From owner-freebsd-jail@FreeBSD.ORG Thu May 14 17:44:24 2009 Return-Path: Delivered-To: jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7A8EA106564A; Thu, 14 May 2009 17:44:24 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from gritton.org (gritton.org [161.58.222.4]) by mx1.freebsd.org (Postfix) with ESMTP id 3EB638FC19; Thu, 14 May 2009 17:44:23 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from guppy.corp.verio.net (fw.oremut02.us.wh.verio.net [198.65.168.24]) (authenticated bits=0) by gritton.org (8.13.6.20060614/8.13.6) with ESMTP id n4EHiMBb042281; Thu, 14 May 2009 11:44:22 -0600 (MDT) Message-ID: <4A0C5871.1080407@FreeBSD.org> Date: Thu, 14 May 2009 11:44:17 -0600 From: Jamie Gritton User-Agent: Thunderbird 2.0.0.19 (X11/20090109) MIME-Version: 1.0 To: Julian Elischer References: <4A051DE3.30705@FreeBSD.org> <4A0C5112.9010103@FreeBSD.org> <4A0C55CF.70706@elischer.org> In-Reply-To: <4A0C55CF.70706@elischer.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.94.2/9358/Thu May 14 08:48:24 2009 on gritton.org X-Virus-Status: Clean Cc: virtualization@FreeBSD.org, jail@FreeBSD.org, FreeBSD Current Subject: Re: Hierarchical jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 May 2009 17:44:25 -0000 Julian Elischer wrote: > Jamie Gritton wrote: >>> prison0 contains three fields that were system globals: pr_root, >>> pr_host, and pr_securelevel. I've kept the globals rootvnode and >>> hostname, and take care that when one is changed the other changes too >>> (not yet true for hostname - read on). But I've actually removed the >>> global securelevel, instead forcing people to use securelevel_gt() and >>> securelevel_ge() (or in very rare cases to check prison0.pr_securelevel >>> directly). I chose to do that because while using the global rootvnode >>> and hostname may be incorrect, using the wrong securelevel is, well, >>> insecure. Actually it would be insecure to use the wrong rootvnode too, >>> but I'm not convinced removing that global is worth the headache. > > not sure why you want to keep hostname a true global > It seems to me that it is an eminently virtalizable property. > though possible a special hostname might exist for the base system > for error messages etc. > kind of like V_hostname an G_hostname :) It was mostly for the number of times I saw that global being used - didn't want to upset the order of things too much. I didn't see nearly as much use of securelevel with the advent of securelevel_ge() and securelevel_gt(). But I suppose the G/V_hostname thing has already gotten that ball rolling. There is at least one place that uses the global securelevel directly (i.e. prison0.securelevel). The same could be done for hostnames, which does a pretty good job of pointing out that this is the global hostname being used. Because you're right - the hostname is at the center of of what it means to have a jail identity. Then there's rootvnode, the third global that's superseded by hierarchical jails. I could also remove that, allowing the use of prison0.pr_root for those who need the real root.