etc/rc.d/jail

113568Smtm#!/bin/sh
113568Smtm#
113568Smtm# $FreeBSD$
113568Smtm#
113568Smtm
113568Smtm# PROVIDE: jail
240336Sobrien# REQUIRE: LOGIN FILESYSTEMS
114735Smtm# BEFORE: securelevel
136224Smtm# KEYWORD: nojail shutdown
113568Smtm
113568Smtm. /etc/rc.subr
113568Smtm
113568Smtmname="jail"
230099Sdougbrcvar="jail_enable"
204818Sdougb
113568Smtmstart_cmd="jail_start"
256256Shrsstart_postcmd="jail_warn"
113568Smtmstop_cmd="jail_stop"
256256Shrsconfig_cmd="jail_config"
256256Shrsconsole_cmd="jail_console"
256256Shrsstatus_cmd="jail_status"
256256Shrsextra_commands="config console status"
256256Shrs: ${jail_conf:=/etc/jail.conf}
256256Shrs: ${jail_program:=/usr/sbin/jail}
256668Shrs: ${jail_consolecmd:=/usr/bin/login -f root}
256256Shrs: ${jail_jexec:=/usr/sbin/jexec}
256256Shrs: ${jail_jls:=/usr/sbin/jls}
113568Smtm
256256Shrsneed_dad_wait=
256256Shrs
256256Shrs# extact_var jail name param num defval
256256Shrs#	Extract value from ${jail_$jail_$name} or ${jail_$name} and
256256Shrs#	set it to $param.  If not defined, $defval is used.
256256Shrs#	When $num is [0-9]*, ${jail_$jail_$name$num} are looked up and
256256Shrs#	$param is set by using +=.
256256Shrs#	When $num is YN or NY, the value is interpret as boolean.
256256Shrsextract_var()
256256Shrs{
256256Shrs	local i _j _name _param _num _def _name1 _name2
256256Shrs	_j=$1
256256Shrs	_name=$2
256256Shrs	_param=$3
256256Shrs	_num=$4
256256Shrs	_def=$5
256256Shrs
256256Shrs	case $_num in
256256Shrs	YN)
256256Shrs		_name1=jail_${_j}_${_name}
256256Shrs		_name2=jail_${_name}
256256Shrs		eval $_name1=\"\${$_name1:-\${$_name2:-$_def}}\"
256256Shrs		if checkyesno $_name1; then
256256Shrs			echo "	$_param = 1;"
256256Shrs		else
256256Shrs			echo "	$_param = 0;"
256256Shrs		fi
256256Shrs	;;
256256Shrs	NY)
256256Shrs		_name1=jail_${_j}_${_name}
256256Shrs		_name2=jail_${_name}
256256Shrs		eval $_name1=\"\${$_name1:-\${$_name2:-$_def}}\"
256256Shrs		if checkyesno $_name1; then
256256Shrs			echo "	$_param = 0;"
256256Shrs		else
256256Shrs			echo "	$_param = 1;"
256256Shrs		fi
256256Shrs	;;
256256Shrs	[0-9]*)
256256Shrs		i=$_num
256256Shrs		while : ; do
256256Shrs			_name1=jail_${_j}_${_name}${i}
256256Shrs			_name2=jail_${_name}${i}
256256Shrs			eval _tmpargs=\"\${$_name1:-\${$_name2:-$_def}}\"
256256Shrs			if [ -n "$_tmpargs" ]; then
256256Shrs				echo "	$_param += \"$_tmpargs\";"
256256Shrs			else
256256Shrs				break;
256256Shrs			fi
256256Shrs			i=$(($i + 1))
256256Shrs		done
256256Shrs	;;
256256Shrs	*)
256256Shrs		_name1=jail_${_j}_${_name}
256256Shrs		_name2=jail_${_name}
256256Shrs		eval _tmpargs=\"\${$_name1:-\${$_name2:-$_def}}\"
256256Shrs		if [ -n "$_tmpargs" ]; then
256256Shrs			echo "	$_param = \"$_tmpargs\";"
256256Shrs		fi
256256Shrs	;;
256256Shrs	esac
256256Shrs}
256256Shrs
256256Shrs# parse_options _j
256256Shrs#	Parse options and create a temporary configuration file if necessary.
119397Smtm#
256256Shrsparse_options()
119397Smtm{
256668Shrs	local _j _p
256256Shrs	_j=$1
119397Smtm
256256Shrs	_confwarn=0
119397Smtm	if [ -z "$_j" ]; then
256256Shrs		warn "parse_options: you must specify a jail"
119397Smtm		return
119397Smtm	fi
256256Shrs	eval _jconf=\"\${jail_${_j}_conf:-/etc/jail.${_j}.conf}\"
158431Sflz	eval _rootdir=\"\$jail_${_j}_rootdir\"
158431Sflz	eval _hostname=\"\$jail_${_j}_hostname\"
256256Shrs	if [ -z "$_rootdir" -o \
256256Shrs	     -z "$_hostname" ]; then
256256Shrs		if [ -r "$_jconf" ]; then
256256Shrs			_conf="$_jconf"
256256Shrs			return 0
256256Shrs		elif [ -r "$jail_conf" ]; then
256256Shrs			_conf="$jail_conf"
256256Shrs			return 0
256256Shrs		else
256256Shrs			warn "Invalid configuration for $_j " \
256256Shrs			    "(no jail.conf, no hostname, or no path).  " \
256256Shrs			    "Jail $_j was ignored."
256256Shrs		fi
256256Shrs		return 1
256256Shrs	fi
158431Sflz	eval _ip=\"\$jail_${_j}_ip\"
256256Shrs	if [ -z "$_ip" ] && ! check_kern_features vimage; then
256256Shrs		warn "no ipaddress specified and no vimage support.  " \
256256Shrs		    "Jail $_j was ignored."
256256Shrs		return 1
256256Shrs	fi
256256Shrs	_conf=/var/run/jail.${_j}.conf
256256Shrs	#
256256Shrs	# To relieve confusion, show a warning message.
256256Shrs	#
256256Shrs	_confwarn=1
256256Shrs	if [ -r "$jail_conf" -o -r "$_jconf" ]; then
256874Shrs		if ! checkyesno jail_parallel_start; then
256874Shrs			warn "$_conf is created and used for jail $_j."
256874Shrs		fi
256256Shrs	fi
256256Shrs	/usr/bin/install -m 0644 -o root -g wheel /dev/null $_conf || return 1
256256Shrs
256256Shrs	eval : \${jail_${_j}_flags:=${jail_flags}}
158431Sflz	eval _exec=\"\$jail_${_j}_exec\"
256256Shrs	eval _exec_start=\"\$jail_${_j}_exec_start\"
256256Shrs	eval _exec_stop=\"\$jail_${_j}_exec_stop\"
158431Sflz	if [ -n "${_exec}" ]; then
138847Srse		#   simple/backward-compatible execution
158431Sflz		_exec_start="${_exec}"
158431Sflz		_exec_stop=""
138847Srse	else
138847Srse		#   flexible execution
158431Sflz		if [ -z "${_exec_start}" ]; then
158431Sflz			_exec_start="/bin/sh /etc/rc"
158431Sflz			if [ -z "${_exec_stop}" ]; then
158431Sflz				_exec_stop="/bin/sh /etc/rc.shutdown"
138847Srse			fi
138847Srse		fi
138847Srse	fi
256256Shrs	eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\"
239382Skuriyama	eval _parameters=\"\${jail_${_j}_parameters:-${jail_parameters}}\"
256256Shrs	eval _fstab=\"\${jail_${_j}_fstab:-${jail_fstab:-/etc/fstab.$_j}}\"
256256Shrs	(
256256Shrs		date +"# Generated by rc.d/jail at %Y-%m-%d %H:%M:%S"
256256Shrs		echo "$_j {"
256256Shrs		extract_var $_j hostname host.hostname - ""
256256Shrs		extract_var $_j rootdir path - ""
256256Shrs		if [ -n "$_ip" ]; then
256256Shrs			extract_var $_j interface interface - ""
256256Shrs			jail_handle_ips_option $_ip $_interface
256256Shrs			alias=0
256256Shrs			while : ; do
256668Shrs				eval _x=\"\$jail_${_j}_ip_multi${alias}\"
256256Shrs				[ -z "$_x" ] && break
138027Smux
256256Shrs				jail_handle_ips_option $_x $_interface
256256Shrs				alias=$(($alias + 1))
256256Shrs			done
256256Shrs			case $need_dad_wait in
256256Shrs			1)
256256Shrs				# Sleep to let DAD complete before
256256Shrs				# starting services.
256256Shrs				echo "	exec.start += \"sleep " \
256256Shrs				$(($(${SYSCTL_N} net.inet6.ip6.dad_count) + 1)) \
256256Shrs				"\";"
256256Shrs			;;
256256Shrs			esac
256256Shrs			# These are applicable only to non-vimage jails.
256256Shrs			extract_var $_j fib exec.fib - ""
256256Shrs			extract_var $_j socket_unixiproute_only \
256256Shrs			    allow.raw_sockets NY YES
256256Shrs		else
256256Shrs			echo "	vnet;"
256256Shrs			extract_var $_j vnet_interface vnet.interface - ""
191620Sru		fi
191620Sru
256256Shrs		echo "	exec.clean;"
256256Shrs		echo "	exec.system_user = \"root\";"
256256Shrs		echo "	exec.jail_user = \"root\";"
256256Shrs		extract_var $_j exec_prestart exec.prestart 0 ""
256256Shrs		extract_var $_j exec_poststart exec.poststart 0 ""
256256Shrs		extract_var $_j exec_prestop exec.prestop 0 ""
256256Shrs		extract_var $_j exec_poststop exec.poststop 0 ""
191620Sru
256256Shrs		echo "	exec.start += \"$_exec_start\";"
256256Shrs		extract_var $_j exec_afterstart exec.start 1 ""
256256Shrs		echo "	exec.stop = \"$_exec_stop\";"
159072Smatteo
256256Shrs		extract_var $_j consolelog exec.consolelog - \
256256Shrs		    /var/log/jail_${_j}_console.log
159072Smatteo
256256Shrs		eval : \${jail_${_j}_devfs_enable:=${jail_devfs_enable:-NO}}
256256Shrs		if checkyesno jail_${_j}_devfs_enable; then
256256Shrs			echo "	mount.devfs;"
256668Shrs			eval _ruleset=\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}}
256256Shrs			case $_ruleset in
256256Shrs			"")	;;
256256Shrs			[0-9]*) echo "	devfs_ruleset = \"$_ruleset\";" ;;
256256Shrs			devfsrules_jail)
256256Shrs				# XXX: This is the default value,
256256Shrs				# Let jail(8) to use the default because
256256Shrs				# mount(8) only accepts an integer.
256256Shrs				# This should accept a ruleset name.
256256Shrs			;;
256668Shrs			*)	warn "devfs_ruleset must be an integer." ;;
256256Shrs			esac
256256Shrs			if [ -r $_fstab ]; then
256256Shrs				echo "	mount.fstab = \"$_fstab\";"
256256Shrs			fi
191620Sru		fi
191620Sru
256256Shrs		eval : \${jail_${_j}_fdescfs_enable:=${jail_fdescfs_enable:-NO}}
256256Shrs		if checkyesno jail_${_j}_fdescfs_enable; then
256387Shrs			echo "	mount.fdescfs;"
191620Sru		fi
256256Shrs		eval : \${jail_${_j}_procfs_enable:=${jail_procfs_enable:-NO}}
256256Shrs		if checkyesno jail_${_j}_procfs_enable; then
256256Shrs			echo "	mount += " \
256256Shrs			    "\"procfs ${_rootdir%/}/proc procfs rw 0 0\";"
191620Sru		fi
191620Sru
256256Shrs		eval : \${jail_${_j}_mount_enable:=${jail_mount_enable:-NO}}
256256Shrs		if checkyesno jail_${_j}_mount_enable; then
256256Shrs			echo "	allow.mount;" >> $_conf
125376Smtm		fi
113568Smtm
256256Shrs		extract_var $_j set_hostname_allow allow.set_hostname YN NO
256256Shrs		extract_var $_j sysvipc_allow allow.sysvipc YN NO
256668Shrs		for _p in $_parameters; do
256668Shrs			echo "	${_p%\;};"
256668Shrs		done
256256Shrs		echo "}"
256256Shrs	) >> $_conf
165942Ssimon
256256Shrs	return 0
165942Ssimon}
165942Ssimon
256256Shrs# jail_extract_address argument iface
187708Sbz#	The second argument is the string from one of the _ip
187708Sbz#	or the _multi variables. In case of a comma separated list
187708Sbz#	only one argument must be passed in at a time.
187708Sbz#	The function alters the _type, _iface, _addr and _mask variables.
187708Sbz#
187708Sbzjail_extract_address()
187708Sbz{
256256Shrs	local _i _interface
187708Sbz	_i=$1
256256Shrs	_interface=$2
187708Sbz
187708Sbz	if [ -z "${_i}" ]; then
187708Sbz		warn "jail_extract_address: called without input"
187708Sbz		return
187708Sbz	fi
187708Sbz
187708Sbz	# Check if we have an interface prefix given and split into
187708Sbz	# iFace and rest.
