From owner-freebsd-jail@FreeBSD.ORG Tue Sep 4 20:46:48 2012 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8E8881065677; Tue, 4 Sep 2012 20:46:48 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from m2.gritton.org (gritton.org [199.192.164.235]) by mx1.freebsd.org (Postfix) with ESMTP id 55AF98FC1D; Tue, 4 Sep 2012 20:46:47 +0000 (UTC) Received: from guppy.corp.verio.net (fw.oremut02.us.wh.verio.net [198.65.168.24]) (authenticated bits=0) by m2.gritton.org (8.14.5/8.14.5) with ESMTP id q84KkjP7081229; Tue, 4 Sep 2012 14:46:45 -0600 (MDT) (envelope-from jamie@FreeBSD.org) Message-ID: <504668B0.1080000@FreeBSD.org> Date: Tue, 04 Sep 2012 14:46:40 -0600 From: Jamie Gritton User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:9.0) Gecko/20120126 Thunderbird/9.0 MIME-Version: 1.0 To: "Bjoern A. Zeeb" References: <504635E9.5080007@FreeBSD.org> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@FreeBSD.org, pjd@FreeBSD.org, mm@FreeBSD.org Subject: Re: Fixed Jail ID for ZFS -> need proper mgmt? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Sep 2012 20:46:48 -0000 On 09/04/12 14:37, Bjoern A. Zeeb wrote: > On Tue, 4 Sep 2012, Jamie Gritton wrote: > >> It's true that a jail left in the DYING state can't be re-created >> normally. But it can with the "-d" flag or the "allow.dying" parameter. >> In that case, an existing but dying jail will be re-attached to and this >> resurrected. So it can be gotten around, and would be a matter of >> education. Or perhaps we could change the default behavior to silently >> all re-creation of dying jails. Is there any harm in this? I.e. would >> there be any difference noticeable to the user if a jail was created >> with some old TCP connections attached to it? > > Yes, really bad and TCP is not the only thing in theory. Assume > your management does not make sure the same users gets the same jail; > you elak a lot of (possibly security related) information. Would also > make it quite hard in terms of auditing etc. to get this right unless > done knowingly and on purpose. This isn't a ZFS concern anymore it sounds like (if we tie ZFS to names), but I still wonder about better handling of dying jails. The other question that comes to mind is, could we make dying jails closer to nonexistent than they are? Such as stripping them of their jid, so a jid could be immediately re-used - and a dying jail couldn't be queried via jail_get. Or perhaps passing off a removed jail's TIME_WAIT tcp connections to a placeholder jail, possibly to prison0? I suppose vnet could complicate either of those in ways I'm unaware of. - Jamie