From owner-freebsd-hackers  Thu Feb 20  7: 6: 7 2003
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 0DB3137B405; Thu, 20 Feb 2003 07:06:06 -0800 (PST)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 393F143F3F; Thu, 20 Feb 2003 07:06:05 -0800 (PST)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.12.6/8.12.5) with SMTP id h1KF5qP4083261;
	Thu, 20 Feb 2003 10:05:53 -0500 (EST)
	(envelope-from robert@fledge.watson.org)
Date: Thu, 20 Feb 2003 10:05:52 -0500 (EST)
From: Robert Watson <rwatson@freebsd.org>
X-Sender: robert@fledge.watson.org
To: Pawel Jakub Dawidek <nick@garage.freebsd.pl>
Cc: freebsd-hackers@freebsd.org, phk@freebsd.org
Subject: Re: Multi-level jailing.
In-Reply-To: <20030217070554.GE10767@garage.freebsd.pl>
Message-ID: <Pine.NEB.3.96L.1030220100414.76380A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG


On Mon, 17 Feb 2003, Pawel Jakub Dawidek wrote:

> I have prepared patch for jail functionality against FreeBSD
> 5.0-CURRENT.  It provides multi-level jailing and multiple ips for
> jails. 

Sounds cool, although I haven't had a chance to read the patch yet.
Question: how did you handle the problem (if at all) that INADDR_ANY
doesn't perform a wildcard binding with multiple IPs in the same jail?
It's not strictly required that it be handled, but it was always one of
the semantic problems I bumped into when I experimented with more IPs.  A
single-IP jail "works" because it maps INADDR_ANY into the only IP
available.  I'll try to get a box up and running with these changes in the
next few days and give them a spin.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Network Associates Laboratories



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message