From owner-freebsd-hackers Tue Nov 9 9:28:48 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from fgwmail3.fujitsu.co.jp (fgwmail3.fujitsu.co.jp [192.51.44.33]) by hub.freebsd.org (Postfix) with ESMTP id 455A21509B; Tue, 9 Nov 1999 09:28:41 -0800 (PST) (envelope-from shin@nd.net.fujitsu.co.jp) Received: from m3.gw.fujitsu.co.jp by fgwmail3.fujitsu.co.jp (8.9.3/3.7W-MX9910-Fujitsu Gateway) id CAA12659; Wed, 10 Nov 1999 02:28:07 +0900 (JST) Received: from incapgw.fujitsu.co.jp by m3.gw.fujitsu.co.jp (8.9.3/3.7W-9910-Fujitsu Domain Master) id CAA21948; Wed, 10 Nov 1999 02:28:06 +0900 (JST) Received: from localhost ([192.168.245.44]) by incapgw.fujitsu.co.jp (8.9.3/3.7W-9910) id CAA29305; Wed, 10 Nov 1999 02:28:04 +0900 (JST) To: phk@critter.freebsd.dk Cc: jhay@mikom.csir.co.za, freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Should jail treat ip-number? In-Reply-To: <22398.942136151@critter.freebsd.dk> References: <199911090824.KAA90295@zibbi.mikom.csir.co.za> <22398.942136151@critter.freebsd.dk> <22238.942134633@critter.freebsd.dk> <23737.942154864@critter.freebsd.dk> X-Mailer: Mew version 1.94 on Emacs 20.4 / Mule 4.0 (HANANOEN) X-Prom-Mew: Prom-Mew 1.93.4 (procmail reader for Mew) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <19991110022852N.shin@nd.net.fujitsu.co.jp> Date: Wed, 10 Nov 1999 02:28:52 +0900 From: Yoshinobu Inoue X-Dispatcher: imput version 990905(IM130) Lines: 47 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > >> I agree, *IF* IPv6 ever becomes a reality, we will look at this. Actually I just started to import KAME into freebsd-current, and found jail code in kernel pcb part. > >If we want > >people to even think of moving to IPv6 we will have to make as much > >of FreeBSD's functionality work on there as possible. Just from same reason, I would like to make IPv6 available also for jail functionality. > I personally do not see IPv6 as being desirable at this time. > > It suffers from second systems syndrome and doesn't provide any > benefit for the end-user so there is no incentive for users to > upgrade. But there is also some people like me who think IPv6 give several benefit for the end-user that IPv4 can't give. Then do you think even such people should not update jail to support IPv6? > >:>(2)What is the goal of the restriction? > > > >:To isolate people in the jail from the "real" machine and from > >:other jails. > > > 1. All tcp/ip forced to use a particular IP#. This allows you to have > several inetd/sendmail/apache running, one per jail. My imagination was poor, and thanks for your explanation. Now I have a new concern and comment. (1)It seems to me that once an IP# is specified for a jail, then that IP# should not be re-specified for another jail. Is this true? (2)If (1) is true, then number of jail is restricted to the number of IP address assigned to that machine. Then IPv6 support for jail should be very good thing, because extremely many IP addresses become available for a machine with IPv6. (which is not with IPv4) Yoshinobu Inoue To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message