From owner-freebsd-hackers@FreeBSD.ORG Tue May 15 08:23:58 2007 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8A4C116A400; Tue, 15 May 2007 08:23:58 +0000 (UTC) (envelope-from helge.oldach@atosorigin.com) Received: from miram.origin-it.net (miram.origin-it.net [194.8.96.226]) by mx1.freebsd.org (Postfix) with ESMTP id 0EE8613C46C; Tue, 15 May 2007 08:23:57 +0000 (UTC) (envelope-from helge.oldach@atosorigin.com) Received: from markab.hbg.de.int.atosorigin.com (avior.origin-it.net [213.70.176.177]) by miram.origin-it.net (8.14.1/8.14.1/hmo020206) with ESMTP id l4F88c35061154 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 15 May 2007 10:08:38 +0200 (CEST) (envelope-from helge.oldach@atosorigin.com) Received: from DEHHX001.deuser.de.intra (dehhx001.hbg.de.int.atosorigin.com [161.90.164.121]) by markab.hbg.de.int.atosorigin.com (8.14.1/8.14.1/hmo020206) with ESMTP id l4F88ZUC090731; Tue, 15 May 2007 10:08:36 +0200 (CEST) (envelope-from helge.oldach@atosorigin.com) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Date: Tue, 15 May 2007 09:22:53 +0200 Content-Transfer-Encoding: quoted-printable Message-ID: <39AFDF50473FED469B15B6DFF2262F7A02D67A13@DEHHX001.deuser.de.intra> X-MS-Has-Attach: X-MimeOLE: Produced By Microsoft Exchange V6.5 X-MS-TNEF-Correlator: Thread-Topic: Multiple IP Jail's patch for FreeBSD 6.2 Thread-Index: AceWa7McAcKSBOEuT9OgqF47tguZBwAVI9FA References: <45F1C355.8030504@digitaldaemon.com> <20070511075857.GL23313@hoeg.nl> <4644773E.60909@freebsd.org> <20070514141416.GR23313@hoeg.nl> <20070514155727.Y2939@maildrop.int.zabbadoz.net> <4648993A.4060709@elischer.org><4648CAFD.4020009@freebsd.org> <4648CF15.8050304@elischer.org> From: To: , X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (miram.origin-it.net [194.8.96.226]); Tue, 15 May 2007 10:08:38 +0200 (CEST) Cc: bzeeb-lists@lists.zabbadoz.net, ed@fxq.nl, freebsd-hackers@freebsd.org Subject: RE: Multiple IP Jail's patch for FreeBSD 6.2 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 May 2007 08:23:58 -0000 Julian Elischer wrote on Monday, May 14, 2007 11:05 PM: > Andre Oppermann wrote: >> Julian Elischer wrote: >>> talk with Marko Zec about "immunes". >>>=20 >>> http://www.tel.fer.hr/zec/vimage/ >>> and http://www.tel.fer.hr/imunes/ >>>=20 >>> It has a complete virtualized stack for each jail. >>> ipfw, routing table, divert sockets, sysctls, statistics, netgraph >>> etc.=20 >>=20 >> Like I said there is a place for both approaches and they are >> complementary. A couple of hosting ISPs I know do not want to >> give a full virtualized stack to their customers. They want to >> retain full control over the network configuration inside and >> outside of the jail. In those (mass-hosting) cases it is done >> that way to ease support (less stuff users can fumble) and to >> properly position those products against full virtual machines >> and dedicated servers. Something like this: jail < vimage < >> virtual machine < dedicated server. >>=20 >>> He as a set of patches against 7-current that now implements nearly >>> all the parts you need. It Will be discussed at the devsummit on >>> Wed/Thurs=20 >>> and we'll be discussing whether it is suitable for general inclusion >>> or to be kept as patches. Note, it can be compiled out, which >>> leaves a pretty much binarily compatible OS, so I personally would >>> like to see it included. >>=20 >> I don't think it is mature enough for inclusion into the upcoming >> 7.0R. Not enough integration time. Food for FreeBSD 8.0. >=20 > Actually I am not sure I completely agree. Consider: Me neither. Markos work started at 4.0 already, which is a *long* time ago, so I would assume a decent level of maturity in the first place. > I might add that What Marco has now is very functional > and that people should kick its tires (tyres) a bit.. Yep. Also, having this functionality would give us sort of a unique feature over "the competition". Helge Atos Origin GmbH, Theodor-Althoff-Str. 47, D-45133 Essen, Postfach 100 123, D-45001 Essen Telefon: +49 201 4305 0, Fax: +49 201 4305 689095, www.atosorigin.de Dresdner Bank AG, Hamburg: Kto. 0954411200, BLZ 200 800 00, Swift Code DRESDEFF200, IBAN DE69200800000954411200 Geschäftsführer: Dominique Illien, Handelsregister Essen HRB 19354, Ust.-ID.-Nr.: DE147861238