FreeBSD Manual Pages
JAILDAEMON(1) User's Supplementary Documents JAILDAEMON(1) NAME jaildaemon -- A fixed command-line interface for FreeBSD jails to their host system SYNOPSIS jaildaemon -D [-p pidfile] [-f ipcsockpath] jaildaemon -c command -j jid [-rR] [-u uid] [-g gid] [-t proctitle] [-f ipcsockpath] DESCRIPTION The jaildaemon daemon awaits commands from the jaildaemon utility to spawn a probe process in a jail, optionally giving it a talking procti- tle. It assigns a single command to this process which is executed once the associated probe receives the HUP signal, optionally respawning the probe. This is useful to allow scripts or users in a jail(8) environment to trigger some predefined actions in the host system, like rebooting a jailed host, manipulating devices or taking file system snapshots. The options are as follows: -D Start the jaildaemon in daemon mode. It will check for other instances of jaildaemon by sending a test command to the ipc socket. -p pidfile When run in daemon mode, write the ID of the daemon process into the pidfile using the pidfile(3) functionality. Ignored in utility mode. -f ipcsockpath jaildaemon in utility mode passes commands to the jaildaemon daemon via unix domain socket, which defaults to /var/run/jaildaemon.pipe. You can pass an alternative with this option. -c command Start the jaildaemon in utility mode and pass the command, to- gether with the jid and an optional proctitle to the jaildaemon daemon. When the utility detects no running jaildaemon daemon, an error is reported. -j jid The jail id of the jail jaildaemon daemon shall attach the probe process to. -t proctitle Setting a proctitle on the probe process is useful to provide some information to scripts or users in the jail, what action sending the HUP signal triggers. The proctitle is visible via the ps(1) utility and signals can be sent to all processes matching the string with the pkill(1) utility when invoked with the -f option. (See "EXAMPLES" for more details.) -r Tell the jaildaemon daemon to respawn the probe process once the triggered command in the host system has completed. By default all commands start single shot processes; to avoid race conditions and multiple invocations of possibly non-reen- trant scripts, probe processes kill themselves after receiving the HUP signal. Respawning is meant as an option for commands that do not shut down the jail. -R Just like the -r option, only the jaildaemon daemon does not wait for the command to complete before re-spawning the probe process. Use this option only if you know, what you're doing. Most shell scripts are not re-entrant, even if their authors think so and most programs that run long enough should not be started twice with identical parameters. -u uid Probes normally run as user root and thus can only be signalled by root inside the jail. For some use cases it is desirable to allow non-privileged processes inside the jail to signal the probe. You can use this switch to tell jaildaemon what uid to drop to after being jailed away. (Note that uids inside and outside the jail are never guaranteed to match.) Use this option only if you know, what you're doing. For most occasions it is a good idea to restrict signalling probes to the root user. -g gid Set the group ID of the probe process. Useful together with the -u switch on hosts where security.bsd.see_other_gids=0. Exactly one of the -D or -c options must be specified, in daemon mode all options for the utility mode are ignored. In utility mode the -j parameter is mandatory. EXAMPLES Starting the daemon The jaildaemon daemon normally is run from its rc(8) script on boot time. Invoke the daemon by hand using this command: jaildaemon -D -p /var/run/jaildaemon.pid Start the daemon and write the daemon's pid to the file /var/run/jaildaemon.pid. (This is the default pid file loca- tion.) Running the utility When the jaildaemon daemon is alive, you can start attaching probe com- mands to running jails. While the first examples show you what is possible, the most simple way of scripting an action is to write a small wrapper script as shown in the third example. jaildaemon -c 'ezjail-admin restart example.com' -j 23 -t EZJAIL_REBOOT Start a probe in jail with jid 23 (presumably a jail with the name "example.com") and assign it the command ezjail-admin restart example.com The proctitle "EZJAIL_REBOOT" will be visible from within the jail, and a reboot can be triggered from a script inside the jail with the command pkill -HUP -f EZJAIL_REBOOT jaildaemon -c 'zfs snapshot jails/example.com@`date +%s`' -j 42 -r -t ZFS_SNAPSHOT Start a probe in jail with jid 42 (presumably a jail with the name "example.com") and assign it the command zfs snapshot jails/example.com@`date +%s` The proctitle "ZFS_SNAPSHOT" will be visible from within the jail and taking a zfs snapshot of the jail's file system can be triggered from a script inside the jail with the command pkill -HUP -f ZFS_SNAPSHOT After the zfs snapshot command finished, a new probe with iden- tical parameters is spawned and attached to the jail. jaildaemon -c 'reload_routing_table.sh example.com' -j 1 -r -t UPDATE_ROUTING FILES /var/run/jaildaemon.pipe SEE ALSO jail(8), signal(3), ps(1), pgrep(1), pkill(1) AUTHOR Dirk Engling <erdgeist@erdgeist.org>. FreeBSD March 11, 2013 JAILDAEMON(1)
NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | FILES | SEE ALSO | AUTHOR
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=jaildaemon&sektion=1&manpath=FreeBSD+Ports+15.0>