Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 23 Apr 2001 14:29:22 -0400 (EDT)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        freebsd-arch@FreeBSD.org
Subject:   jailNG
Message-ID:  <Pine.NEB.3.96L.1010423141823.91472L-100000@fledge.watson.org>
next in thread | raw e-mail | index | archive | help 

This weekend I was spending some time tweaking the jail(8) code to improve
it's SMPng-happiness as well as manageability.  Unfortunately, I ended up
rewriting it in the process :-).  I changed the model somewhat so that
jails are now persistently configred, joined, et al, and broke out the
chroot() from the creation/joining process, as with increased namespaces
(such as System V IPC) creating a nice clean failure was increasingly
difficult.  Aspects of individual jails may now be managed using sysctl's,
which appears to work reasonably well.  Clearly there's a lot of work left
to do, but I'd appreciate comments if people are interested:

  http://www.watson.org/~robert/jailng/

Simple example:

dev# ./jailctl 
usage:
  jailctl create [jailname]
  jailctl destroy [jailname]
  jailctl join [jailname] [-c chrootpath] [path] [cmd] [args...]
dev# ./jailctl create test
dev# sysctl -a | grep jail
jail.instance.test.sysvipc_permitted: 0
jail.instance.test.set_hostname_permitted: 1
jail.instance.test.socket_ipv4_permitted: 1
jail.instance.test.socket_unix_permitted: 1
jail.instance.test.socket_route_permitted: 1
jail.instance.test.socket_other_permitted: 0
jail.instance.test.ipv4addr: 0
dev# ./jailctl join test -c /tmp /bin/sh
# ps ax
  PID  TT  STAT      TIME COMMAND
  907  d0  DWJ    0:00.02 /bin/sh
  908  d0  RW+J   0:00.00 ps ax
# exit
dev# ./jailctl destroy test
dev# 

I also have a jailinit(8) in the works which would allow improved
startup/shutdown in the style of init(8) (sans the whole sigchild thing).
Another feature I'd like to add is a jail signal call that allows a signal
to be delivered to all processes inside a jail from outside, allowing an
easier forceable shutdown.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010423141823.91472L-100000>