lexxai
Dabbler
- Joined
- Nov 9, 2016
- Messages
- 33
I want do isolate jail from jail by bridge private feature.
I try set script as
/root/test/pstart.sh:
This script search all bridge0 members with name 'vnet', and mark it as PRIVATE member of bridge0.
But debug log file (/root/test/list.txt) not have any members of vnet interfaces still. Will say that script start too early.
Later after
How automate it process of bridge0 isolation when auto boot enabled for jail?
And in future may be interest will set to GUI jail isolation options ?
p.s:
detected that exec_poststart start after
I modified script for run in background other subscript that wait vnet interfaces, but
pstart.sh
Subscript pstart-e.sh
My method work only if script run before start jail
But in this case it not started automatically if system reboot.
Next not clear solution but work: run via at scheduler in next minute after start jail
but next minute it approx. time since crontab run every /5 minutes atrun cmd
It solution work after reboot automatically, with delayed protection jails up to 5 mins after it start.
I try set script as
poststart option to jail: iocage set exec_poststart=/root/test/pstart.sh foo/root/test/pstart.sh:
#!/bin/sh
ifconfig bridge0 | grep member: |grep -v PRIVATE | awk '{ print $2 }' | grep 'vnet' | xargs ifconfig bridge0 private
echo `ifconfig bridge0` >> /root/test/list.txtThis script search all bridge0 members with name 'vnet', and mark it as PRIVATE member of bridge0.
But debug log file (/root/test/list.txt) not have any members of vnet interfaces still. Will say that script start too early.
Later after
iocage start foo finished this vnet interfaces present on bridge0.How automate it process of bridge0 isolation when auto boot enabled for jail?
And in future may be interest will set to GUI jail isolation options ?
p.s:
detected that exec_poststart start after
iocage start foo message * Starting foo and wait finishing exec_poststart cmd with exit 0, then have message + Started OK.I modified script for run in background other subscript that wait vnet interfaces, but
iocage wait until finished subscript too and result of all task NEGATIVE.pstart.sh
#!/bin/sh
nohup sh -x /root/test/pstart-e.sh &
Subscript pstart-e.sh
#!/bin/sh
maxloop=20
BRIDGE="bridge0"
while [ "${maxloop}" -ne "0" ]
do
maxloop=`expr $maxloop - 1`
if [ ! -z "`/sbin/ifconfig ${BRIDGE} | /usr/bin/grep 'member: vnet' | /usr/bin/grep -v PRIVATE`" ]; then
/sbin/ifconfig ${BRIDGE} | /usr/bin/grep member: |/usr/bin/grep -v PRIVATE | awk '{ print $2 }' | /usr/bin/grep 'vnet' | xargs -I % ifconfig ${BRIDGE} private %
echo `/sbin/ifconfig bridge0` >> /root/test/list.txt
break
else
sleep 1
echo "Loop id:" ${maxloop} | wall
fi
done
My method work only if script run before start jail
iocage start foo. ./pstart-e.sh&
iocage start fooBut in this case it not started automatically if system reboot.
Next not clear solution but work: run via at scheduler in next minute after start jail
iocage set exec_poststart='at -f /root/test/pstart.sh now + 1 minute' foobut next minute it approx. time since crontab run every /5 minutes atrun cmd
*/5 * * * * root /usr/libexec/atrun > /dev/null 2>&1It solution work after reboot automatically, with delayed protection jails up to 5 mins after it start.
Last edited:
