kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
freebsd-ports/sysutils/qjail/pkg-descr
Vanilla I. Shu d9e860874c Upgrade to 3.6. 
1. Add allow.mount.tmpfs parameter to build-jail.conf routine.
   Check if kernel tmpfs.ko has been loaded
   to host and if not then issue "kldload tmpfs" command.

2. Add code to config logic for lower case t to enable
   allow.mount.tmpfs parameter and upper case T to disable
   allow.mount.tmpfs parameter.

3. Remove -l null as method to disable nullfs and replace with
   upper case L to to disable nullfs.

4. Add upper case S to disable lower case s option.

5. Remove -w null as method to disable and replace with
   upper case W to to disable.

6. Fix fib -f parameter so it now works as wanted.

7. Comment out code for setcpu parameter as jail(8) now has bug
   about it.

8. Remove -w null as method to disable vnet interface parameter
   and replace with upper case W to disable it.

9. Make appropriate changes to man qjail.8 file.

10. Change good os version from 93 to 92.

11. Make appropriate changes to qjail.bootime script.

PR:		ports/192220
Submitted by:	maintainer
2014-07-29 03:46:20 +00:00

33 lines
1.7 KiB
Text
Raw Blame History

Qjail [ q = quick ] is a 4th generation wrapper for the basic chroot jail
system that includes security and performance enhancements. Plus a new level
of "user friendliness" enhancements dealing with deploying just a few jails or
large scale jail environments consisting of 100's of jails.
This version of qjail uses the jail(8) jail.conf method. This provides the
ability to enable the following options on a per-jail basis. exec.fib,
securelevel, allow.sysvipc, devfs_rulesets, allow.raw_sockets, allow.quotas,
allow.mount.nullfs, allow.mount.tmpfs, allow.mount.zfs, vnet.interface, and
vnet. The vnet option gives a jail its own network stack using the experimental
vimage kernel module. This qjail version is not intended for RELEASES older than
RELEASE-9.2. The vnet option has only been tested on i386 and amd64 equipment.
Qjail requires no knowledge of the jail command usage. It uses "nullfs" for
read-only system executables, sharing one copy of them with all the jails.
Uses "mdconfig" to create sparse image jails. Sparse image jails provide a
method to limit the total disk space a jail can consume, while only occupying
the physical disk space of the sum size of the files in the image jail.
Ability to assign ip address with their network device name,
so aliases are auto created on jail start and auto removed on jail stop.
Ability to create "ZONE"s of identical qjail systems, each with their own
group of jails.
Ability to designate a portion of the jail name as a group prefix so the
command being executed will apply to only those jail names matching that prefix.
Qjail has been incorporated into the Finch open source project,
see http://dreamcat4.github.io/finch/ for details.
WWW: http://qjail.sourceforge.net/
Reference in a new issue View git blame Copy permalink