Attachment #170906 for bug #209929

Lines 2-8 Link Here

(-)qjail/Makefile (-2 / +2 lines)
2	# $FreeBSD: head/sysutils/qjail/Makefile 412342 2016-04-01 13:18:17Z mat $	2	# $FreeBSD: head/sysutils/qjail/Makefile 412342 2016-04-01 13:18:17Z mat $
3		3
4	PORTNAME= qjail	4	PORTNAME= qjail
5	PORTVERSION= 4.7	5	PORTVERSION= 4.8
6	CATEGORIES= sysutils	6	CATEGORIES= sysutils
7	MASTER_SITES= SF/${PORTNAME}	7	MASTER_SITES= SF/${PORTNAME}
8		8
Lines 23-29 Link Here
23	USES= tar:bzip2	23	USES= tar:bzip2
24	NO_BUILD= yes	24	NO_BUILD= yes
25		25
26	CONFLICTS_INSTALL= qjail-2.* qjail-3.0 qjail-3.1	26	CONFLICTS_INSTALL= qjail-2.* qjail-3.*
27		27
28	do-install:	28	do-install:
29	.for i in qjail qjail.vnet.be qjail.vnet.ng	29	.for i in qjail qjail.vnet.be qjail.vnet.ng

Lines 1-2 Link Here

(-)qjail/distinfo (-2 / +2 lines)
1	SHA256 (qjail-4.7.tar.bz2) = 42c72de6a3cf3deb19f84c8e3f95a9054fe226d9e17675397e5d46dd31143e8d	1	SHA256 (qjail-4.8.tar.bz2) = dc41c6a7c498129202d3973db11a6a6600ec598a9ac8aeaa8d0baeeba1553224
2	SIZE (qjail-4.7.tar.bz2) = 62754	2	SIZE (qjail-4.8.tar.bz2) = 64593




This qjail version is not intended for RELEASES older than RELEASE-10.0.

Qjail [ q = quick ] is a 4th generation wrapper for the basic chroot jail
system that includes security and performance enhancements. Plus a new level
of "user friendliness" enhancements dealing with deploying just a few jails or
large scale jail environments consisting of 100's of jails.

Qjail uses the jail(8) jail.conf method. This provides the ability to enable 
the following options on a per-jail basis. exec.fib, securelevel, allow.sysvipc,
devfs_rulesets, allow.raw_sockets, allow.quotas, allow.mount.nullfs, 
allow.mount.tmpfs, allow.mount.zfs, vnet.interface, and vnet. The vnet option 
gives a jail its own network stack using the experimental vimage kernel module.
The vnet option has only been tested on i386 and amd64 equipment.
RELEASE-9.2. The vnet option has only been tested on i386 and amd64 equipment.

Qjail requires no knowledge of the jail command usage. It uses "nullfs" for
read-only system executables, sharing one copy of them with all the jails.





########################################################################

For users who have existing qjail environments. Please take note.
There are changes to the internals of the jail(8) command and changes to 
parameter names in the periodic files that have occured in FreeBSD 
Release 10.2 that effects jail behavior in a very minor way. 
IF your running qjail on an 10.2 or newer version of FreeBSD you should 
consider doing the following.

This version of qjail has an built in auto convert function that you may select
to choose that fixes those minor behavior problems with your existing jails.
This auto convert function is not documented in the qjail manual. Its only 
shown here. So write it down. 

       Issue [ qjail update -u ] from the host console. 

This will cause the existing "flavors" default & ssh-default directories to be 
renamed and new ones populated. Then in each existing jail the periodic.conf
and newsyslog.conf files will be renamed with .saved suffix and new ones added. 
The rc.conf file will be updated in place changing the 
syslogd_enable= parameter value from "NO" to "YES".

The new periodic.conf file has many sendmail reporting options disabled because
sendmail is disabled in the jails rc.conf file by default. This drastically
reduces the daily. weekly, monthly system and security status reports elapse
run times. This has a major effect on operating system performance where there 
are a large number of jails.

The [ qjail install ] command will install all the correct files depending on
what version of FreeBSD your host is running.     
 
