From owner-svn-src-head@FreeBSD.ORG Thu Apr 30 13:47:37 2009 Return-Path: Delivered-To: svn-src-head@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C6B281065672; Thu, 30 Apr 2009 13:47:37 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from gritton.org (gritton.org [161.58.222.4]) by mx1.freebsd.org (Postfix) with ESMTP id 8908A8FC1B; Thu, 30 Apr 2009 13:47:36 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from glorfindel.gritton.org (c-76-27-80-223.hsd1.ut.comcast.net [76.27.80.223]) (authenticated bits=0) by gritton.org (8.13.6.20060614/8.13.6) with ESMTP id n3UDJsPA085426; Thu, 30 Apr 2009 07:19:55 -0600 (MDT) Message-ID: <49F9A578.2070108@FreeBSD.org> Date: Thu, 30 Apr 2009 07:19:52 -0600 From: Jamie Gritton User-Agent: Thunderbird 2.0.0.19 (X11/20090220) MIME-Version: 1.0 To: Alexander Leidinger References: <200904292114.n3TLEGTW093008@svn.freebsd.org> <20090430095835.14265d5oog5a4pwk@webmail.leidinger.net> In-Reply-To: <20090430095835.14265d5oog5a4pwk@webmail.leidinger.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.94.2/9307/Thu Apr 30 05:49:56 2009 on gritton.org X-Virus-Status: Clean Cc: svn-src-head@FreeBSD.org, svn-src-all@FreeBSD.org, src-committers@FreeBSD.org Subject: Re: svn commit: r191673 - in head: lib/libc/sys sys/cddl/compat/opensolaris/kern sys/compat/freebsd32 sys/kern sys/sys X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Apr 2009 13:47:38 -0000 Alexander Leidinger wrote: > Quoting Jamie Gritton (from Wed, 29 Apr 2009 > 21:14:16 +0000 (UTC)): > >> Author: jamie >> Date: Wed Apr 29 21:14:15 2009 >> New Revision: 191673 >> URL: http://svn.freebsd.org/changeset/base/191673 >> >> Log: >> Introduce the extensible jail framework, using the same "name=value" >> interface as nmount(2). Three new system calls are added: >> * jail_set, to create jails and change the parameters of existing >> jails. >> This replaces jail(2). >> * jail_get, to read the parameters of existing jails. This replaces >> the >> security.jail.list sysctl. >> * jail_remove to kill off a jail's processes and remove the jail. >> Most jail parameters may now be changed after creation, and jails >> may be >> set to exist without any attached processes. The current jail(2) >> system >> call still exists, though it is now a stub to jail_set(2). > > Does this mean it is theoretically possible now to add/remove IP > addresses to/from a running jail? If yes, are you going to implement the > corresponding ifconfig feature? I would expect this in ifconfig, as on > Solaris ifconfig is able to do this with zones, I haven't looked if the > jail utility is able to do it. Yes and maybe. Jails can get IP addresses added and removed midstream. But the userland interface remains to be done. I had no plans to specify a jail in ifconfig but I could do that at some point. There's no specific tie between interfaces and jails like there appears to be for zones, so it would be something different than Solaris has. For now I'll just be modifying jail(8) to assign existing addresses to jails, the way they're done now upon creation. - Jamie