Date: Sat, 28 Apr 2001 22:38:25 +0200 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: Robert Watson <rwatson@FreeBSD.ORG> Cc: freebsd-arch@FreeBSD.ORG Subject: Re: jailNG Message-ID: <29882.988490305@critter> In-Reply-To: Your message of "Mon, 23 Apr 2001 14:29:22 EDT." <Pine.NEB.3.96L.1010423141823.91472L-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm not uninterested in jails, but I have no time (and no contracts to give me time) for it at present. In general I think jail is in much more capable hands with you anyway :-) Poul-Henning In message <Pine.NEB.3.96L.1010423141823.91472L-100000@fledge.watson.org>, Robe rt Watson writes: > >This weekend I was spending some time tweaking the jail(8) code to improve >it's SMPng-happiness as well as manageability. Unfortunately, I ended up >rewriting it in the process :-). I changed the model somewhat so that >jails are now persistently configred, joined, et al, and broke out the >chroot() from the creation/joining process, as with increased namespaces >(such as System V IPC) creating a nice clean failure was increasingly >difficult. Aspects of individual jails may now be managed using sysctl's, >which appears to work reasonably well. Clearly there's a lot of work left >to do, but I'd appreciate comments if people are interested: > > http://www.watson.org/~robert/jailng/ > >Simple example: > >dev# ./jailctl >usage: > jailctl create [jailname] > jailctl destroy [jailname] > jailctl join [jailname] [-c chrootpath] [path] [cmd] [args...] >dev# ./jailctl create test >dev# sysctl -a | grep jail >jail.instance.test.sysvipc_permitted: 0 >jail.instance.test.set_hostname_permitted: 1 >jail.instance.test.socket_ipv4_permitted: 1 >jail.instance.test.socket_unix_permitted: 1 >jail.instance.test.socket_route_permitted: 1 >jail.instance.test.socket_other_permitted: 0 >jail.instance.test.ipv4addr: 0 >dev# ./jailctl join test -c /tmp /bin/sh ># ps ax > PID TT STAT TIME COMMAND > 907 d0 DWJ 0:00.02 /bin/sh > 908 d0 RW+J 0:00.00 ps ax ># exit >dev# ./jailctl destroy test >dev# > >I also have a jailinit(8) in the works which would allow improved >startup/shutdown in the style of init(8) (sans the whole sigchild thing). >Another feature I'd like to add is a jail signal call that allows a signal >to be delivered to all processes inside a jail from outside, allowing an >easier forceable shutdown. > >Robert N M Watson FreeBSD Core Team, TrustedBSD Project >robert@fledge.watson.org NAI Labs, Safeport Network Services > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-arch" in the body of the message > -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?29882.988490305>