########################################################################




%%EXAMPLESDIR%%/default/etc/make.conf
%%EXAMPLESDIR%%/default/etc/motd
%%EXAMPLESDIR%%/default/etc/periodic.conf
%%EXAMPLESDIR%%/default/etc/periodic102.conf
%%EXAMPLESDIR%%/default/etc/newsyslog102.conf
%%EXAMPLESDIR%%/default/etc/rc.conf
%%EXAMPLESDIR%%/default/etc/rc102.conf
%%EXAMPLESDIR%%/default/root/.cshrc
%%EXAMPLESDIR%%/default/usr/local/etc/pkg.conf
%%EXAMPLESDIR%%/default/usr/local/etc/sudoers

%%EXAMPLESDIR%%/ssh-default/etc/motd
%%EXAMPLESDIR%%/ssh-default/etc/passwd
%%EXAMPLESDIR%%/ssh-default/etc/periodic.conf
%%EXAMPLESDIR%%/ssh-default/etc/periodic102.conf
%%EXAMPLESDIR%%/ssh-default/etc/newsyslog102.conf
%%EXAMPLESDIR%%/ssh-default/etc/pwd.db
%%EXAMPLESDIR%%/ssh-default/etc/rc.conf
%%EXAMPLESDIR%%/ssh-default/etc/rc102.conf
%%EXAMPLESDIR%%/ssh-default/etc/spwd.db
%%EXAMPLESDIR%%/ssh-default/etc/ssh/sshd_config
%%EXAMPLESDIR%%/ssh-default/root/.cshrc

Return to bug 209929

Lines 1-15 Link Here

(-)qjail/pkg-descr (-7 / +8 lines)
		1	This qjail version is not intended for RELEASES older than RELEASE-10.0.
		2
1	Qjail [ q = quick ] is a 4th generation wrapper for the basic chroot jail	3	Qjail [ q = quick ] is a 4th generation wrapper for the basic chroot jail
2	system that includes security and performance enhancements. Plus a new level	4	system that includes security and performance enhancements. Plus a new level
3	of "user friendliness" enhancements dealing with deploying just a few jails or	5	of "user friendliness" enhancements dealing with deploying just a few jails or
4	large scale jail environments consisting of 100's of jails.	6	large scale jail environments consisting of 100's of jails.
5		7
6	This version of qjail uses the jail(8) jail.conf method. This provides the	8	Qjail uses the jail(8) jail.conf method. This provides the ability to enable
7	ability to enable the following options on a per-jail basis. exec.fib,	9	the following options on a per-jail basis. exec.fib, securelevel, allow.sysvipc,
8	securelevel, allow.sysvipc, devfs_rulesets, allow.raw_sockets, allow.quotas,	10	devfs_rulesets, allow.raw_sockets, allow.quotas, allow.mount.nullfs,
9	allow.mount.nullfs, allow.mount.tmpfs, allow.mount.zfs, vnet.interface, and	11	allow.mount.tmpfs, allow.mount.zfs, vnet.interface, and vnet. The vnet option
10	vnet. The vnet option gives a jail its own network stack using the experimental	12	gives a jail its own network stack using the experimental vimage kernel module.
11	vimage kernel module. This qjail version is not intended for RELEASES older than	13	The vnet option has only been tested on i386 and amd64 equipment.
12	RELEASE-9.2. The vnet option has only been tested on i386 and amd64 equipment.
13		14
14	Qjail requires no knowledge of the jail command usage. It uses "nullfs" for	15	Qjail requires no knowledge of the jail command usage. It uses "nullfs" for
15	read-only system executables, sharing one copy of them with all the jails.	16	read-only system executables, sharing one copy of them with all the jails.

