Date: Fri, 05 Sep 2008 10:00:42 -0600 From: James Gritton <jamie@gritton.org> To: FreeBSD virtualization mailing list <freebsd-virtualization@freebsd.org> Subject: The kinds of things jails could virtualize Message-ID: <48C157AA.7080702@gritton.org>
next in thread | raw e-mail | index | archive | help
The ability to turn on and off the virtualization of different parts
of jails goes along with a hierarchical naming of jail parameters (not
to be confused with jails themselves being hierarchical).
In my current jail_set perforce branch, this is done for the hostname
and related properties. There are a group of parameters under the
"host" heading that customize a jail's identity to user space:
host.hostname
host.domainname
host.hostid
host.hostuuid
A jail may be set to not use any of these by setting the boolean
parameter "host" to false; in that case, the hostname and such are
taken from the parent jail (or from the system in the non-hierarchical
case). Setting it to true, or setting any one of the individual
parameters, causes all the related parameters to be virtualized with
initial values taken from the parent.
The jail IP address and chrooted path can also be turned off, though
neither is part of a formal group like the "host" stuff. IP probably
should be, as turning off IP address virtualization is better left
separate from specifying which addresses to restrict to. Thus perhaps
an "ip" group with "ip.ip4" and "ip.ip6" parameters.
The vnet stuff from vimage can also be turned off with the boolean
"vnet" parameter, though there's not much other interface with the
jail system other than whether it's on or off (there are a couple of
read-only stat values). This would be typical of how new modules or
subsystems are handled. SYSV IPC should follow a similar route.
Something else worth controlling that's currently always on for jails
is process hiding. It might just be a single "proc" boolean, though
there may be other "proc.*" parameters that could be added later, such
as future plans I have for a virtual init process.
So what categories should we have for jail virtualization control?
The ones I can think of are:
cpu: for cpuset and other per-jail scheduling, virtual load averages,
stuff of that sort.
host: the hostname and related stuff above. There's also currently a
sysctl "security.jail.set_hostname_allowed" that would fit better
here, perhaps a boolean "host.allowed".
ip: whether IP addresses are restricted or otherwise virtualized. I
have no idea what "otherwise virtualized" means, but if someone
comes up with anything (besides vnet which is its own beast) it
may belong here.
proc: whether jails can see or act on other jails' processes. There's
some overlap with users as well, as that's the non-jail way of
deciding process permissions.
sysvipc: each jail should optionally have its own SYSV namespace.
There's also the same permission issue of "host". Similar to
this are a few non-SYSV IPC things like POSIX semaphores -
should they have their own category, or perhaps should this
be a wider "ipc" category?
vnet: whether a jail is also a new vimage node, just for the VIMAGE
option.
- Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48C157AA.7080702>