From owner-freebsd-arch@FreeBSD.ORG Fri Jul 14 10:03:07 2006 Return-Path: X-Original-To: freebsd-arch@freebsd.org Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5766A16A4E0; Fri, 14 Jul 2006 10:03:07 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from smtp3-g19.free.fr (smtp3-g19.free.fr [212.27.42.29]) by mx1.FreeBSD.org (Postfix) with ESMTP id B2F4843D45; Fri, 14 Jul 2006 10:03:06 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (tataz.chchile.org [82.233.239.98]) by smtp3-g19.free.fr (Postfix) with ESMTP id AB4F5496F1; Fri, 14 Jul 2006 12:03:04 +0200 (CEST) Received: from obiwan.tataz.chchile.org (unknown [192.168.1.25]) by tatooine.tataz.chchile.org (Postfix) with ESMTP id 8DE889BF57; Fri, 14 Jul 2006 10:03:33 +0000 (UTC) Received: by obiwan.tataz.chchile.org (Postfix, from userid 1000) id 5A0E8405A; Fri, 14 Jul 2006 12:03:33 +0200 (CEST) Date: Fri, 14 Jul 2006 12:03:33 +0200 From: Jeremie Le Hen To: Robert Watson Message-ID: <20060714100333.GE3466@obiwan.tataz.chchile.org> References: <1149610678.4074.42.camel@berloga.shadowland> <448633F2.7030902@elischer.org> <20060607095824.W53690@fledge.watson.org> <200606070819.04301.jhb@freebsd.org> <20060607160850.GB18940@odin.ac.hmc.edu> <20060608123125.W26068@fledge.watson.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060608123125.W26068@fledge.watson.org> User-Agent: Mutt/1.5.11 Cc: Alex Lyashkov , Julian Elischer , freebsd-arch@freebsd.org Subject: Re: [fbsd] Re: jail extensions X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jul 2006 10:03:07 -0000 Hi, On Thu, Jun 08, 2006 at 12:32:42PM +0100, Robert Watson wrote: > On Wed, 7 Jun 2006, Brooks Davis wrote: > > >It's not clear to me that we want to use the same containers to control > >all resouces since you might want a set of jails sharing IPC resources or > >being allocated a slice of processor time to divide amongst them selves if > >we had a hierarchical scheduler. That said, using a single prison > >structure could do this if we allowed the administrator to specifiy a > >hierarchy of prisons and not necessicairly enclose all resources in all > >prisons. > > When looking at improved virtualization support for things like System V > IPC, my opinion has generally been that we introduce virtualization as a > primitive, and then have jail use the primitive much in the same way it > does chroot. This leaves flexibility to use it without jail, etc, but means > we have a well-understood and well-defined interaction with jail. IMHO, it is worth having virtualization primitives wherever it is required and make jails use them. This can be the case for the System V IPC as well as for the network stack (think of Marko's work). My point is that the usability of virtual network stacks remains interesting outside the jail framework and should be able to be managed from its own userland tool (though the latter should probably not be able to destroy a virtual network stack associated with a jail). However I don't think that IPC are worth virtualizing outside a jail framework. My two cents. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >