Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

When VNET devices ready is after start jail by iocage ?

Not open for further replies.


Junior Member
Nov 9, 2016
I want do isolate jail from jail by bridge private feature.

I try set script as poststart option to jail:
iocage set exec_poststart=/root/test/ foo

ifconfig bridge0 | grep member: |grep -v PRIVATE | awk '{ print $2 }' | grep 'vnet' | xargs ifconfig bridge0 private
echo `ifconfig bridge0` >> /root/test/list.txt

This script search all bridge0 members with name 'vnet', and mark it as PRIVATE member of bridge0.

But debug log file (/root/test/list.txt) not have any members of vnet interfaces still. Will say that script start too early.

Later after iocage start foo finished this vnet interfaces present on bridge0.

How automate it process of bridge0 isolation when auto boot enabled for jail?
And in future may be interest will set to GUI jail isolation options ?

detected that exec_poststart start after iocage start foo message * Starting foo and wait finishing exec_poststart cmd with exit 0, then have message + Started OK.

I modified script for run in background other subscript that wait vnet interfaces, but iocage wait until finished subscript too and result of all task NEGATIVE.
nohup sh -x /root/test/ &

while [ "${maxloop}" -ne "0" ]
maxloop=`expr $maxloop - 1`
if [ ! -z "`/sbin/ifconfig ${BRIDGE} | /usr/bin/grep 'member: vnet' | /usr/bin/grep -v PRIVATE`" ]; then
/sbin/ifconfig ${BRIDGE} | /usr/bin/grep member: |/usr/bin/grep -v PRIVATE | awk '{ print $2 }' | /usr/bin/grep 'vnet' | xargs -I % ifconfig ${BRIDGE} private %
echo `/sbin/ifconfig bridge0` >> /root/test/list.txt
sleep 1
echo "Loop id:" ${maxloop} | wall

My method work only if script run before start jail iocage start foo.
iocage start foo

But in this case it not started automatically if system reboot.

Next not clear solution but work: run via at scheduler in next minute after start jail
iocage set exec_poststart='at -f /root/test/ now + 1 minute' foo
but next minute it approx. time since crontab run every /5 minutes atrun cmd
*/5 * * * * root /usr/libexec/atrun > /dev/null 2>&1
It solution work after reboot automatically, with delayed protection jails up to 5 mins after it start.
Last edited:
Not open for further replies.