From owner-freebsd-jail@FreeBSD.ORG Tue Jun 29 10:12:36 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 75B641065674; Tue, 29 Jun 2010 10:12:36 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from mail.ebusiness-leidinger.de (mail.ebusiness-leidinger.de [217.11.53.44]) by mx1.freebsd.org (Postfix) with ESMTP id 02E888FC0C; Tue, 29 Jun 2010 10:12:35 +0000 (UTC) Received: from outgoing.leidinger.net (pD9E2FC20.dip.t-dialin.net [217.226.252.32]) by mail.ebusiness-leidinger.de (Postfix) with ESMTPSA id 926F184405D; Tue, 29 Jun 2010 12:12:30 +0200 (CEST) Received: from webmail.leidinger.net (webmail.leidinger.net [192.168.1.102]) by outgoing.leidinger.net (Postfix) with ESMTP id 69E8A5A13; Tue, 29 Jun 2010 12:12:27 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=Leidinger.net; s=outgoing-alex; t=1277806347; bh=lUPjtGdnovCkvniYOppz4qkwlWrIBr5+9NuG6UZksok=; h=Message-ID:Date:From:To:Cc:Subject:References:In-Reply-To: MIME-Version:Content-Type:Content-Transfer-Encoding; b=2SaLDeB5Al5JI4fLJ1lrIKRNtfwJLfKY5f26vKWGQDKl30a9jB4n9NN5C3ChdlA38 LeEUtQMt/mdWKuay657IV6hJ5hEBM3js9cHGBnN7aJKMt78M8jTaCwmpQ4s9lWy0kW 4KyGuxF2Q0fAYr3UITAU4YjtP6Z5p0BcSoDRw27GkxsSUPavnGlESEoYASB0CqoBKk eK5xVsxDD/r3d37pbnJ6guN9L6Oh66Q4d3OKYm+KVUz5DqzjCpcAgdEqiOPHWnFErs Tklck9dW35q+U4pbtBUkyuCbXjAfQq+Um/eOVpJKl+8Oqmf5flMyT0BLtWgUtt0sjJ j05z2HbpXD83g== Received: (from www@localhost) by webmail.leidinger.net (8.14.4/8.13.8/Submit) id o5TACRew061800; Tue, 29 Jun 2010 12:12:27 +0200 (CEST) (envelope-from Alexander@Leidinger.net) Received: from pslux.ec.europa.eu (pslux.ec.europa.eu [158.169.9.14]) by webmail.leidinger.net (Horde Framework) with HTTP; Tue, 29 Jun 2010 12:12:26 +0200 Message-ID: <20100629121226.17056remx4tvmhs0@webmail.leidinger.net> Date: Tue, 29 Jun 2010 12:12:26 +0200 From: Alexander Leidinger To: "James O'Gorman" References: <4C22650C.40309@FreeBSD.org> <20100624144312.00003d9f@unknown> <4C238832.2050803@FreeBSD.org> <20100628162426.21226ds0q116ljks@webmail.leidinger.net> <4C28C1DD.2020001@FreeBSD.org> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Dynamic Internet Messaging Program (DIMP) H3 (1.1.4) X-EBL-MailScanner-Information: Please contact the ISP for more information X-EBL-MailScanner-ID: 926F184405D.A6D44 X-EBL-MailScanner: Found to be clean X-EBL-MailScanner-SpamCheck: not spam, spamhaus-ZEN, SpamAssassin (not cached, score=-0.5, required 6, autolearn=disabled, ALL_TRUSTED -1.00, DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, J_CHICKENPOX_46 0.60) X-EBL-MailScanner-From: alexander@leidinger.net X-EBL-MailScanner-Watermark: 1278411153.23442@V1977K+euTFVQVOqxRjeWA X-EBL-Spam-Status: No Cc: freebsd-jail@FreeBSD.org, Jamie Gritton Subject: Re: Thoughts on jail.config X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jun 2010 10:12:36 -0000 Quoting James O'Gorman (from Mon, 28 Jun 2010 23:40:21 +0100): > On 28 Jun 2010, at 16:38, Jamie Gritton wrote: > >> On 06/28/10 08:41, Rodrigo Mosconi wrote: >> >>> An idea: if it works like a "jaild"? A daemon management the start-up, >>> shutdown, console redirection? All the admins task could be done by a >>> "jailctl"? >> >> I don't know what work a daemon would have to do. I only see it running >> tasks on startup, and then waiting until something tells it on shutdown >> to wake up and stop the jails. That "something" would have to be that >> jailctl you mention. If there's a jail program running anyway, might as >> well keep all functionality in that one program. > > Perhaps it's worth looking at Solaris Zones here, as that runs a > daemon in both the global zone and each container. I can't recall > exactly what it does off-hand as I don't have a Solaris box to hand > but it's probably similar to what you're talking about. I'm pretty > sure zoneadm talks to zoneadmd to start/stop/configure each zone in > the kernel. Yes, but it also takes care about the zone console device (http://docs.sun.com/app/docs/doc/817-1592/z.inst.ov-12?l=en&a=view). This (and maybe some resource control stuff) is the only thing I see which may make sense to be handled by a daemon, everything else could be handled by zoneadm directly. I also see a security benefit of the daemon if you give the right to manage zones to an user/role != root. Both is not available in FreeBSD. There is also the zsched running per zone. This process is explained at http://docs.sun.com/app/docs/doc/817-1592/z.inst.ov-13?a=view Bye, Alexander. -- Never have so many understood so little about so much. -- James Burke http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137