Path: blob/main/website/content/en/status/report-2025-01-2025-03/jailmeta.adoc
18096 views
=== Jail metadata feature Links: + link:https://cgit.freebsd.org/src/commit/?id=30e6e008bc06385a66756bebb41676f4f9017eca[The main commit] URL: link:https://cgit.freebsd.org/src/commit/?id=30e6e008bc06385a66756bebb41676f4f9017eca[] Contact: Igor Ostapenko <[email protected]> + Contact: Dave Cottlehuber <[email protected]> The `meta` and `env` new parameters of man:jail[8] have been introduced. Each one is an arbitrary string associated with a jail. It can be set upon jail creation or added/modified later: # jail -cm ... meta="tag1=value1 tag2=value2" env="configuration" The values are not inherited from the parent jail. A parent jail can read both metadata parameters, while a child jail can read only `env` via the newly added `security.jail.env` sysctl. The maximum size of `meta` or `env` per jail is controlled by the global `security.jail.meta_maxbufsize` sysctl. Decreasing it does not alter the existing meta information. Each metadata buffer can optionally be handled as a set of `key=value\n` strings: # jail -cm ... meta="$(echo k1=v1; echo k2=v2)" env.1=one # jls meta.k2 env.1 meta.k1 While `meta.k1=""` or `meta.k1=` resets the value to an empty string, the `meta.k1` without the equal sign removes the given key. The flua's libjail has been updated respectively to support the key-based handling. Sponsor: SkunkWerks GmbH