Main index | Section 5 | Options |
The general syntax of a jail definition is:
jailname { parameter = "value"; parameter = "value"; ... }
Each jail is required to have a name at the front of its definition. This is used by jail(8) to specify a jail on the command line and report the jail status, and is also passed to the kernel when creating the jail.
A typical parameter has a name and a value. Some parameters are boolean and may be specified with values of "true" or "false", or as valueless shortcuts, with a "no" prefix indicating a false value. For example, these are equivalent:
allow.mount = "false"; allow.nomount;
Other parameters may have more than one value. A comma-separated list of values may be set in a single statement, or an existing parameter list may be appended to using "+=":
ip4.addr = 10.1.1.1, 10.1.1.2, 10.1.1.3;ip4.addr = 10.1.1.1; ip4.addr += 10.1.1.2; ip4.addr += 10.1.1.3;
Note the name parameter is implicitly set to the name in the jail definition.
Special characters may be quoted by preceding them with a backslash. Common C-style backslash character codes are also supported, including control characters and octal or hex ASCII codes. A backslash at the end of a line will ignore the subsequent newline and continue the string at the start of the next line.
path = "/var/jail/$name";path = "/var/jail/${host.hostname}";
Variable substitution occurs in unquoted tokens or in double-quoted strings, but not in single-quote strings.
A variable is defined in the same way a parameter is, except that the variable name is preceded with a dollar sign:
$parentdir = "/var/jail"; path = "$parentdir/$name";
The difference between parameters and variables is that variables are only used for substitution, while parameters are used both for substitution and for passing to the kernel.
Variable substitution is done on a per-jail basis, even when that substitution is for a parameter defined in a wildcard section. This is useful for wildcard parameters based on e.g. a jail's name.
Later definitions in the configuration file supersede earlier ones, so a wildcard section placed before (above) a jail definition defines parameters that could be changed on a per-jail basis. Or a wildcard section placed after (below) all jails would contain parameters that always apply to every jail. Multiple wildcard statements are allowed, and wildcard parameters may also be specified outside of a jail definition statement.
If hierarchical jails are defined, a partial-matching wildcard definition may be specified. For example, a definition with a name of "foo.*" would apply to jails with names like "foo.bar" and "foo.bar.baz".
/* This is a C style comment. * It may span multiple lines. */// This is a C++ style comment.
# This is a shell style comment.
Comments are legal wherever whitespace is allowed, i.e. anywhere except in the middle of a string or a token.
# Typical static defaults: # Use the rc scripts to start and stop jails. Mount jail's /dev. exec.start = "/bin/sh /etc/rc"; exec.stop = "/bin/sh /etc/rc.shutdown jail"; exec.clean; mount.devfs;# Dynamic wildcard parameter: # Base the path off the jail name. path = "/var/jail/$name";
# A typical jail. foo { host.hostname = "foo.com"; ip4.addr = 10.1.1.1, 10.1.1.2, 10.1.1.3; }
# This jail overrides the defaults defined above. bar { exec.start = ''; exec.stop = ''; path = /; mount.nodevfs; persist; // Required because there are no processes }
James Gritton added the extensible jail parameters and configuration file.
JAIL.CONF (5) | August 6, 2019 |
Main index | Section 5 | Options |
Please direct any comments about this manual page service to Ben Bullock. Privacy policy.
“ | If it wasn't for C, we'd be using BASI, PASAL and OBOL | ” |