From owner-freebsd-questions@FreeBSD.ORG Wed Apr 4 08:21:56 2012 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0A498106566C for ; Wed, 4 Apr 2012 08:21:56 +0000 (UTC) (envelope-from perryh@pluto.rain.com) Received: from agora.rdrop.com (unknown [IPv6:2607:f678:1010::34]) by mx1.freebsd.org (Postfix) with ESMTP id DA25B8FC16 for ; Wed, 4 Apr 2012 08:21:55 +0000 (UTC) Received: from agora.rdrop.com (66@localhost [127.0.0.1]) by agora.rdrop.com (8.13.1/8.12.7) with ESMTP id q348LsJQ063250 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 4 Apr 2012 01:21:54 -0700 (PDT) (envelope-from perryh@pluto.rain.com) Received: (from uucp@localhost) by agora.rdrop.com (8.13.1/8.14.2/Submit) with UUCP id q348LskM063249; Wed, 4 Apr 2012 01:21:54 -0700 (PDT) (envelope-from perryh@pluto.rain.com) Received: from fbsd81 ([192.168.200.81]) by pluto.rain.com (4.1/SMI-4.1-pluto-M2060407) id AA26114; Wed, 4 Apr 12 01:01:41 PDT Date: Wed, 04 Apr 2012 08:00:46 -0700 From: perryh@pluto.rain.com To: jameschen@juniper.net, fbsd8@a1poweruser.com Message-Id: <4f7c621e.tnQwV40ucBoiDtJs%perryh@pluto.rain.com> References: <079BB83C1486C245B64B055CF016336A02612843@emailhk3.jnpr.net> <4F7B19CE.80401@a1poweruser.com> In-Reply-To: <4F7B19CE.80401@a1poweruser.com> User-Agent: nail 11.25 7/29/05 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: questions@freebsd.org Subject: Re: Questions about Jail X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Apr 2012 08:21:56 -0000 Fbsd8 wrote: > In most cases your jail environment will function ok as long as > its the same base release level. Example, host=8.0 jail1=8.1 and > jail2=8.2 IIUC, a better example would be host=8.2, jail1=8.1 and jail2=8.0. A point release is not supposed to make any incompatible changes to the kernel ABI, but it might add new interfaces not present in the older kernel. > But host=8.2 and jail1=9.0 will have unknown reliability. I would say it is only an accident if (jail major > kernel major) works, because the KABI will likely have changed between N.x and (N+1).x. However, host=9.0, jail1=8.x should work if the host kernel includes the COMPAT_FREEBSD8 option. > Technically there is no checks stopping someone from doing this > and from the outside all will look correct, but it will fail and > you may lose both the host and jail. You may indeed lose the jail, but if _anything_ done in the jail is able to corrupt the host there is by definition a bug in the host's jail support.