qjail-3.2 change log
1. Added IPv6 support to "create" and "config" commands.
2. Changed the way jail status is determined. Now use "jls -j jailname jid"
command instead of carring internal jid field in jail definition record.
This fixed jail status problem when users used the "halt or reboot"
command on the host instead of the "shutdown now" command.
3. Changed qjail-bootime script to nolonger populate internal jid field
in jail definition record.
4. Corrected coding of conflicts_install parameter in the port Makefile
so it functions as wanted. Also inserted message info block about upgrade
procedure and CONFLICT resolution.
5. Removed all references to qjail.conf file from all man pages.
6. Corrected examples in qjail man for "qjail create" command using
new -4 option for IPv4 IP addresses.
qjail-3.1 change log http://www.freebsd.org/cgi/query-pr.cgi?pr=179769
1. sharefs/usr/src and sharefs/usr/ports were missing links. Design was to
have sharedfs share those directories with all jails. Added code to mkdir
src and port on sharedfs and link to template.
2. For update -b, archive sharedfs, restore sharedfs and install commands,
replaced the logic of rolling through the qjail.local directory opening
each definition file to check if jail was running which left the last opened
jail variables populated, with logic based on using jls command to list
the running jails and then checking jls list to qjail.global
directory content of qjail owned jails to determine if jail was running.
3. For archive of image jail, removed qjail prefix from variable name.
4. For "update -b" host binaries have noschg set on a few files, added
chflags -R noschg "${sharedfs}/${dir}"
chflags -R nosunlink "${sharedfs}/${dir}"
commands to remove said status on all files.
5. Add "mount.devfs=1" parameters to build_def function of qjail script and
qjail-bootime script. This enables ps and top commands to work inside of
jail. This is a work around for /dev bug in jail(8).
6. "qjail create -a img20 -i 25 img25 10.0.10.20" Using a image archive caused
cpio to complain when copying the template to populate the img file.
Replaced cpio with "cp -R dir/" command, also made the same change to
the dup image logic. The cpio command has problems working with sparse files.
7. Added "qjail config -h" option. This option provides a way to enable "SSH"
on a jail. Same option as -c of the "qjail create" command.
8. Updated "man qjail" with instructions on using the "mv" command to give
jails access to the hosts "/usr/ports" or "/usr/src" directories.
9. Added new function to "config" command call -m for manual start jails,
-m to enable and -M to disable.
10. Changed the "config" command call -r [run, norun] option to -r to enable
and -R to disable.
qjail-3.0 change log http://www.freebsd.org/cgi/query-pr.cgi?pr=179184
1. This version of qjail has been converted from using the legacy rc.d-method
as used in all previous versions of qjail, to using the jail(8)
jail.conf-method available in RELEASE-9.1. This upgrade provides the
ability to enable the following new options on a per-jail basis.
exec.fib, allow.raw_sockets, allow.quotas, allow.mount.nullfs,
allow.mount.zfs, cpuset.id, securelevel, vnet.interface, and vnet.
The vnet option gives a jail its own network stack using the experimental
vimage software with or with out ipfw firewall and using if_bridge/epair
or netgraph for its network. This qjail version is not functional
for RELEASES older than RELEASE-9.1.
2. The basejail has been renamed to sharedfs and
newjail has been renamed to template.
3. The archive function now uses the tar utility to bkup the jailname
filesystem with it's internal qjail admin files.
4. The restore function now uses the tar utility to restore the jailname
filesystem with it's internal qjail admin files.
5. The -a option of the create command now uses the tar utility to restore
the jailname filesystem.
6. The qjail man page up-dated to reflect all changes to qjail.
7. The qjail.conf file has been deprecated and removed.
8. Added logic to the "config" command to enable and disable the jail(8)
selected extended options.
PR: ports/180773
Submitted by: Joe Barbish <qjail@a1poweruser.com> (maintainer)
1. Added logic to interrogate the content of flavors for correctness
before allowing them to be merged into the newjail being created.
Only paths targeting directories holding configuration files are
allowed now. The jail create process is terminated and the offending
paths are listed in error messages.
2. Changed the /root/.cshrc file in both flavors default and ssh-default
to now contain setenv PACKAGESITE to point to packages-current
so login users of any jail will have the most current package
version available.
4. In the qjail install logic added code to create these additional paths
in basejail, /usr/ports/packages, /usr/home and /home link.
5. The create -D -I options have been combined to just -d.
6. The create -i -s options have been combined to just -i.
7. The create -c & -C options have been reduced to just -c.
8. The create options -c and -f ssh-default now force the first time
login user to enter a new password.
9. Added logic to create, that rolls through the ip addresses of the
existing
jails to verify the ip address/addresses on the create command are not
all ready used.
10. Corrected the list command display format when jail has more than a
single ip address.
11. Changed the order jails are started, stopped, restarted, and listed
from <z to a> to <a to z>. Also for boot starts.
12. Added system wide logging. Every qjail subcommand and error message
is logged to /var/log/qjail.log. Rotating of the log is enabled.
