From owner-freebsd-virtualization@FreeBSD.ORG Fri Sep 5 16:00:49 2008 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A5949106567A for ; Fri, 5 Sep 2008 16:00:49 +0000 (UTC) (envelope-from jamie@gritton.org) Received: from gritton.org (gritton.org [161.58.222.4]) by mx1.freebsd.org (Postfix) with ESMTP id 545E78FC3E for ; Fri, 5 Sep 2008 16:00:49 +0000 (UTC) (envelope-from jamie@gritton.org) Received: from guppy.corp.verio.net (fw.oremut02.us.wh.verio.net [198.65.168.24]) (authenticated bits=0) by gritton.org (8.13.6.20060614/8.13.6) with ESMTP id m85G0liP082666 for ; Fri, 5 Sep 2008 10:00:48 -0600 (MDT) Message-ID: <48C157AA.7080702@gritton.org> Date: Fri, 05 Sep 2008 10:00:42 -0600 From: James Gritton User-Agent: Thunderbird 2.0.0.9 (X11/20080228) MIME-Version: 1.0 To: FreeBSD virtualization mailing list Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV version 0.93, clamav-milter version 0.93 on gritton.org X-Virus-Status: Clean Subject: The kinds of things jails could virtualize X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Sep 2008 16:00:49 -0000 The ability to turn on and off the virtualization of different parts of jails goes along with a hierarchical naming of jail parameters (not to be confused with jails themselves being hierarchical). In my current jail_set perforce branch, this is done for the hostname and related properties. There are a group of parameters under the "host" heading that customize a jail's identity to user space: host.hostname host.domainname host.hostid host.hostuuid A jail may be set to not use any of these by setting the boolean parameter "host" to false; in that case, the hostname and such are taken from the parent jail (or from the system in the non-hierarchical case). Setting it to true, or setting any one of the individual parameters, causes all the related parameters to be virtualized with initial values taken from the parent. The jail IP address and chrooted path can also be turned off, though neither is part of a formal group like the "host" stuff. IP probably should be, as turning off IP address virtualization is better left separate from specifying which addresses to restrict to. Thus perhaps an "ip" group with "ip.ip4" and "ip.ip6" parameters. The vnet stuff from vimage can also be turned off with the boolean "vnet" parameter, though there's not much other interface with the jail system other than whether it's on or off (there are a couple of read-only stat values). This would be typical of how new modules or subsystems are handled. SYSV IPC should follow a similar route. Something else worth controlling that's currently always on for jails is process hiding. It might just be a single "proc" boolean, though there may be other "proc.*" parameters that could be added later, such as future plans I have for a virtual init process. So what categories should we have for jail virtualization control? The ones I can think of are: cpu: for cpuset and other per-jail scheduling, virtual load averages, stuff of that sort. host: the hostname and related stuff above. There's also currently a sysctl "security.jail.set_hostname_allowed" that would fit better here, perhaps a boolean "host.allowed". ip: whether IP addresses are restricted or otherwise virtualized. I have no idea what "otherwise virtualized" means, but if someone comes up with anything (besides vnet which is its own beast) it may belong here. proc: whether jails can see or act on other jails' processes. There's some overlap with users as well, as that's the non-jail way of deciding process permissions. sysvipc: each jail should optionally have its own SYSV namespace. There's also the same permission issue of "host". Similar to this are a few non-SYSV IPC things like POSIX semaphores - should they have their own category, or perhaps should this be a wider "ipc" category? vnet: whether a jail is also a new vimage node, just for the VIMAGE option. - Jamie