mount(8) and /etc/rc.d/jail

From: Jeremie Le Hen <jeremie.le-hen_at_epita.fr> Date: Tue, 20 Jul 2004 16:44:34 +0200 · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:02 UTC

Hello -current,

I have a jail running Postfix whose filesystem is mirrored from the host
using mount_nullfs(8).  The problem is that when I upgrade the Postfix,
the port removes /usr/local/libexec/postfix/, which is mount_nullfs'ed
on /jail/postfix/usr/local/libexec/postfix/, then recreates it, but the
vnode is obsviously not the same and thus the nullfs mount is not valid
any longer.  Of course, I can simply install Postfix in the jail
filesystem and not on the host, but I consider this as a workaround and
furthermore I want to run Postfix from the host itself.

I was fed up with typing 
    for fs in `mount | awk '/postfix/ {print $3}'` ; do umount $i ; done
each time I don't forget to do it.

I decided to make the rc(8) jail script manage the mounts for each jail.
There was two ways to do it :
    * either use a tiny awk script to parse fstab(5) file and some
      magic shell gymnatic to mount/umount when starting/stopping the
      jail,
    * or make a new mount(8)/umount(8) option to act only on mount
      points which match a given prefix.
I implemented the second solution, but if someone has a good argument
to use the first one instead, I'm ready to listen to him.

Two patches are attached.  I didn't make a PR since I would like to
see what people think before sending it.  The first patch adds a `-c'
flags to mount(8) and umount(8) whose argument is the prefix to match
for (`c' for `cmp', since `p' is already used in mount(8)).  I tested
it against my system and it seems to work quite well.  Nevertheless a
friend of mine pointed me that matching against a pathname could be
delicate because of symlinks.  I don't really know how to overcome this,
except I can put some king of warning or advice in the manpage.
Suggestions are very welcome.  The second patch simply modifies the
rc(8) jail script to take advantage of the first one.  It works well
either.

Regards,
-- 
Jeremie LE HEN aka TtZ/TataZ                          jeremie.le-hen_at_epita.fr
                                                                 ttz_at_epita.fr
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!