13. The install subcommand has new -l option to activate system wide
logging.
14. The update subcommand has [-l on|off] option to turn logging on and off.
15. Added new subcommand logmsg. This posts comments to the log file.
16. Changed update option to use its own
/usr/local/etc/qjail.portsnap.conf
file instead of the hosts /etc/portsnap.conf. Enabled REFUSE statements in
/usr/local/etc/qjail.portsnap.conf to drop categories most likely to never
be
used to compile ports inside of a jail.
17. As sparse image allocations get larger 1G -> 5G creating jails from
archives was taking very long times to complete, 20 minutes or more.
Archives of sparse images larger that 7G caused terminations. All these
things have one thing in common. They all used the pax and cpio utilities.
Turns out these utilities are not sparse file aware. Had to completely
change the way sparse image jails moved through the qjail system. Now the
archive process opens the sparse image and really archives it as a
directory tree jail. This required restore and create options to change
also.
PR: ports/175771
Submitted by: Joe Barbish (maintainer)
Standard maintenance.
1. Added -c option on "qjail create" command that enables ssh access to the
jail and creates user account using jailname for id/pw.
2. Added -C option on "qjail create" command that depends on -D option that
creates ssh access to jail and creates user account using jailname for
id/pw while automatically duplicating jails.
3. Created a customized flavor, ssh-default that enables ssh access to jails.
This flavor contains a login account with id/pw of qjail.
4. Removed -c option from "qjail install" because hosts customized /etc
caused problems with jail start up.
5. Updated man qjail.8 to reflect the changes.
PR: ports/174890
Submitted by: Joe Barbish <qjail@a1poweruser.com> (maintainer)
Added code to qjail install function to check for
-STABLE, -PRERELEAASE, and -CURRENT versions running
on the host and if so issue message that binary source
is not available for download and to use the
[qjail install -c] flag to clone the host system to
populate the basejail with.
Used setenv UNAME_r "9-stable" command on host to set
release value seen by qjail.
PR: ports/174644
Submitted by: Joe Barbish <qjail@a1poweruser.com> (maintainer)
uname -r shows 4 formats.
9.0-BETA1, 9.0-RC1, 9.0-RELEASE, and 9.0-RELEASE-p1
Logic added by 1.7 was supposed to correctly remove the -p1 string,
which it did if present, but if not present the -RELEASE gets removed
in error which results in the incorrect ftp url path for fetching the
install source.
Rewrote logic to handle -p suffix differently so it gets stripped
off leaving 9.0-RELEASE which is handled normally.
PR: ports/174037
Submitted by: Joe Barbish <qjail@a1poweruser.com> (maintainer)
Feature safe: yes
On 'qjail install' command run on -BETA or -RC host has no binary distribution source available by design. Added logic to check for this condition and issue error message informing user.
On 'qjail install' command run on a host that has had security binary patches applied results in [uname -r] command returning [Release-9.0-p3]. There is no binary distribution source available by design for patched systems. Added code to strip the -p3 suffix resulting in the 9.0-Release distribution source being downloaded and used to populate the basejail.
PR: ports/173394
Submitted by: Joe Barbish (maintainer)
Feature safe: yes
-a option means create new jail from archive file of jail-aaa.
Search of /usr/jails/archive selected incorrect archive file.
If archive files named jail-aaa, jail-aaa-bbb, jail-aaa-bbb-ccc were present
jail-aaa-bbb-ccc was always selected incorrectly.
This same logic was also used for 'qjail restore jail-aaa', but that logic
had check for this condition that told user to use full archive name that
included the date stamp archive was created. Fixed logic in both functions.
PR: ports/171724
Submitted by: maintainer (Joe Barbish <qjail@a1poweruser.com>)
Updated script so that the perluglyhack code is added to the end of
qjail update -b logic
PR: ports/166666
PR: ports/166917
Submitted by: Joe Barbish (maintainer)
- while here loop on install of man pages
Changed qjail to work with new path and single base
file install format now used in 9.0.
PR: ports/165603
Submitted by: maintainer, qjail@a1poweruser.com
system that includes security and performance enhancements. Plus a new level
of "user friendliness" enhancements dealing with deploying just a few jails or
large jail environments consisting of 100's of jails.
Qjail requires no knowledge of the jail command usage. It uses "nullfs" for
read-only system binaries, sharing one copy of them with all the jails.
Uses "mdconfig" to create sparse image jails. Sparse image jails provide a
method to limit the total disk space a jail can consume, while only occupying
the physical disk space of the sum size of the files in the image jail.
Ability to assign ip address with their network device name,
so aliases are auto created on jail start and auto removed on jail stop.
Ability to create "ZONE"s of identical qjail systems, each with their own
group of jails.
Ability to designate a portion of the jail name as a group prefix so the
command being executed will apply to only those jail names matching that prefix.
WWW: http://sourceforge.net/projects/qjail/http://qjail.sourceforge.net/
PR: ports/148777
Submitted by: Joe Barbish <joeb@a1poweruser.com>
Approved by: rene (mentor)
