From owner-freebsd-arch@FreeBSD.ORG  Mon Feb 28 16:48:57 2005
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DCB4916A4CE
	for <freebsd-arch@FreeBSD.org>; Mon, 28 Feb 2005 16:48:57 +0000 (GMT)
Received: from diri.bris.ac.uk (diri.bris.ac.uk [137.222.10.112])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6107643D1F
	for <freebsd-arch@FreeBSD.org>; Mon, 28 Feb 2005 16:48:57 +0000 (GMT)
	(envelope-from Jan.Grant@bristol.ac.uk)
Received: from mail.ilrt.bris.ac.uk ([137.222.16.62])
	by diri.bris.ac.uk with esmtp (Exim 4.50)
	id 1D5o4l-0000CO-F9; Mon, 28 Feb 2005 16:48:56 +0000
Received: from cmjg (helo=localhost)
	by mail.ilrt.bris.ac.uk with local-esmtp (Exim 4.44)
	id 1D5o4h-0002DJ-7I; Mon, 28 Feb 2005 16:48:51 +0000
Date: Mon, 28 Feb 2005 16:48:51 +0000 (GMT)
From: Jan Grant <Jan.Grant@bristol.ac.uk>
X-X-Sender: cmjg@mail.ilrt.bris.ac.uk
To: Xin LI <delphij@frontfree.net>
In-Reply-To: <20050228162548.GA57140@frontfree.net>
Message-ID: <Pine.GSO.4.61.0502281643320.18097@mail.ilrt.bris.ac.uk>
References: <20050228162548.GA57140@frontfree.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: Jan Grant <Jan.Grant@bristol.ac.uk>
X-Spam-Score: -2.8
X-Spam-Level: --
cc: freebsd-arch@FreeBSD.org
Subject: Re: bind() on 127.0.0.1 in jail: bound to the outside address?
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussion related to FreeBSD architecture
	<freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Feb 2005 16:48:58 -0000

On Tue, 1 Mar 2005, Xin LI wrote:

> Your ideas are highly appreciated!

It's not minimal, but assuming that it's desirable that processes 
listening on loopback sockets shouldn't collide outside the jail, one 
approach might be as follows:

- get jails to the point where they can manage more than one IP address 
  per jail;
- a jail config will then include an alias on the loopback address 
  (127.0.0.2, ...)

unfortunately like all jail extensions this has other problems - for 
instance, the close association of a jail to "its IP address" is broken 
by this.

-- 
jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/
Tel +44(0)117 9287864 or +44 (0)117 9287088 http://ioctl.org/jan/