From owner-freebsd-stable@FreeBSD.ORG  Sat Feb  7 16:26:38 2009
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id EB110106566B
	for <freebsd-stable@freebsd.org>; Sat,  7 Feb 2009 16:26:38 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42])
	by mx1.freebsd.org (Postfix) with ESMTP id C49038FC0A
	for <freebsd-stable@freebsd.org>; Sat,  7 Feb 2009 16:26:38 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from fledge.watson.org (fledge.watson.org [65.122.17.41])
	by cyrus.watson.org (Postfix) with ESMTPS id 4577D46B0D;
	Sat,  7 Feb 2009 11:26:38 -0500 (EST)
Date: Sat, 7 Feb 2009 16:26:38 +0000 (GMT)
From: Robert Watson <rwatson@FreeBSD.org>
X-X-Sender: robert@fledge.watson.org
To: Dmitry Morozovsky <marck@rinet.ru>
In-Reply-To: <alpine.BSF.2.00.0902071850130.21613@woozle.rinet.ru>
Message-ID: <alpine.BSF.2.00.0902071612230.89719@fledge.watson.org>
References: <alpine.BSF.2.00.0901290021000.91263@woozle.rinet.ru>
	<alpine.BSF.2.00.0901290855010.70708@fledge.watson.org>
	<alpine.BSF.2.00.0901291237020.91263@woozle.rinet.ru>
	<alpine.BSF.2.00.0902062245490.89719@fledge.watson.org>
	<alpine.BSF.2.00.0902071850130.21613@woozle.rinet.ru>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-stable@freebsd.org
Subject: Re: jail: external and localhost distinction
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Feb 2009 16:26:39 -0000

On Sat, 7 Feb 2009, Dmitry Morozovsky wrote:

> On Fri, 6 Feb 2009, Robert Watson wrote:
>
> RW> > Thank you for clarification, now I see this is actually expected behaviour
> RW> > :)
> RW> >
> RW> > Would then starting second jail with the same root and, say, 127.10.0.1 as
> RW> > an address be a workaround?
> RW>
> RW> There's no technical reason you can't have more than one jail using the same
> RW> file system root, and even IP -- you'll find that ps(1) in one jail can't
> RW> see processes in the other (and can't signal, etc) but otherwise works as
> RW> expected.  Of course, any given process has to be a member of at most one of
> RW> the two.
>
> But, in the case of IP sharing, I suppose, the second process tries to bind 
> to the same port will got "socket already in use", won't it?

In general, if two processes independently bind the same port but using two 
specific IPs, then there won't be a conflict and both will be allowed to 
succeed.  Conflicts arise if there are two bindings of the same address and 
port, so if both jails use the same IP and one binds it, then the other will 
get a socket already in use error, yes.

FYI, I see that Bjoern has now committed the multi-IP patch for Jail to 
7-STABLE, which should make Jails a lot more flexible.

Robert N M Watson
Computer Laboratory
University of Cambridge