From owner-freebsd-arch@FreeBSD.ORG Fri Jan 30 14:44:27 2004 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C2A8716A4CE for ; Fri, 30 Jan 2004 14:44:27 -0800 (PST) Received: from mta08-svc.ntlworld.com (mta08-svc.ntlworld.com [62.253.162.48]) by mx1.FreeBSD.org (Postfix) with ESMTP id 41CCB43D2D for ; Fri, 30 Jan 2004 14:44:26 -0800 (PST) (envelope-from antony.t.curtis@ntlworld.com) Received: from [10.10.10.100] ([81.98.110.96]) by mta08-svc.ntlworld.com (InterMail vM.4.01.03.37 201-229-121-137-20020806) with ESMTP id <20040130224414.SXQL26804.mta08-svc.ntlworld.com@[10.10.10.100]>; Fri, 30 Jan 2004 22:44:14 +0000 From: Antony T Curtis To: Dag-Erling =?ISO-8859-1?Q?Sm=F8rgrav?= In-Reply-To: References: Content-Type: text/plain; charset=iso-8859-1 Message-Id: <1075502641.51737.34.camel@pcgem.rdg.cyberkinetica.com> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.4 Date: Fri, 30 Jan 2004 22:44:01 +0000 Content-Transfer-Encoding: 8bit cc: arch@freebsd.org Subject: Re: init(8) in jails X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jan 2004 22:44:27 -0000 On Fri, 2004-01-30 at 17:02, Dag-Erling Smørgrav wrote: > Currently, the preferred mechanism to set up a virtual server in a > jail is 'jail /path/to/jail jail.host.name 1.2.3.4 /etc/rc'. > > How about modifying init instead and teach it how to run a jail? The > advantages of that approach would include the ability to send a signal > to a jailed init to have it run /etc/rc.shutdown inside the jail and > terminate the jail cleanly; currently, there is no clean method of > terminating a jail. Funnily enough, a couple of years ago, I modified init to run inside a jail... and then some terminals accessed different jails. All you need to do is to modify init to store it's pid in /var/run/init.pid and make tools which send signals to init read that file instead of assuming that init is pid=1. a quick and simple script to start/shutdown jails... and you can do fun stuff like all the console terminals are actually talking to a jailed session - gives an additional tier of confusion when someone tries to fiddle via the console. :D The 'root' non-jailed system can then run with practically no services running - just managing the jailed 'virtual servers'. I even went as far as using nmdm to be able to talk to the non-jailed system from one of the jailed instances (since the non-jail had no network service running at all) To reduplicate all the work is perhaps 2-4 hours. I don't have the source anymore because the box it was done on was wiped by my brother and he installed RedHat on it. Now, all someone needs to do is combine it with the vimage patch and you can have a nearly full virtual server system. -- Antony T Curtis BSc Unix Analyst Programmer http://homepage.ntlworld.com/antony.t.curtis/