Lines 10-17 Link Here

(-)qjail/pkg-message (-3 / +28 lines)
10		10
11	########################################################################	11	########################################################################
12		12
13	If your host is running 9.3-RELEASE or 10.0-RELEASE, please verify that	13	For users who have existing qjail environments. Please take note.
14	/etc/defaults/rc.conf parameter "devfs_load_rulesets" looks like this	14	There are changes to the internals of the jail(8) command and changes to
15	devfs_load_rulesets="YES"	15	parameter names in the periodic files that have occured in FreeBSD
		16	Release 10.2 that effects jail behavior in a very minor way.
		17	IF your running qjail on an 10.2 or newer version of FreeBSD you should
		18	consider doing the following.
16		19
		20	This version of qjail has an built in auto convert function that you may select
		21	to choose that fixes those minor behavior problems with your existing jails.
		22	This auto convert function is not documented in the qjail manual. Its only
		23	shown here. So write it down.
		24
		25	Issue [ qjail update -u ] from the host console.
		26
		27	This will cause the existing "flavors" default & ssh-default directories to be
		28	renamed and new ones populated. Then in each existing jail the periodic.conf
		29	and newsyslog.conf files will be renamed with .saved suffix and new ones added.
		30	The rc.conf file will be updated in place changing the
		31	syslogd_enable= parameter value from "NO" to "YES".
		32
		33	The new periodic.conf file has many sendmail reporting options disabled because
		34	sendmail is disabled in the jails rc.conf file by default. This drastically
		35	reduces the daily. weekly, monthly system and security status reports elapse
		36	run times. This has a major effect on operating system performance where there
		37	are a large number of jails.
		38
		39	The [ qjail install ] command will install all the correct files depending on
		40	what version of FreeBSD your host is running.
		41
17	########################################################################	42	########################################################################

Lines 15-23 Link Here

(-)qjail/pkg-plist (-4 / +6 lines)
15	%%EXAMPLESDIR%%/default/etc/make.conf	15	%%EXAMPLESDIR%%/default/etc/make.conf
16	%%EXAMPLESDIR%%/default/etc/motd	16	%%EXAMPLESDIR%%/default/etc/motd
17	%%EXAMPLESDIR%%/default/etc/periodic.conf	17	%%EXAMPLESDIR%%/default/etc/periodic.conf
18	%%EXAMPLESDIR%%/default/etc/periodic103.conf	18	%%EXAMPLESDIR%%/default/etc/periodic102.conf
		19	%%EXAMPLESDIR%%/default/etc/newsyslog102.conf
19	%%EXAMPLESDIR%%/default/etc/rc.conf	20	%%EXAMPLESDIR%%/default/etc/rc.conf
20	%%EXAMPLESDIR%%/default/etc/rc103.conf	21	%%EXAMPLESDIR%%/default/etc/rc102.conf
21	%%EXAMPLESDIR%%/default/root/.cshrc	22	%%EXAMPLESDIR%%/default/root/.cshrc
22	%%EXAMPLESDIR%%/default/usr/local/etc/pkg.conf	23	%%EXAMPLESDIR%%/default/usr/local/etc/pkg.conf
23	%%EXAMPLESDIR%%/default/usr/local/etc/sudoers	24	%%EXAMPLESDIR%%/default/usr/local/etc/sudoers
Lines 27-36 Link Here
27	%%EXAMPLESDIR%%/ssh-default/etc/motd	28	%%EXAMPLESDIR%%/ssh-default/etc/motd
28	%%EXAMPLESDIR%%/ssh-default/etc/passwd	29	%%EXAMPLESDIR%%/ssh-default/etc/passwd
29	%%EXAMPLESDIR%%/ssh-default/etc/periodic.conf	30	%%EXAMPLESDIR%%/ssh-default/etc/periodic.conf
30	%%EXAMPLESDIR%%/ssh-default/etc/periodic103.conf	31	%%EXAMPLESDIR%%/ssh-default/etc/periodic102.conf
		32	%%EXAMPLESDIR%%/ssh-default/etc/newsyslog102.conf
31	%%EXAMPLESDIR%%/ssh-default/etc/pwd.db	33	%%EXAMPLESDIR%%/ssh-default/etc/pwd.db
32	%%EXAMPLESDIR%%/ssh-default/etc/rc.conf	34	%%EXAMPLESDIR%%/ssh-default/etc/rc.conf
33	%%EXAMPLESDIR%%/ssh-default/etc/rc103.conf	35	%%EXAMPLESDIR%%/ssh-default/etc/rc102.conf
34	%%EXAMPLESDIR%%/ssh-default/etc/spwd.db	36	%%EXAMPLESDIR%%/ssh-default/etc/spwd.db
35	%%EXAMPLESDIR%%/ssh-default/etc/ssh/sshd_config	37	%%EXAMPLESDIR%%/ssh-default/etc/ssh/sshd_config
36	%%EXAMPLESDIR%%/ssh-default/root/.cshrc	38	%%EXAMPLESDIR%%/ssh-default/root/.cshrc