From owner-freebsd-virtualization@FreeBSD.ORG Sun May 10 15:06:54 2009 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0C67C1065673 for ; Sun, 10 May 2009 15:06:54 +0000 (UTC) (envelope-from venture37@gmail.com) Received: from mail-bw0-f165.google.com (mail-bw0-f165.google.com [209.85.218.165]) by mx1.freebsd.org (Postfix) with ESMTP id 8316C8FC12 for ; Sun, 10 May 2009 15:06:53 +0000 (UTC) (envelope-from venture37@gmail.com) Received: by bwz9 with SMTP id 9so2201325bwz.43 for ; Sun, 10 May 2009 08:06:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:content-type :content-transfer-encoding; bh=McOPg6xq8fR49Fsb8GWRrM9vFQDBukka/8MUxkvH7rI=; b=Kk3z6M5rZ5A8UjOtEumAkbo1XesmF77Ct3KKfQdMCyJ4ySsJMLkwI61wULETlgyA9K 1UoXAbTZEJYjmr7p0OqTBBtzrLs+l2fpCxMCTO4Pksbgso9C+tsIKkCsnXb9D0JUZjIU QS1HwqinDO6Od/VUwBw69RDLTrtMGrqDSmtPM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; b=n3BCENAhNE985CKh4OkfBViRxGGejjlvH7MmkxURgzrOY1Z9x1SyyDYGFdV/RoNrIj S0kqOvAaDdo46zafJXgK1XekQ7slvpdDFPsJcEVHui0sYnJ+bjV3Bp5pnnAkM5VwGbEK MkGNRiCNgdNCCd//f1YFOY4HBS7CQKxSThEzw= Received: by 10.204.51.130 with SMTP id d2mr5851741bkg.12.1241966514813; Sun, 10 May 2009 07:41:54 -0700 (PDT) Received: from sevans-mac-pro.local (newbie.thingamajig-systems.co.uk [93.97.185.103]) by mx.google.com with ESMTPS id d13sm5796126fka.19.2009.05.10.07.41.53 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 10 May 2009 07:41:53 -0700 (PDT) Message-ID: <4A06E7B0.10600@gmail.com> Date: Sun, 10 May 2009 15:41:52 +0100 From: Sevan / Venture37 User-Agent: Thunderbird 2.0.0.19 (Macintosh/20081209) MIME-Version: 1.0 To: freebsd-virtualization@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Kernel Compiled with options VIMAGE panics on boot X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 May 2009 15:06:54 -0000 Hi I've installed a fresh copy of this months snapshot, updated src via cvsup, made a copy of the GENERIC config file, added 'options VIMAGE' & 'nooptions SCTP' & compiled & installed it, on boot the system panics with the error: panic: in /usr/src/sys/net/if.c:485 if_alloc() vnet=0 curvnet=0 cpuid = 0 photo of panic: http://img18.imageshack.us/img18/3297/img1057e.jpg Any ideas?? /usr/src/sys/net/if.c is v1.328 if that helps. Sevan / Venture37 From owner-freebsd-virtualization@FreeBSD.ORG Mon May 11 02:35:16 2009 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4A2FF106564A for ; Mon, 11 May 2009 02:35:16 +0000 (UTC) (envelope-from zec@icir.org) Received: from xaqua.tel.fer.hr (xaqua.tel.fer.hr [161.53.19.25]) by mx1.freebsd.org (Postfix) with ESMTP id 09AAF8FC14 for ; Mon, 11 May 2009 02:35:15 +0000 (UTC) (envelope-from zec@icir.org) Received: by xaqua.tel.fer.hr (Postfix, from userid 20006) id 80A609B644; Mon, 11 May 2009 04:10:04 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on xaqua.tel.fer.hr X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from localhost (imunes.tel.fer.hr [161.53.19.8]) by xaqua.tel.fer.hr (Postfix) with ESMTP id 23D019B645; Mon, 11 May 2009 04:09:46 +0200 (CEST) From: Marko Zec To: freebsd-virtualization@freebsd.org Date: Mon, 11 May 2009 04:09:04 +0200 User-Agent: KMail/1.9.10 References: <4A06E7B0.10600@gmail.com> In-Reply-To: <4A06E7B0.10600@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200905110409.04612.zec@icir.org> Cc: Subject: Re: Kernel Compiled with options VIMAGE panics on boot