summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorerdgeist <erdgeist@erdgeist.org>2013-04-14 18:32:38 +0000
committererdgeist <erdgeist@erdgeist.org>2013-04-14 18:32:38 +0000
commitc7a82d99e1fa759a0766c6b42f8bcc046d21a86a (patch)
tree4b9a92c17ed7744a84cce81beee5e9788f0bf6b7
parent0832cfa91d3f032acf70e600d7e3d3db9c9c4c9b (diff)
document the new jail(8) behaviour regarding the interface prefix on the ip address
-rw-r--r--man7/ezjail.723
-rw-r--r--man8/ezjail-admin.86
2 files changed, 24 insertions, 5 deletions
diff --git a/man7/ezjail.7 b/man7/ezjail.7
index a9f1056..41d22ca 100644
--- a/man7/ezjail.7
+++ b/man7/ezjail.7
@@ -193,8 +193,16 @@ are handled by ezjail, replacing JAILNAME with the actual name of the jail:
193The hostname of the jail. Defaults to the name of the jail, unless 193The hostname of the jail. Defaults to the name of the jail, unless
194special characters needed to be stripped. 194special characters needed to be stripped.
195.It jail_JAILNAME_ip 195.It jail_JAILNAME_ip
196The IP addresses the jail is allowed to use. Since FreeBSD 7.2, 196The IP addresses the jail is allowed to use.
197.Pp
198Since FreeBSD 7.2,
197several IP addresses may be given, separated by commas. 199several IP addresses may be given, separated by commas.
200.Pp
201Since FreeBSD 9.0
202each IP address can be prefixed by an interface name followed by the pipe
203symbol. It will then automatically be configured on that interface when the
204jail is started and removed from the interface when the jail stops. (You
205will probably have to escape the pipe symbol, though.)
198.It jail_JAILNAME_rootdir 206.It jail_JAILNAME_rootdir
199The directory holding the jail files (the directory used as a mount 207The directory holding the jail files (the directory used as a mount
200point for file-based jails). Defaults to the jail name inside 208point for file-based jails). Defaults to the jail name inside
@@ -284,6 +292,14 @@ The network view to give to the jail (see
284when starting it. Taken from the 292when starting it. Taken from the
285.Fl f 293.Fl f
286option when configuring the jail; the empty string otherwise. 294option when configuring the jail; the empty string otherwise.
295.It ezjail_JAILNAME_parameters
296The parameter set to be configured to the jail (see
297.Xr jail 8 )
298when starting it. You need to configure this by hand.
299.It ezjail_JAILNAME_post_start_script
300The path to a script that will be executed after the jail
301successfully was created. The script receives two parameters,
302the jid and the jail name. You need to configure this by hand.
287.El 303.El
288.Pp 304.Pp
289In addition to these 305In addition to these
@@ -625,12 +641,13 @@ Remember this passphrase, you will be asked for the passphrase every time
625you want to start this jail. As they require administrator interaction, 641you want to start this jail. As they require administrator interaction,
626jails backed by an encrypted file are not automatically started when the 642jails backed by an encrypted file are not automatically started when the
627system boots. 643system boots.
628.It Nm Cm create Fl c Ar zfs Fl s Ar 1G sandbox4 10.0.10.6 644.It Nm Cm create Fl c Ar zfs Fl s Ar 1G sandbox4 em1\[rs]|10.0.10.6
629This creates a new zfs filesystem based jail with a default quota of 1 645This creates a new zfs filesystem based jail with a default quota of 1
630gigabyte using lzjb compression. It uses the parent ZFS filesystem configured 646gigabyte using lzjb compression. It uses the parent ZFS filesystem configured
631in the 647in the
632.Dq Li $ezjail_jailzfs 648.Dq Li $ezjail_jailzfs
633variable to create the filesystem in. 649variable to create the filesystem in. The jail command will add the ip
650address 10.0.10.6 as an alias on the device em1 before starting the jail.
634.El 651.El
635.Sh FILES 652.Sh FILES
636.Pa EZJAIL_PREFIX/bin/ezjail-admin 653.Pa EZJAIL_PREFIX/bin/ezjail-admin
diff --git a/man8/ezjail-admin.8 b/man8/ezjail-admin.8
index 5cda975..5feab39 100644
--- a/man8/ezjail-admin.8
+++ b/man8/ezjail-admin.8
@@ -184,13 +184,15 @@ assign several several IPv4 or IPv6 addresses to a jail, by separating them
184with commas. Previous versions of FreeBSD allowed only a single IPv4 address 184with commas. Previous versions of FreeBSD allowed only a single IPv4 address
185per jail. 185per jail.
186.Pp 186.Pp
187The addresses of the jail are not configured on the host. 187From FreeBSD 9.0 the ipaddresses may be prefixed with an interface name, followed
188by the pipe symbol. It will then automatically be configured as an alias on that
189interface when the jail starts. Else
188.Nm 190.Nm
189will display a warning if the requested address is not found on any interface, 191will display a warning if the requested address is not found on any interface,
190and the jail will probably not start. 192and the jail will probably not start.
191.Pp 193.Pp
192It is common to bind jails to loopback addresses, so they provide services 194It is common to bind jails to loopback addresses, so they provide services
193visible to other jails only. 195visible to other jails only.
194.El 196.El
195.Pp 197.Pp
196The following options are available: 198The following options are available: