|Summary:||jail.conf system should be modularized to conf.d approach|
|Component:||conf||Assignee:||freebsd-bugs mailing list <bugs>|
|Severity:||Affects Only Me||CC:||bch, daniel, driesm.michiels, reezer, sharky|
Description rocky 2018-11-19 05:28:50 UTC
The jail.conf system seems to be rather useful in and of itself, but given the approach of docker, xorg, openldap, and such, shouldn't this be easier to drop and replace config like in the conf.d format rather than appending the one conf file? I believe even rc has this approach available using rc.conf.d system. This would make much more sense given that jails are individual objects in the system. Individual conf files allow quicker deployment, copy and modify, and updates to the individual jail rather than the whole conf file - especially by automation tools, where it is likely you'd want better protection to individual jails rather than bork the lot if something goes sideways if the one conf file is modified.
Comment 1 christian barthel 2018-12-25 17:32:18 UTC
(In reply to rocky from comment #0) It seems that in FreeBSD 12.0, it is possible to have per-jail rc.conf files. Perhaps, this might help you because the approach seems similar to conf.d. Good examples can be found at /usr/share/examples/jails or at: https://svnweb.freebsd.org/base/release/12.0.0/share/examples/jails/ I haven't tested this myself, but while reading through the example, the "conf.d" style may be already possible in 12.0.
Comment 2 Christian Sturm 2019-01-20 13:09:56 UTC
I don't think it really is the same thing, as it seems that one is required to use rc.conf. While that might be a workaround allowing something like include /etc/jail.d/*.conf or even: include /usr/local/etc/jail.d/*.conf would allow one to simply use a file system overlay or installing a jail for example via a package without having to modify rc scripts. In that regard it could behave similar to newsyslog.conf.d which recently got a similar features allowing the same thing. This might even benefit the ports system. So while using rc.conf is a workaround /etc/rc.d/jail defaults to just loading /etc/jail.conf and it would be nice for software that is able to handle jail.conf(5) syntax to create (or parse) such jail configuration files and not having to understand how /etc/rc.d precisely parses options in the rc.conf. It would be really helpful for third party software and automation to have a setup similar to newsyslog.conf.d, where includes are supported (the syntax above is just an example, maybe ) and per default - if enabled - looks in both /etc/ and /usr/local/etc.
Comment 3 Sebastian S 2019-07-04 11:30:26 UTC
/signed I think this would really improve jails . Moving jails around from one host to another is a pain.