interface prefix on the ip address
-rw-r--r-- | man7/ezjail.7 | 23 | ||||
-rw-r--r-- | man8/ezjail-admin.8 | 6 |
2 files changed, 24 insertions, 5 deletions
diff --git a/man7/ezjail.7 b/man7/ezjail.7 index a9f1056..41d22ca 100644 --- a/man7/ezjail.7 +++ b/man7/ezjail.7 | |||
@@ -193,8 +193,16 @@ are handled by ezjail, replacing JAILNAME with the actual name of the jail: | |||
193 | The hostname of the jail. Defaults to the name of the jail, unless | 193 | The hostname of the jail. Defaults to the name of the jail, unless |
194 | special characters needed to be stripped. | 194 | special characters needed to be stripped. |
195 | .It jail_JAILNAME_ip | 195 | .It jail_JAILNAME_ip |
196 | The IP addresses the jail is allowed to use. Since FreeBSD 7.2, | 196 | The IP addresses the jail is allowed to use. |
197 | .Pp | ||
198 | Since FreeBSD 7.2, | ||
197 | several IP addresses may be given, separated by commas. | 199 | several IP addresses may be given, separated by commas. |
200 | .Pp | ||
201 | Since FreeBSD 9.0 | ||
202 | each IP address can be prefixed by an interface name followed by the pipe | ||
203 | symbol. It will then automatically be configured on that interface when the | ||
204 | jail is started and removed from the interface when the jail stops. (You | ||
205 | will probably have to escape the pipe symbol, though.) | ||
198 | .It jail_JAILNAME_rootdir | 206 | .It jail_JAILNAME_rootdir |
199 | The directory holding the jail files (the directory used as a mount | 207 | The directory holding the jail files (the directory used as a mount |
200 | point for file-based jails). Defaults to the jail name inside | 208 | point for file-based jails). Defaults to the jail name inside |
@@ -284,6 +292,14 @@ The network view to give to the jail (see | |||
284 | when starting it. Taken from the | 292 | when starting it. Taken from the |
285 | .Fl f | 293 | .Fl f |
286 | option when configuring the jail; the empty string otherwise. | 294 | option when configuring the jail; the empty string otherwise. |
295 | .It ezjail_JAILNAME_parameters | ||
296 | The parameter set to be configured to the jail (see | ||
297 | .Xr jail 8 ) | ||
298 | when starting it. You need to configure this by hand. | ||
299 | .It ezjail_JAILNAME_post_start_script | ||
300 | The path to a script that will be executed after the jail | ||
301 | successfully was created. The script receives two parameters, | ||
302 | the jid and the jail name. You need to configure this by hand. | ||
287 | .El | 303 | .El |
288 | .Pp | 304 | .Pp |
289 | In addition to these | 305 | In addition to these |
@@ -625,12 +641,13 @@ Remember this passphrase, you will be asked for the passphrase every time | |||
625 | you want to start this jail. As they require administrator interaction, | 641 | you want to start this jail. As they require administrator interaction, |
626 | jails backed by an encrypted file are not automatically started when the | 642 | jails backed by an encrypted file are not automatically started when the |
627 | system boots. | 643 | system boots. |
628 | .It Nm Cm create Fl c Ar zfs Fl s Ar 1G sandbox4 10.0.10.6 | 644 | .It Nm Cm create Fl c Ar zfs Fl s Ar 1G sandbox4 em1\[rs]|10.0.10.6 |
629 | This creates a new zfs filesystem based jail with a default quota of 1 | 645 | This creates a new zfs filesystem based jail with a default quota of 1 |
630 | gigabyte using lzjb compression. It uses the parent ZFS filesystem configured | 646 | gigabyte using lzjb compression. It uses the parent ZFS filesystem configured |
631 | in the | 647 | in the |
632 | .Dq Li $ezjail_jailzfs | 648 | .Dq Li $ezjail_jailzfs |
633 | variable to create the filesystem in. | 649 | variable to create the filesystem in. The jail command will add the ip |
650 | address 10.0.10.6 as an alias on the device em1 before starting the jail. | ||
634 | .El | 651 | .El |
635 | .Sh FILES | 652 | .Sh FILES |
636 | .Pa EZJAIL_PREFIX/bin/ezjail-admin | 653 | .Pa EZJAIL_PREFIX/bin/ezjail-admin |
diff --git a/man8/ezjail-admin.8 b/man8/ezjail-admin.8 index 5cda975..5feab39 100644 --- a/man8/ezjail-admin.8 +++ b/man8/ezjail-admin.8 | |||
@@ -184,13 +184,15 @@ assign several several IPv4 or IPv6 addresses to a jail, by separating them | |||
184 | with commas. Previous versions of FreeBSD allowed only a single IPv4 address | 184 | with commas. Previous versions of FreeBSD allowed only a single IPv4 address |
185 | per jail. | 185 | per jail. |
186 | .Pp | 186 | .Pp |
187 | The addresses of the jail are not configured on the host. | 187 | From FreeBSD 9.0 the ipaddresses may be prefixed with an interface name, followed |
188 | by the pipe symbol. It will then automatically be configured as an alias on that | ||
189 | interface when the jail starts. Else | ||
188 | .Nm | 190 | .Nm |
189 | will display a warning if the requested address is not found on any interface, | 191 | will display a warning if the requested address is not found on any interface, |
190 | and the jail will probably not start. | 192 | and the jail will probably not start. |
191 | .Pp | 193 | .Pp |
192 | It is common to bind jails to loopback addresses, so they provide services | 194 | It is common to bind jails to loopback addresses, so they provide services |
193 | visible to other jails only. | 195 | visible to other jails only. |
194 | .El | 196 | .El |
195 | .Pp | 197 | .Pp |
196 | The following options are available: | 198 | The following options are available: |