From owner-freebsd-current@FreeBSD.ORG Wed Mar 3 14:31:47 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7A13116A4CE for ; Wed, 3 Mar 2004 14:31:47 -0800 (PST) Received: from anduin.net (anduin.net [212.12.46.226]) by mx1.FreeBSD.org (Postfix) with SMTP id BA16943D1D for ; Wed, 3 Mar 2004 14:31:46 -0800 (PST) (envelope-from ltning@anduin.net) Received: (qmail 4462 invoked by uid 6759); 3 Mar 2004 22:31:45 -0000 Received: from ltning@anduin.net by anduin.net by uid 82 with qmail-scanner-1.20 (clamscan: 0.60. spamassassin: 2.60. Clear:RC:1(127.0.0.1):. Processed in 1.273566 secs); 03 Mar 2004 22:31:45 -0000 X-Qmail-Scanner-Mail-From: ltning@anduin.net via anduin.net X-Qmail-Scanner: 1.20 (Clear:RC:1(127.0.0.1):. Processed in 1.273566 secs) Received: from localhost (HELO anduin.net) (www@127.0.0.1) by localhost with SMTP; 3 Mar 2004 22:31:44 -0000 Received: (from www@localhost) by anduin.net (8.12.10/8.12.10/Submit) id i23MVhf2004452; Wed, 3 Mar 2004 23:31:43 +0100 (CET) (envelope-from ltning@anduin.net) Date: Wed, 3 Mar 2004 23:31:43 +0100 (CET) Message-Id: <200403032231.i23MVhf2004452@anduin.net> X-Authentication-Warning: anduin.net: www set sender to ltning@anduin.net using -f To: David Wolfskill From: Eirik Oeverby X-Mailer: www@mail by Lightning X-Eric-Conspiracy: There is no conspiracy X-Mailman-Approved-At: Thu, 04 Mar 2004 04:48:27 -0800 cc: current@freebsd.org Subject: Re: Jails in -CURRENT X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: ltning@anduin.net List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2004 22:31:47 -0000 Hi, I can give you an outline of what my script does, then it'll be for you to judge if it can be called a 'jail management' tool.. ;) Current features: - Starting jails (brings up interface alias, mounts proc, linprocfs (if enabled), /usr/ports and /usr/src from the host (read-only), starts the jail) - Stopping jails (finds all processes belonging to a jail, TERM/KILL signals are sent, filesystems are unmounted, interface taken down) - Creating jails (uses the standard installworld target, then modifies key configuration files to be jail-compliant, deletes unnecessary and non-working files and directories, installs predefined packages and does other adjustments to the jail internal configuration, sets a default root password and enables remote root login) - Upgrading jails (installworld, and then mergemaster, with cleanup afterwards) - Deleting jails (guess...) - Jail status (lists running/not running/not configured jails) Future plans include finding a way to inject processes into jails (though I fear this might be impossible on -STABLE without patches), allowing listing of jail processes from outside the jail (done in an hour or two if I find the time ;), and better configureability. The script is written entirely for /bin/sh (it's actually my first ever real shellscript), and in the hope that it might be useful for someone. I have a secret dream of having it included in the default freebsd distribution... If you or anyone want to test it, let me know. /Eirik > >From: Eirik Oeverby >To: > current@freebsd.org >Date: Wed, 03 Mar 2004 09:12:30 +0100 >Subject: Jails in > -CURRENT >Sender: owner-freebsd-current@freebsd.org > > >Can someone point me to a site or message or whatever, that describes >the > changes to the jail facility in -CURRENT, and 5.2.1 in particular, >compared > to what is to be found in -STABLE (4.9.x) ? > > I don't have anything for you there but... > > >I'm currently running a number of jails on -STABLE, and have just >finished > writing a rather comprehensive tool for managing them - and >would like to > know if this would be useful on -CURRENT aswell. Also I >need to know if > anything can be gained by upgrading. > > I would be interested in (at least) knowing more about how you approached > "jail management". > > Peace, david -- David H. Wolfskill david@catwhisker.org I do not > "unsubscribe" from email "services" to which I have not explicitly > subscribed. Rather, I block spammers' access to SMTP servers I control, and > encourage others who are in a position to do so to do likewise.