187708Sbz	case "${_i}" in
187708Sbz	*\|*)	# ifN|.. prefix there
187708Sbz		_iface=${_i%%|*}
187708Sbz		_r=${_i##*|}
187708Sbz		;;
187708Sbz	*)	_iface=""
187708Sbz		_r=${_i}
187708Sbz		;;
187708Sbz	esac
187708Sbz
187708Sbz	# In case the IP has no interface given, check if we have a global one.
187708Sbz	_iface=${_iface:-${_interface}}
187708Sbz
187708Sbz	# Set address, cut off any prefix/netmask/prefixlen.
187708Sbz	_addr=${_r}
187708Sbz	_addr=${_addr%%[/ ]*}
187708Sbz
187708Sbz	# Theoretically we can return here if interface is not set,
187708Sbz	# as we only care about the _mask if we call ifconfig.
187708Sbz	# This is not done because we may want to santize IP addresses
187708Sbz	# based on _type later, and optionally change the type as well.
187708Sbz
187708Sbz	# Extract the prefix/netmask/prefixlen part by cutting off the address.
187708Sbz	_mask=${_r}
187708Sbz	_mask=`expr "${_mask}" : "${_addr}\(.*\)"`
187708Sbz
187708Sbz	# Identify type {inet,inet6}.
187708Sbz	case "${_addr}" in
187708Sbz	*\.*\.*\.*)	_type="inet" ;;
187708Sbz	*:*)		_type="inet6" ;;
187708Sbz	*)		warn "jail_extract_address: type not identified"
187708Sbz			;;
187708Sbz	esac
187708Sbz
187708Sbz	# Handle the special /netmask instead of /prefix or
187708Sbz	# "netmask xxx" case for legacy IP.
187708Sbz	# We do NOT support shortend class-full netmasks.
187708Sbz	if [ "${_type}" = "inet" ]; then
187708Sbz		case "${_mask}" in
187708Sbz		/*\.*\.*\.*)	_mask=" netmask ${_mask#/}" ;;
187708Sbz		*)		;;
187708Sbz		esac
187708Sbz
187708Sbz		# In case _mask is still not set use /32.
187708Sbz		_mask=${_mask:-/32}
187708Sbz
187708Sbz	elif [ "${_type}" = "inet6" ]; then
256256Shrs		# In case _maske is not set for IPv6, use /64.
256256Shrs		_mask=${_mask:-/64}
187708Sbz	fi
187708Sbz}
187708Sbz
256256Shrs# jail_handle_ips_option input iface
187708Sbz#	Handle a single argument imput which can be a comma separated
187708Sbz#	list of addresses (theoretically with an option interface and
187708Sbz#	prefix/netmask/prefixlen).
187708Sbz#
187708Sbzjail_handle_ips_option()
187708Sbz{
256668Shrs	local _x _type _i _defif
256256Shrs	_x=$1
256668Shrs	_defif=$2
187708Sbz
187708Sbz	if [ -z "${_x}" ]; then
187708Sbz		# No IP given. This can happen for the primary address
187708Sbz		# of each address family.
187708Sbz		return
187708Sbz	fi
187708Sbz
187708Sbz	# Loop, in case we find a comma separated list, we need to handle
187708Sbz	# each argument on its own.
187708Sbz	while [ ${#_x} -gt 0 ]; do
187708Sbz		case "${_x}" in
187708Sbz		*,*)	# Extract the first argument and strip it off the list.
187708Sbz			_i=`expr "${_x}" : '^\([^,]*\)'`
187708Sbz			_x=`expr "${_x}" : "^[^,]*,\(.*\)"`
256256Shrs		;;
187708Sbz		*)	_i=${_x}
187708Sbz			_x=""
256256Shrs		;;
187708Sbz		esac
187708Sbz
187708Sbz		_type=""
187708Sbz		_addr=""
187708Sbz		_mask=""
256668Shrs		_iface=""
256668Shrs		jail_extract_address $_i $_defif
187708Sbz
187708Sbz		# make sure we got an address.
256256Shrs		case $_addr in
187708Sbz		"")	continue ;;
187708Sbz		*)	;;
187708Sbz		esac
187708Sbz
187708Sbz		# Append address to list of addresses for the jail command.
