From owner-freebsd-virtualization@FreeBSD.ORG Sat Nov 13 22:20:56 2010 Return-Path: Delivered-To: virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3C63F106566C for ; Sat, 13 Nov 2010 22:20:56 +0000 (UTC) (envelope-from jamesbrandongooch@gmail.com) Received: from mail-wy0-f182.google.com (mail-wy0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id C63C68FC13 for ; Sat, 13 Nov 2010 22:20:55 +0000 (UTC) Received: by wyb36 with SMTP id 36so1252098wyb.13 for ; Sat, 13 Nov 2010 14:20:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=NokEMuhcCArRHPd/Q5edyHhxkaOrB1NYN4MTz/omWR0=; b=KSRn+1ZDrMxohWX1SuBhx6XPmpKGCfqQvLBjkBjXgYssL9rHyus1vbiuHISP1fsE0U ZA7umPuaxNSTtjzOEkXzLx+qhaFMs0WxPHpLYtaG3pGnjlY7nuiUb2yyoiSgWjk+T9ye z9RV+F+GwBRhVi02nxK881ACtoOpWNqYmMZXY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=YKNpePNvWH+lr00LXkEQYicVZUvbjuTaApcNMvtKj4K9E6ArtyfCC4OkJVWECuoO3C cBQlgY438NFyCp6xzjhuUWI8s+y9aWnghljhf8fUm4v5sjKo7lj65SSUX+GJGtaSG4ou BP9i624F0rzST+mRq/KM97onlfLYczMHd7V08= MIME-Version: 1.0 Received: by 10.216.171.75 with SMTP id q53mr3413873wel.74.1289685343159; Sat, 13 Nov 2010 13:55:43 -0800 (PST) Received: by 10.216.12.80 with HTTP; Sat, 13 Nov 2010 13:55:43 -0800 (PST) In-Reply-To: <4CDEFC2D.4090908@freebsd.org> References: <4CDEFC2D.4090908@freebsd.org> Date: Sat, 13 Nov 2010 15:55:43 -0600 Message-ID: From: Brandon Gooch To: Julian Elischer Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: virtualization@freebsd.org Subject: Re: limitations on jail style virtualization X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Nov 2010 22:20:56 -0000 On Sat, Nov 13, 2010 at 2:59 PM, Julian Elischer wrote= : > We discussed this at MeetBSD last week and it woudl seem that the next > big hurdle for virtualization would seem to be a good concept to allow > jails to have virtual versions of various virtual devices.. > > for example > > pf has been virtualized (when IS that patch going to get committed?) but > pfsync > and pflog use special devices in /dev. > > similarly bpf uses /dev entries but the way they are used means they are > still useful. > > so what happend when a device that is accessed from within a jail creates= a > cloning device? > should it just turn up in the devfs for that jail? > and should it be visible in other jails that happen to be sharing the sam= e > /dev? > > > I have no preconceived ideas abot this. Just possibilities. > > should the cloning code work alongside a new devfs feature that would mak= e > 'per jail' entries? =A0i.e. tun0 would be a different device depending on= what > jail > you were in looking at the /dev? > Was this brought up in any of the discussions? http://www.7he.at/freebsd/vps/ I'm not sure if the VPS project pertains directly to what you're talking about, but perhaps some of the code or ideas from the project might? Even if it doesn't, it's still an exciting project that adds a ton of value to FreeBSD's light-weight virtualization strategy. What do think about the VPS concept in relation to the current virtualization effort being put in to jails? It seems to me that recent efforts at virtualizing kernel-level objects makes VPS the future of FreeBSD's virtualization, leaving jails as a great way to isolate applications... -Brandon