From owner-freebsd-virtualization@FreeBSD.ORG Mon Jul 14 23:46:23 2008 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 66F1A106566C for ; Mon, 14 Jul 2008 23:46:23 +0000 (UTC) (envelope-from jamie@gritton.org) Received: from gritton.org (gritton.org [161.58.222.4]) by mx1.freebsd.org (Postfix) with ESMTP id 20DC48FC21 for ; Mon, 14 Jul 2008 23:46:22 +0000 (UTC) (envelope-from jamie@gritton.org) Received: from guppy.corp.verio.net (fw.oremut02.us.wh.verio.net [198.65.168.24]) (authenticated bits=0) by gritton.org (8.13.6.20060614/8.13.6) with ESMTP id m6ENkL87025338 for ; Mon, 14 Jul 2008 17:46:22 -0600 (MDT) Message-ID: <487BE548.3050500@gritton.org> Date: Mon, 14 Jul 2008 17:46:16 -0600 From: James Gritton User-Agent: Thunderbird 2.0.0.9 (X11/20080228) MIME-Version: 1.0 To: freebsd-virtualization@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV version 0.93, clamav-milter version 0.93 on gritton.org X-Virus-Status: Clean Subject: jail_set_vimage - Vimage under new jails X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jul 2008 23:46:23 -0000 I've finished the merge of jail_set and Vimage. This uses the name-based jails instead of the jail-similar vimage frameworks, with Vimage's VNET stuff being enabled in a jail with the "vnet" parameter (in this scenario, it's optional whether a jail has its own network stack or just inherits its parent's). Once such a jail is set up, it behaves in the same way as a vimage does, as far as the network stack separation goes. The only difference is in administration, which uses the jail framework. In addition to the main changes of moving vnet from struct vimage to a prison service, some related changes are: * Future-compat hooks for the vprocg and vcpu stuff has been removed - when such stuff is added, it would belong under the jail umbrella. This means that the three subsystems V_NET, V_PROCG, and V_CPU are reduced to one subsystem V_VNET, which actually amounts to no subsystems at all anymore. * The IMUNES_SYMLINK_HACK has gone away, though I suppose it could come back. * The V_hostname (and G_hostname and *_domainname) stuff has been removed, in favor of the way jail_set handles virtual hostnames. * The jail_set userspace changes to jail programs have been added. * The vimage program has been superseded by the vifmove program. It uses a struct vifmovereq, which replaces the obsolete struct vi_req. * Some other bits I mentioned (simpler sysctls and a locking fix) have found their way in. Probably also some other bits I haven't mentioned. The VNET modularization is still that way it was. While vnet has become a prison service, essentially a jail module, the network modules that plug in to vnet know nothing of the jail situation, and remain VNET modules. The vnet pointers still live in interfaces, sockets, threads, wherever they used to be. The places that had vimage pointers now have prison pointers, but there weren't very many of those. This is in the perforce tree //depot/user/jamie/jail_set_vimage, and a patch is at http://gritton.org/jail_set_vimage.diff. This is my vision of the future direction of Vimage, and of course I hope it becomes "the" vision. In other words: Marko and Julian, give it a try and let me know what you think. - Jamie