Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 15 May 2007 09:22:53 +0200
From:      <Helge.Oldach@atosorigin.com>
To:        <julian@elischer.org>, <andre@freebsd.org>
Cc:        bzeeb-lists@lists.zabbadoz.net, ed@fxq.nl, freebsd-hackers@freebsd.org
Subject:   RE: Multiple IP Jail's patch for FreeBSD 6.2
Message-ID:  <39AFDF50473FED469B15B6DFF2262F7A02D67A13@DEHHX001.deuser.de.intra>
References:  <45F1C355.8030504@digitaldaemon.com>	<20070511075857.GL23313@hoeg.nl>	<4644773E.60909@freebsd.org>	<20070514141416.GR23313@hoeg.nl>	<20070514155727.Y2939@maildrop.int.zabbadoz.net>	<4648993A.4060709@elischer.org><4648CAFD.4020009@freebsd.org> <4648CF15.8050304@elischer.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Julian Elischer wrote on Monday, May 14, 2007 11:05 PM:
> Andre Oppermann wrote:
>> Julian Elischer wrote:
>>> talk with Marko Zec about "immunes".
>>>=20
>>> http://www.tel.fer.hr/zec/vimage/
>>> and http://www.tel.fer.hr/imunes/
>>>=20
>>> It has a complete virtualized stack for each jail.
>>> ipfw, routing table, divert sockets, sysctls, statistics, netgraph
>>> etc.=20
>>=20
>> Like I said there is a place for both approaches and they are
>> complementary.  A couple of hosting ISPs I know do not want to
>> give a full virtualized stack to their customers.  They want to
>> retain full control over the network configuration inside and
>> outside of the jail.  In those (mass-hosting) cases it is done
>> that way to ease support (less stuff users can fumble) and to
>> properly position those products against full virtual machines
>> and dedicated servers.  Something like this: jail < vimage <
>> virtual machine < dedicated server.
>>=20
>>> He as a set of patches against 7-current that now implements nearly
>>> all the parts you need. It Will be discussed at the devsummit on
>>> Wed/Thurs=20
>>> and we'll be discussing whether it is suitable for general inclusion
>>> or to be kept as patches. Note, it can be compiled out, which
>>> leaves a pretty much binarily compatible OS, so I personally would
>>> like to see it included.
>>=20
>> I don't think it is mature enough for inclusion into the upcoming
>> 7.0R.  Not enough integration time.  Food for FreeBSD 8.0.
>=20
> Actually I am not sure I completely agree. Consider:

Me neither. Markos work started at 4.0 already, which is a *long* time
ago, so I would assume a decent level of maturity in the first place.

> I might add that What Marco has now is very functional
> and that people should kick its tires (tyres) a bit..

Yep.

Also, having this functionality would give us sort of a unique feature
over "the competition".

Helge

Atos Origin GmbH, Theodor-Althoff-Str. 47, D-45133 Essen, Postfach 100 123, D-45001 Essen
Telefon: +49 201 4305 0, Fax: +49 201 4305 689095, www.atosorigin.de
Dresdner Bank AG, Hamburg: Kto. 0954411200, BLZ 200 800 00, Swift Code DRESDEFF200, IBAN DE69200800000954411200
Geschäftsführer: Dominique Illien, Handelsregister Essen HRB 19354, Ust.-ID.-Nr.: DE147861238



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39AFDF50473FED469B15B6DFF2262F7A02D67A13>