Date: Mon, 17 Feb 2003 08:05:54 +0100 From: Pawel Jakub Dawidek <nick@garage.freebsd.pl> To: freebsd-hackers@freebsd.org Cc: rwatson@freebsd.org, phk@freebsd.org Subject: Multi-level jailing. Message-ID: <20030217070554.GE10767@garage.freebsd.pl>
next in thread | raw e-mail | index | archive | help
--o9mtL5OVI48+DSkO Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello hackers. I have prepared patch for jail functionality against FreeBSD 5.0-CURRENT. It provides multi-level jailing and multiple ips for jails. Example of use: IPS on machine: tl0: 12.34.56.1 12.34.56.2 12.34.56.3 10.10.10.1 fxp0: 98.76.54.32 98.76.54.31 You can create jails inside of jails: # jail / jail-1 12.34.56.1,12.34.56.2,10.10.10.1,98.76.54.31 /bin/sh [ we are in jail-1 ] # jail / jail-2 12.34.56.1,10.10.10.1,98.76.54.31 /bin/sh [ we are in jail-2 ] # jail / jail-3 12.34.56.1,98.76.54.31 /bin/sh [ we are in jail-3 ] # jail / jail-4 12.34.56.1,10.10.10.1 /bin/sh [ EINVAL, because we are already jailed and want to take IP from outside the jail ] Only processes from jail-2, jail-3 and jail-4 and jail-1 are visable in jai= l-1. Only processes from jail-4 and jail-3 are visable in jail-3. Jail-2 is child of jail-1, jail-1 is parent of jail-2, jail-3 is child of jail-2, jail-2 is parent of jail-3. If Parent exits, parent of parent will be new parent - If last process of jail-2 exits jail-1 became parent of jail-3 and jail-3 became child of jail-1. Ifconfigs from jails: jail-1# ifconfig rl0: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 inet 12.34.56.1 netmask 0xffffff00 broadcast 12.34.56.255 inet 12.34.56.2 netmask 0xffffffff broadcast 12.34.56.2 inet 10.10.10.1 netmask 0xffff0000 broadcast 10.10.255.255 ether 00:11:22:33:44:55 media: Ethernet autoselect (100baseTX <full-duplex>) status: active rl1: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 98.76.54.31 netmask 0xffffffff broadcast 98.76.54.31 ether ff:ee:dd:cc:bb:aa media: Ethernet autoselect (100baseTX <full-duplex>) status: active lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 jail-2# ifconfig rl0: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 inet 12.34.56.1 netmask 0xffffff00 broadcast 12.34.56.255 inet 10.10.10.1 netmask 0xffff0000 broadcast 10.10.255.255 ether 00:11:22:33:44:55 media: Ethernet autoselect (100baseTX <full-duplex>) status: active rl1: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 98.76.54.31 netmask 0xffffffff broadcast 98.76.54.31 ether ff:ee:dd:cc:bb:aa media: Ethernet autoselect (100baseTX <full-duplex>) status: active lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 jail-3# ifconfig rl0: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 inet 12.34.56.1 netmask 0xffffff00 broadcast 12.34.56.255 ether 00:11:22:33:44:55 media: Ethernet autoselect (100baseTX <full-duplex>) status: active rl1: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 98.76.54.31 netmask 0xffffffff broadcast 98.76.54.31 ether ff:ee:dd:cc:bb:aa media: Ethernet autoselect (100baseTX <full-duplex>) status: active lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 Patch is attached and also avaliable with README file here: http://garage.freebsd.pl/mljail.tbz --=20 Pawel Jakub Dawidek UNIX Systems Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am. --o9mtL5OVI48+DSkO Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBPlCJ0j/PhmMH/Mf1AQGKBwP+L2BOiPkTu6NVUnfzZzZ5MKYVt6pcLdjt P19h9G96C3fneAmU6If5vqNZ8OxmSSLlbzwxXiQGQXU2Y24E9fWv3ePB7ksr9apF VYdNpJs90ZxhW0xOKcbyR/NNy0cJpG1jGtl4C8FHqIGoFRXyPgNDsV42ifKpp2QC hn+f77Hipp8= =p3BX -----END PGP SIGNATURE----- --o9mtL5OVI48+DSkO-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030217070554.GE10767>