Merge pull request #324 from mekanix/feature/allow

Set jail allow.<option>

mk/base-jail.mk

@@ -76,7 +76,7 @@ setup:
 	@${MAKE} ${MAKEFLAGS} post_setup
 .endif
 .if !exists(${BASE_WORKDIR}/${SERVICE})
-	@sudo env PRESTART="${PRESTART}" POSTSTART="${POSTSTART}" PRESTOP="${PRESTOP}" POSTSTOP="${POSTSTOP}" OS_VERSION="${VERSION}" UPDATE="${UPDATE}" DHCP="${DHCP}" reggae mkjail ${MKJAIL_OPTIONS} ${SERVICE}
+	@sudo env PRESTART="${PRESTART}" POSTSTART="${POSTSTART}" PRESTOP="${PRESTOP}" POSTSTOP="${POSTSTOP}" OS_VERSION="${VERSION}" UPDATE="${UPDATE}" DHCP="${DHCP}" ALLOW="${ALLOW}" reggae mkjail ${MKJAIL_OPTIONS} ${SERVICE}
 .endif
 .if ${DEVEL_MODE} == "YES"
 	-@sudo mount -t nullfs ${PWD} ${BASE_WORKDIR}/${SERVICE}/usr/src >/dev/null 2>&1

scripts/mkjail.sh

@@ -177,18 +177,21 @@ else
   MOUNTS=$(get_mounts)
   DEPENDS=$(get_dependencies)
   if [ ! -z "${PRESTART}" ]; then
-    PRESTART="\n exec.prestart += \"${PRESTART}\";"
+    PRESTART="\n  exec.prestart += \"${PRESTART}\";"
   fi
   if [ ! -z "${POSTSTART}" ]; then
-    POSTSTART="\n exec.poststart += \"${POSTSTART}\";"
+    POSTSTART="\n  exec.poststart += \"${POSTSTART}\";"
   fi
   if [ ! -z "${PRESTOP}" ]; then
-    PRESTOP="\n exec.prestop += \"${PRESTOP}\";"
+    PRESTOP="\n  exec.prestop += \"${PRESTOP}\";"
   fi
   if [ ! -z "${POSTSTOP}" ]; then
-    POSTSTOP="\n exec.poststop += \"${POSTSTOP}\";"
+    POSTSTOP="\n  exec.poststop += \"${POSTSTOP}\";"
   fi
-  OPTIONS="${MOUNTS}${DEPENDS}${PRESTART}${POSTSTART}${PRESTOP}${PRESTOP}"
+  for option in ${ALLOW}; do
+    JAIL_ALLOW="\n  allow.${option};${JAIL_ALLOW}"
+  done
+  OPTIONS="${JAIL_ALLOW}${MOUNTS}${DEPENDS}${PRESTART}${POSTSTART}${PRESTOP}${POSTSTOP}"
   cat << EOF >"/etc/jail.conf.d/${NAME}.conf"
 ${NAME} {
   \$id = ${ID};

templates/base-jail.conf

@@ -11,7 +11,6 @@
   devfs_ruleset = 8;
   allow.raw_sockets;
   allow.chflags;
-  allow.sysvipc;
 
   exec.prepare = "ifconfig ${host_interface} destroy >/dev/null 2>&1 || true";