256256Shrs		case $_type in
239382Skuriyama		inet)
256874Shrs			echo "	ip4.addr += \"${_iface:+${_iface}|}${_addr}${_mask}\";"
256256Shrs		;;
239382Skuriyama		inet6)
256874Shrs			echo "	ip6.addr += \"${_iface:+${_iface}|}${_addr}${_mask}\";"
256256Shrs			need_dad_wait=1
256256Shrs		;;
187708Sbz		esac
187708Sbz	done
187708Sbz}
187708Sbz
256256Shrsjail_config()
187708Sbz{
256668Shrs	local _j
256668Shrs
256256Shrs	case $1 in
256256Shrs	_ALL)	return ;;
187708Sbz	esac
256668Shrs	for _j in $@; do
256668Shrs		_j=$(echo $_j | tr /. _)
256668Shrs		if parse_options $_j; then
256668Shrs			echo "$_j: parameters are in $_conf."
256256Shrs		fi
256256Shrs	done
256256Shrs}
187708Sbz
256256Shrsjail_console()
256256Shrs{
256668Shrs	local _j _cmd
256668Shrs
256256Shrs	# One argument that is not _ALL.
256256Shrs	case $#:$1 in
256668Shrs	0:*|1:_ALL)	err 3 "Specify a jail name." ;;
256668Shrs	1:*)		;;
245525Sbz	esac
256668Shrs	_j=$(echo $1 | tr /. _)
256668Shrs	shift
256668Shrs	case $# in
256668Shrs	0)	eval _cmd=\${jail_${_j}_consolecmd:-$jail_consolecmd} ;;
256668Shrs	*)	_cmd=$@ ;;
256668Shrs	esac
256668Shrs	$jail_jexec $_j $_cmd
187708Sbz}
187708Sbz
256256Shrsjail_status()
204818Sdougb{
256256Shrs
256256Shrs	$jail_jls -N
204818Sdougb}
204818Sdougb
125376Smtmjail_start()
125376Smtm{
256874Shrs	local _j _jid _jn _jl
256668Shrs
256256Shrs	if [ $# = 0 ]; then
256256Shrs		return
256256Shrs	fi
256256Shrs	echo -n 'Starting jails:'
256256Shrs	case $1 in
256256Shrs	_ALL)
256256Shrs		command=$jail_program
256256Shrs		rc_flags=$jail_flags
256256Shrs		command_args="-f $jail_conf -c"
256874Shrs		_tmp=`mktemp -t jail` || exit 3
256874Shrs		if $command $rc_flags $command_args >> $_tmp 2>&1; then
256874Shrs			$jail_jls -nq | while read IN; do
256874Shrs				_jn=$(echo $IN | tr " " "\n" | grep ^name=)
256874Shrs				_jid=$(echo $IN | tr " " "\n" | grep ^jid=)
256668Shrs				echo -n " ${_jn#name=}"
256668Shrs				echo "${_jid#jid=}" \
256668Shrs				    > /var/run/jail_${_jn#name=}.id
256874Shrs			done
256874Shrs		else
256874Shrs			tail -1 $_tmp
256874Shrs		fi
256874Shrs		rm -f $_tmp
256256Shrs		echo '.'
256256Shrs		return
256256Shrs	;;
256256Shrs	esac
256874Shrs	if checkyesno jail_parallel_start; then
256874Shrs		#
256874Shrs		# Start jails in parallel and then check jail id when
256874Shrs		# jail_parallel_start is YES.
256874Shrs		#
256874Shrs		_jl=
256874Shrs		for _j in $@; do
256874Shrs			_j=$(echo $_j | tr /. _)
256874Shrs			parse_options $_j || continue
113568Smtm
256874Shrs			_jl="$_jl $_j"
256874Shrs			eval rc_flags=\${jail_${_j}_flags:-$jail_flags}
256874Shrs			eval command=\${jail_${_j}_program:-$jail_program}
256668Shrs			command_args="-i -f $_conf -c $_j"
256874Shrs			$command $rc_flags $command_args \
256874Shrs			    >/dev/null 2>&1 </dev/null &
256874Shrs		done
256874Shrs		sleep 1
256874Shrs		for _j in $_jl; do
256668Shrs			echo -n " ${_hostname:-${_j}}"
256874Shrs			if _jid=$($jail_jls -n -j $_j | tr " " "\n" | \
256874Shrs			    grep ^jid=); then
256874Shrs				echo "${_jid#jid=}" > /var/run/jail_${_j}.id
256874Shrs			else
256874Shrs				rm -f /var/run/jail_${_j}.id
256874Shrs				echo " cannot start jail " \
256874Shrs				    "\"${_hostname:-${_j}}\": "
256874Shrs			fi
256874Shrs		done
256874Shrs	else
256874Shrs		#
256874Shrs		# Start jails one-by-one when jail_parallel_start is NO.
