From owner-freebsd-current@FreeBSD.ORG Fri Jun 6 07:42:12 2008 Return-Path: Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0836F1065672 for ; Fri, 6 Jun 2008 07:42:12 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (unknown [IPv6:2a01:170:102f::2]) by mx1.freebsd.org (Postfix) with ESMTP id 6B0038FC1C for ; Fri, 6 Jun 2008 07:42:11 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (localhost [127.0.0.1]) by lurza.secnetix.de (8.14.1/8.14.1) with ESMTP id m567g8fc087609; Fri, 6 Jun 2008 09:42:09 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.14.1/8.14.1/Submit) id m567g8hn087608; Fri, 6 Jun 2008 09:42:08 +0200 (CEST) (envelope-from olli) Date: Fri, 6 Jun 2008 09:42:08 +0200 (CEST) Message-Id: <200806060742.m567g8hn087608@lurza.secnetix.de> From: Oliver Fromme To: freebsd-current@FreeBSD.ORG, mike@reifenberger.com In-Reply-To: <20080606054243.GA87241@gw.reifenberger.com> X-Newsgroups: list.freebsd-current User-Agent: tin/1.8.3-20070201 ("Scotasay") (UNIX) (FreeBSD/6.2-STABLE-20070808 (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Fri, 06 Jun 2008 09:42:09 +0200 (CEST) Cc: Subject: Re: active/inactive jails X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-current@FreeBSD.ORG, mike@reifenberger.com List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2008 07:42:12 -0000 Michael Reifenberger wrote: > is the assumtion correct that an active jail has at least on process > associatet with it I'm not sure if there's an official definition of the term active jail. I think Robert Watson once introduced the designation of "live" and "dead" jails, where a live jail would have at least one process attached. Jails can continue to exist even with no processes attached, because other resources of the jail might still be active, such as network sockets. > and that there can be only one active jail > (with the same hostname/ip-number) per system at the same time? No. Neither hostname nor IP numbers nor chroot path need to be unique. You can easily test this yourself by opening two terminals and typing the same command in both of them: # jail / myname 127.0.0.1 /bin/sh Then type "jls" in another window, and you'll see that there are two different jails with the same properties. The only unique identifier is the jail ID. (Although it is not a bad idea for an admin to make sure that at least the hostnames of "live" jails are unique, because this makes managing jails easier.) > Is there an convinient way to get the processes associatet with > an jail. ps(1) can display the jail numbers: "ps -o jid,command" (JID 0 means the host system). You can easily filter the output by jail ID. If you don't know the jail ID, use jls(8) to find the jail by hostname, IP number or chroot path (which only works if you keep them unique, of course). I once wrote a script called "jps" that makes it a little easier. "jps" lists all jailed processes with their JID, and "jps " lists only the processes that belong to the specified JID. http://www.secnetix.de/olli/scripts/jps Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "We, the unwilling, led by the unknowing, are doing the impossible for the ungrateful. We have done so much, for so long, with so little, we are now qualified to do anything with nothing."         -- Mother Teresa