Date: Tue, 15 May 2007 09:22:53 +0200 From: <Helge.Oldach@atosorigin.com> To: <julian@elischer.org>, <andre@freebsd.org> Cc: bzeeb-lists@lists.zabbadoz.net, ed@fxq.nl, freebsd-hackers@freebsd.org Subject: RE: Multiple IP Jail's patch for FreeBSD 6.2 Message-ID: <39AFDF50473FED469B15B6DFF2262F7A02D67A13@DEHHX001.deuser.de.intra> References: <45F1C355.8030504@digitaldaemon.com> <20070511075857.GL23313@hoeg.nl> <4644773E.60909@freebsd.org> <20070514141416.GR23313@hoeg.nl> <20070514155727.Y2939@maildrop.int.zabbadoz.net> <4648993A.4060709@elischer.org><4648CAFD.4020009@freebsd.org> <4648CF15.8050304@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Julian Elischer wrote on Monday, May 14, 2007 11:05 PM: > Andre Oppermann wrote: >> Julian Elischer wrote: >>> talk with Marko Zec about "immunes". >>>=20 >>> http://www.tel.fer.hr/zec/vimage/ >>> and http://www.tel.fer.hr/imunes/ >>>=20 >>> It has a complete virtualized stack for each jail. >>> ipfw, routing table, divert sockets, sysctls, statistics, netgraph >>> etc.=20 >>=20 >> Like I said there is a place for both approaches and they are >> complementary. A couple of hosting ISPs I know do not want to >> give a full virtualized stack to their customers. They want to >> retain full control over the network configuration inside and >> outside of the jail. In those (mass-hosting) cases it is done >> that way to ease support (less stuff users can fumble) and to >> properly position those products against full virtual machines >> and dedicated servers. Something like this: jail < vimage < >> virtual machine < dedicated server. >>=20 >>> He as a set of patches against 7-current that now implements nearly >>> all the parts you need. It Will be discussed at the devsummit on >>> Wed/Thurs=20 >>> and we'll be discussing whether it is suitable for general inclusion >>> or to be kept as patches. Note, it can be compiled out, which >>> leaves a pretty much binarily compatible OS, so I personally would >>> like to see it included. >>=20 >> I don't think it is mature enough for inclusion into the upcoming >> 7.0R. Not enough integration time. Food for FreeBSD 8.0. >=20 > Actually I am not sure I completely agree. Consider: Me neither. Markos work started at 4.0 already, which is a *long* time ago, so I would assume a decent level of maturity in the first place. > I might add that What Marco has now is very functional > and that people should kick its tires (tyres) a bit.. Yep. Also, having this functionality would give us sort of a unique feature over "the competition". Helge Atos Origin GmbH, Theodor-Althoff-Str. 47, D-45133 Essen, Postfach 100 123, D-45001 Essen Telefon: +49 201 4305 0, Fax: +49 201 4305 689095, www.atosorigin.de Dresdner Bank AG, Hamburg: Kto. 0954411200, BLZ 200 800 00, Swift Code DRESDEFF200, IBAN DE69200800000954411200 Geschäftsführer: Dominique Illien, Handelsregister Essen HRB 19354, Ust.-ID.-Nr.: DE147861238
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39AFDF50473FED469B15B6DFF2262F7A02D67A13>