The jail.conf system seems to be rather useful in and of itself, but given the approach of docker, xorg, openldap, and such, shouldn't this be easier to drop and replace config like in the conf.d format rather than appending the one conf file? I believe even rc has this approach available using rc.conf.d system.
This would make much more sense given that jails are individual objects in the system. Individual conf files allow quicker deployment, copy and modify, and updates to the individual jail rather than the whole conf file - especially by automation tools, where it is likely you'd want better protection to individual jails rather than bork the lot if something goes sideways if the one conf file is modified.
(In reply to rocky from comment #0)
It seems that in FreeBSD 12.0, it is possible to have per-jail rc.conf files. Perhaps, this might help you because the approach seems similar to conf.d. Good examples can be found at /usr/share/examples/jails or at:
I haven't tested this myself, but while reading through the example, the "conf.d" style may be already possible in 12.0.
I don't think it really is the same thing, as it seems that one is required
to use rc.conf. While that might be a workaround allowing something like
would allow one to simply use a file system overlay or installing
a jail for example via a package without having to modify rc scripts.
In that regard it could behave similar to newsyslog.conf.d which recently
got a similar features allowing the same thing.
This might even benefit the ports system.
So while using rc.conf is a workaround /etc/rc.d/jail defaults to
just loading /etc/jail.conf and it would be nice for software that
is able to handle jail.conf(5) syntax to create (or parse) such
jail configuration files and not having to understand how /etc/rc.d
precisely parses options in the rc.conf.
It would be really helpful for third party software and automation
to have a setup similar to newsyslog.conf.d, where includes are
supported (the syntax above is just an example, maybe )
and per default - if enabled - looks in both /etc/ and /usr/local/etc.
/signed I think this would really improve jails . Moving jails around from one host to another is a pain.
/signed to Further support for this. Would significantly aid portability and transport of individual jails between systems.
^Triage: Assignee timeout, reset.
I would look to an official tool/process to appear in base. In the mean time I created a tool for myself that (so far) has worked well for my use cases. It's very crude, but does the job.
^Triage: Antranig has a PoC/WIP in review, add references: