Bug 233310 - jail.conf system should be modularized to conf.d approach
Summary: jail.conf system should be modularized to conf.d approach
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: conf (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-bugs mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-11-19 05:28 UTC by rocky
Modified: 2019-07-04 18:19 UTC (History)
5 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description rocky 2018-11-19 05:28:50 UTC
The jail.conf system seems to be rather useful in and of itself, but given the approach of docker, xorg, openldap, and such, shouldn't this be easier to drop and replace config like in the conf.d format rather than appending the one conf file? I believe even rc has this approach available using rc.conf.d system.

This would make much more sense given that jails are individual objects in the system. Individual conf files allow quicker deployment, copy and modify, and updates to the individual jail rather than the whole conf file - especially by automation tools, where it is likely you'd want better protection to individual jails rather than bork the lot if something goes sideways if the one conf file is modified.
Comment 1 christian barthel 2018-12-25 17:32:18 UTC
(In reply to rocky from comment #0)

It seems that in FreeBSD 12.0, it is possible to have per-jail rc.conf files.  Perhaps, this might help you because the approach seems similar to conf.d.  Good examples can be found at /usr/share/examples/jails or at:
https://svnweb.freebsd.org/base/release/12.0.0/share/examples/jails/
I haven't tested this myself, but while reading through the example, the "conf.d" style may be already possible in 12.0.
Comment 2 Christian Sturm 2019-01-20 13:09:56 UTC
I don't think it really is the same thing, as it seems that one is required
to use rc.conf. While that might be a workaround allowing something like

include /etc/jail.d/*.conf

or even:

include /usr/local/etc/jail.d/*.conf

would allow one to simply use a file system overlay or installing
a jail for example via a package without having to modify rc scripts.

In that regard it could behave similar to newsyslog.conf.d which recently
got a similar features allowing the same thing.

This might even benefit the ports system.

So while using rc.conf is a workaround /etc/rc.d/jail defaults to
just loading /etc/jail.conf and it would be nice for software that
is able to handle jail.conf(5) syntax to create (or parse) such
jail configuration files and not having to understand how /etc/rc.d
precisely parses options in the rc.conf.

It would be really helpful for third party software and automation
to have a setup similar to newsyslog.conf.d, where includes are
supported (the syntax above is just an example, maybe )
and per default - if enabled - looks in both /etc/ and /usr/local/etc.
Comment 3 Sebastian S 2019-07-04 11:30:26 UTC
/signed I think this would really improve jails . Moving jails around from one host to another is a pain.