Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 30 Jan 2004 22:44:01 +0000
From:      Antony T Curtis <antony.t.curtis@ntlworld.com>
To:        Dag-Erling =?ISO-8859-1?Q?Sm=F8rgrav?= <des@des.no>
Cc:        arch@freebsd.org
Subject:   Re: init(8) in jails
Message-ID:  <1075502641.51737.34.camel@pcgem.rdg.cyberkinetica.com>
In-Reply-To: <xzp65et74kz.fsf@dwp.des.no>
References:  <xzp65et74kz.fsf@dwp.des.no>

next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 2004-01-30 at 17:02, Dag-Erling Smørgrav wrote:
> Currently, the preferred mechanism to set up a virtual server in a
> jail is 'jail /path/to/jail jail.host.name 1.2.3.4 /etc/rc'.
> 
> How about modifying init instead and teach it how to run a jail?  The
> advantages of that approach would include the ability to send a signal
> to a jailed init to have it run /etc/rc.shutdown inside the jail and
> terminate the jail cleanly; currently, there is no clean method of
> terminating a jail.

Funnily enough, a couple of years ago, I modified init to run inside a
jail... and then some terminals accessed different jails. All you need
to do is to modify init to store it's pid in /var/run/init.pid and make
tools which send signals to init read that file instead of assuming that
init is pid=1.

a quick and simple script to start/shutdown jails... and you can do fun
stuff like all the console terminals are actually talking to a jailed
session - gives an additional tier of confusion when someone tries to
fiddle via the console. :D

The 'root' non-jailed system can then run with practically no services
running - just managing the jailed 'virtual servers'. I even went as far
as using nmdm to be able to talk to the non-jailed system from one of
the jailed instances (since the non-jail had no network service running
at all)

To reduplicate all the work is perhaps 2-4 hours. I don't have the
source anymore because the box it was done on was wiped by my brother
and he installed RedHat on it.

Now, all someone needs to do is combine it with the vimage patch and you
can have a nearly full virtual server system.

-- 
Antony T Curtis BSc     Unix Analyst Programmer
http://homepage.ntlworld.com/antony.t.curtis/



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1075502641.51737.34.camel>