Page MenuHomeFreeBSD

jail(8) option to cleanup after dead jails
ClosedPublic

Authored by jamie on Nov 18 2023, 11:54 PM.
Tags
None
Referenced Files
F102941645: D42670.diff
Tue, Nov 19, 12:56 AM
Unknown Object (File)
Sat, Nov 16, 9:18 AM
Unknown Object (File)
Sat, Nov 2, 7:03 PM
Unknown Object (File)
Sep 26 2024, 2:26 AM
Unknown Object (File)
Sep 24 2024, 3:28 PM
Unknown Object (File)
Sep 24 2024, 3:28 PM
Unknown Object (File)
Sep 24 2024, 3:17 PM
Unknown Object (File)
Sep 10 2024, 5:39 PM

Details

Summary

Jails can be removed without running any of their post-removal commands (IP address takedown, unmounting, anything user-specified), generally as a result of non-persistent jails dropping off after their last command is done. These undone tasks can get in the way of bringing the jail up properly the next time.

I've added a -C flag for jail cleanup, which can work two ways:

In conjunction with -r, an existing jail will be removed as usual, and a nonexistent jail will run the post-removal commands as if it were just successfully removed. Those commands may fail, if for example there's nothing that needs unmounting, but there's generally no harm from them running (this is true for user-supplied commands only if the supplied safe commands).

In conjunction with -c, jail creation will be preceded by the same post-removal commands as with -r. Hoever, this time if the commands fail, the jail will not be created. That's a result of the new flag piggybacking on top of the existing restart (-rc) scenario, which removes a jail and then restarts it only if the removal was successful.

It can also go along with the -rc restart, which is just the modified -r case above, followed by a regular -c.

Note that none of this makes sense in jails without a configuration file, and the -C flag won't work in that case.

Test Plan

I've created jails and removed them with -R, which doesn't do any of the cleanup. Both the -Cr and -Cc scenarios mentioned above (and -Crc) work as described. Everything should work unchanged if the -C is not specified.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

zlei added inline comments.
usr.sbin/jail/jail.c
131

I do not see any usage of enum intparam in this change. Is it complete ?

usr.sbin/jail/jail.c
131

This new array of enum intparam is handled by the same machinery as the other two existing arrays (in particular, j->comparam).

From the 2024-03-12 Jail Production User Call: This looks straight-forward. (Discussion in the recording) Should save users unnecessary reboots to clean up dead jails.

This revision was not accepted when it landed; it landed in state Needs Review.Mar 17 2024, 5:13 AM
This revision was automatically updated to reflect the committed changes.