256874Shrs		#
256874Shrs		for _j in $@; do
256874Shrs			_j=$(echo $_j | tr /. _)
256874Shrs			parse_options $_j || continue
256874Shrs
256874Shrs			eval rc_flags=\${jail_${_j}_flags:-$jail_flags}
256874Shrs			eval command=\${jail_${_j}_program:-$jail_program}
256874Shrs			command_args="-i -f $_conf -c $_j"
256874Shrs			_tmp=`mktemp -t jail` || exit 3
256874Shrs			if $command $rc_flags $command_args \
256874Shrs			    >> $_tmp 2>&1 </dev/null; then
256874Shrs				echo -n " ${_hostname:-${_j}}"
256874Shrs				_jid=$($jail_jls -n -j $_j | \
256874Shrs				    tr " " "\n" | grep ^jid=)
256874Shrs				echo "${_jid#jid=}" > /var/run/jail_${_j}.id
256874Shrs			else
256874Shrs				rm -f /var/run/jail_${_j}.id
256874Shrs				echo " cannot start jail " \
256874Shrs				    "\"${_hostname:-${_j}}\": "
256874Shrs				cat $_tmp
256874Shrs			fi
256874Shrs			rm -f $_tmp
256874Shrs		done
256874Shrs	fi
119397Smtm	echo '.'
113568Smtm}
113568Smtm
113568Smtmjail_stop()
113568Smtm{
256668Shrs	local _j _jn
256668Shrs
256256Shrs	if [ $# = 0 ]; then
256256Shrs		return
256256Shrs	fi
125391Smtm	echo -n 'Stopping jails:'
256256Shrs	case $1 in
256256Shrs	_ALL)
256256Shrs		command=$jail_program
256256Shrs		rc_flags=$jail_flags
256256Shrs		command_args="-f $jail_conf -r"
256668Shrs		$jail_jls -nq | while read IN; do
256874Shrs			_jn=$(echo $IN | tr " " "\n" | grep ^name=)
256668Shrs			echo -n " ${_jn#name=}"
256874Shrs			_tmp=`mktemp -t jail` || exit 3
256874Shrs			$command $rc_flags $command_args ${_jn#name=} \
256874Shrs			    >> $_tmp 2>&1
256874Shrs			if $jail_jls -j ${_jn#name=} > /dev/null 2>&1; then
256874Shrs				tail -1 $_tmp
256874Shrs			else
256668Shrs				rm -f /var/run/jail_${_jn#name=}.id
256668Shrs			fi
256874Shrs			rm -f $_tmp
256668Shrs		done
256256Shrs		echo '.'
256256Shrs		return
256256Shrs	;;
256256Shrs	esac
256668Shrs	for _j in $@; do
256668Shrs		_j=$(echo $_j | tr /. _)
256668Shrs		parse_options $_j || continue
256668Shrs		if ! $jail_jls -j $_j > /dev/null 2>&1; then
256668Shrs			continue
256668Shrs		fi
256256Shrs		eval command=\${jail_${_j}_program:-$jail_program}
256668Shrs		echo -n " ${_hostname:-${_j}}"
256874Shrs		_tmp=`mktemp -t jail` || exit 3
256874Shrs		$command -q -f $_conf -r $_j >> $_tmp 2>&1
256874Shrs		if $jail_jls -j $_j > /dev/null 2>&1; then
256874Shrs			tail -1 $_tmp
256874Shrs		else
256668Shrs			rm -f /var/run/jail_${_j}.id
125323Smtm		fi
256874Shrs		rm -f $_tmp
125323Smtm	done
125391Smtm	echo '.'
113568Smtm}
113568Smtm
256256Shrsjail_warn()
256256Shrs{
256256Shrs
256256Shrs	# To relieve confusion, show a warning message.
256256Shrs	case $_confwarn in
256256Shrs	1)	warn "Per-jail configuration via jail_* variables " \
256256Shrs		    "is obsolete.  Please consider to migrate to $jail_conf."
256256Shrs	;;
256256Shrs	esac
256256Shrs}
256256Shrs
125391Smtmload_rc_config $name
256256Shrscase $# in
256256Shrs1)	run_rc_command $@ ${jail_list:-_ALL} ;;
256256Shrs*)	run_rc_command $@ ;;
256256Shrsesac