-
Notifications
You must be signed in to change notification settings - Fork 0
/
jail.conf
95 lines (76 loc) · 2.97 KB
/
jail.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
#
# This file is deprecated
#
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
exec.consolelog="/var/tmp/jail.$name";
mount.devfs;
path = /jails/$name;
allow.sysvipc = 1;
allow.raw_sockets = 1;
securelevel = 2;
host.hostname = "r720-02-$name.int.unixathome.org";
persist;
ingress01 {
allow.chflags;
allow.mount.devfs;
# added when trying to get devfs in subjails
allow.mount.fdescfs;
allow.mount.linprocfs;
allow.mount.nullfs;
allow.mount.procfs;
allow.mount.tmpfs = 1;
allow.mount.zfs;
allow.mount;
allow.raw_sockets;
allow.socket_af;
children.max=6;
depend = pg01;
enforce_statfs=1;
# commented out for first start
# exec.created+="zfs jail $name ${datazpool}/freshports/jailed/ingress01";
# exec.created+="zfs set jailed=on ${datazpool}/freshports/jailed/ingress01";
# exec.poststart += "jail -m allow.mount.linprocfs=1 name=$name";
ip4.addr = "lo1|127.163.0.10/32";
ip4.addr += "igb0|10.100.0.202/32";
# commented out initially to force pkg -4
# ip6.addr = "lo1|fd80::10 prefixlen 128";
}
nginx01 {
depend = pg01;
ip4.addr = "lo2|127.163.0.80/32";
ip4.addr += "igb0|10.100.0.201/32";
# commented out initially to force pkg -4
# ip6.addr = "lo2|fd80::80 prefixlen 128";
persist;
allow.mount=true;
allow.mount.zfs=true;
enforce_statfs=1;
depend = pg01;
# no idea why this might be needed, it is not even defined on slocum
devfs_ruleset=5;
# commented out for first start
# exec.created+="zfs set jailed=on ${datazpool}/freshports/jailed/nginx01/var/db/freshports/cache";
# exec.created+="zfs set jailed=on ${datazpool}/freshports/jailed/nginx01/var/db/freshports/cache/categories";
# exec.created+="zfs set jailed=on ${datazpool}/freshports/jailed/nginx01/var/db/freshports/cache/commits";
# exec.created+="zfs set jailed=on ${datazpool}/freshports/jailed/nginx01/var/db/freshports/cache/daily";
# exec.created+="zfs set jailed=on ${datazpool}/freshports/jailed/nginx01/var/db/freshports/cache/general";
# exec.created+="zfs set jailed=on ${datazpool}/freshports/jailed/nginx01/var/db/freshports/cache/news";
# exec.created+="zfs set jailed=on ${datazpool}/freshports/jailed/nginx01/var/db/freshports/cache/packages";
# exec.created+="zfs set jailed=on ${datazpool}/freshports/jailed/nginx01/var/db/freshports/cache/pages";
# exec.created+="zfs set jailed=on ${datazpool}/freshports/jailed/nginx01/var/db/freshports/cache/ports";
# exec.created+="zfs set jailed=on ${datazpool}/freshports/jailed/nginx01/var/db/freshports/cache/spooling";
#
# exec.created+="zfs jail $name ${datazpool}/freshports/jailed/nginx01/var/db/freshports/cache";
ip4.addr = "127.163.0.80";
# commented out initially to force pkg -4
# ip6.addr = "fd80::80";
# commented out initially for first start
# mount.fstab="/etc/fstab.$name";
persist;
}
pg01 {
ip4.addr = "lo3|127.163.54.32/32";
ip4.addr += "igb0|10.100.0.200/32";
}