From owner-freebsd-jail@FreeBSD.ORG Thu Jan 17 13:08:08 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 175C716A420 for ; Thu, 17 Jan 2008 13:08:08 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from redbull.bpaserver.net (redbullneu.bpaserver.net [213.198.78.217]) by mx1.freebsd.org (Postfix) with ESMTP id AD8F613C43E for ; Thu, 17 Jan 2008 13:08:07 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from outgoing.leidinger.net (p54A5437D.dip.t-dialin.net [84.165.67.125]) by redbull.bpaserver.net (Postfix) with ESMTP id 703D92E0BC; Thu, 17 Jan 2008 14:07:54 +0100 (CET) Received: from webmail.leidinger.net (webmail.Leidinger.net [192.168.1.102]) by outgoing.leidinger.net (Postfix) with ESMTP id DBF618A79C; Thu, 17 Jan 2008 14:06:20 +0100 (CET) Received: (from www@localhost) by webmail.leidinger.net (8.14.2/8.13.8/Submit) id m0HD6Kos079209; Thu, 17 Jan 2008 14:06:20 +0100 (CET) (envelope-from Alexander@Leidinger.net) Received: from pslux.cec.eu.int (pslux.cec.eu.int [158.169.9.14]) by webmail.leidinger.net (Horde MIME library) with HTTP; Thu, 17 Jan 2008 14:06:20 +0100 Message-ID: <20080117140620.d8rgqla11cocswow@webmail.leidinger.net> X-Priority: 3 (Normal) Date: Thu, 17 Jan 2008 14:06:20 +0100 From: Alexander Leidinger To: =?utf-8?b?QW5kcsOp?= Olsson References: <560C0DF65A89F34DB1782E1B8890DDA656F5@ssp> In-Reply-To: <560C0DF65A89F34DB1782E1B8890DDA656F5@ssp> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Internet Messaging Program (IMP) H3 (4.1.5) / FreeBSD-8.0 X-BPAnet-MailScanner-Information: Please contact the ISP for more information X-BPAnet-MailScanner: Found to be clean X-BPAnet-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-14, required 6, BAYES_00 -15.00, J_CHICKENPOX_46 0.60, MIME_8BIT_HEADER 0.30, RDNS_DYNAMIC 0.10) X-BPAnet-MailScanner-From: alexander@leidinger.net X-Spam-Status: No Cc: freebsd-jail@freebsd.org Subject: Re: Citrix client within jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jan 2008 13:08:08 -0000 Quoting Andr=C3=A9 Olsson (from Thu, 17 Jan = =20 2008 11:30:00 +0100): > Hi > > we are trying to set up a client with FreeBSD 6.2-RELEASE as the =20 > host OS and with two jails configured on it. > Each jail is going to run a Citrix-client against two different =20 > separated Citrix-systems. > > Since the user is going to work locally on the client we need it to =20 > be possible to run both the X-server and the > X-application (citrix client) from within the same jail. You need kernel patches to be able to run an X-server in a jail. The =20 trick is to allow access to /dev/mem (or some similar sensible device, =20 can't remember from the top of my head) even from a jail. Then you =20 need to add /dev/mem and some other devices to the jail (I use a =20 custom ruleset for devfs). I only have patches for 7.x or -current =20 (not online). > Our goal is to connect one jail1 to one Display and the jail2 to =20 > another Display and for the User to > to jump inbetween the citrix-sessions ( Ctrl-Alt- F3...Ctrl-Alt-F4). Because of the access to the /dev/mem, root of one jail can take over =20 the entire machine. Below I will propose something different. I don't know if it is possible to switch via Fx to different servers =20 (I never tried this). You can have two graphic cards (or one with two =20 outputs) in the machine and connect two screens (and optionally two =20 keyboards/mice) to it, and have them displayed at the same time. > * syntax to start xterm within jail > > ssh -f -X -T 192.168.0.155 xterm & > > " output from above syntax > xterm Xt error: Cant open display: %s > xterm: DISPLAY is not set If you want to have the xterm displayed on the system where you ssh =20 from, you need to check some things. Maybe the path to xauth is not =20 set correctly in sshd (the path changed with a recent ports tree). > We've never runned any X-applications within a jail before, only =20 > bind,apache,mysql and such, but I hope > I've made my question understandable anyway:) > Maybe we are barkin up the wrong tree and there is an easier way to =20 > connect 2 jails to 2 different > local displays? There are several. The following ones don't open up a side-channel =20 between jails which have /dev/mem accessible. You start the X-server(s) on the host (not in a jail), and in the =20 startup you connect to the jails via a passwordless ssh-key and let =20 the applications from the two jails display their stuff on the =20 X-server of the host. You start a vnc server in each jail and let the user connect to the =20 vnc server either from the host with one X server running on it =20 (alternatively you can connect to the vnc server from other machines). Bye, Alexander. --=20 The value of a program is proportional to the weight of its output. http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID =3D B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID =3D 72077137