X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 May 2009 02:35:16 -0000 On Sunday 10 May 2009 16:41:52 Sevan / Venture37 wrote: > Hi > I've installed a fresh copy of this months snapshot, updated src via > cvsup, made a copy of the GENERIC config file, added 'options VIMAGE' & > 'nooptions SCTP' & compiled & installed it, on boot the system panics > with the error: > panic: in /usr/src/sys/net/if.c:485 if_alloc() > vnet=0 curvnet=0 > cpuid = 0 > > photo of panic: > http://img18.imageshack.us/img18/3297/img1057e.jpg > > Any ideas?? > > /usr/src/sys/net/if.c is v1.328 if that helps. It seems that the USB code should set the curvnet context when attaching and detaching ifnets (rum0 in your case), which it currently does not. I'll look into this in the next few days - thanks for the report! Marko From owner-freebsd-virtualization@FreeBSD.ORG Tue May 12 12:17:47 2009 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BF15D106566B for ; Tue, 12 May 2009 12:17:47 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) by mx1.freebsd.org (Postfix) with ESMTP id 7FC2D8FC1A for ; Tue, 12 May 2009 12:17:47 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from localhost (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 459C519E044 for ; Tue, 12 May 2009 14:01:32 +0200 (CEST) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 1FEC019E043 for ; Tue, 12 May 2009 14:01:27 +0200 (CEST) Message-ID: <4A096517.7020104@quip.cz> Date: Tue, 12 May 2009 14:01:27 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: cz, cs, en, en-us MIME-Version: 1.0 To: freebsd-virtualization@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: problem with time and cronjobs in Qemu guest X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 May 2009 12:17:48 -0000 Hi, I have Qemu 0.10.1 installed on my old Windows 2000 PC and I am running FreeBSD 7.2-RC1 i386 in it for some testing purposes. Today I realized that some cron task was not run at specified time nor some commands in endless loop. This is simple example of strange behavior (written in tcsh shell) root@firstbsd ~/# while 1 while?date while?sleep 10 while?end Tue May 12 13:43:20 CEST 2009 Tue May 12 13:43:58 CEST 2009 Tue May 12 13:44:35 CEST 2009 Tue May 12 13:45:12 CEST 2009 Tue May 12 13:45:50 CEST 2009 Tue May 12 13:46:27 CEST 2009 Tue May 12 13:47:04 CEST 2009 Tue May 12 13:47:42 CEST 2009 Tue May 12 13:48:20 CEST 2009 Tue May 12 13:48:57 CEST 2009 Tue May 12 13:49:37 CEST 2009 Tue May 12 13:50:19 CEST 2009 Tue May 12 13:50:58 CEST 2009 Tue May 12 13:51:37 CEST 2009 As you can see - the date command in not executed every 10 seconds. Are there some settings (in FreeBSD guest or in Qemu itself) to fix this? Miroslav Lachman From owner-freebsd-virtualization@FreeBSD.ORG Tue May 12 21:50:52 2009 Return-Path: Delivered-To: virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7AC201065675 for ; Tue, 12 May 2009 21:50:52 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outQ.internet-mail-service.net (outq.internet-mail-service.net [216.240.47.240]) by mx1.freebsd.org (Postfix) with ESMTP id 603D68FC16 for ; Tue, 12 May 2009 21:50:52 +0000 (UTC) (envelope-from julian@elischer.org) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id 277BDA300F; Tue, 12 May 2009 14:50:59 -0700 (PDT) X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (home.elischer.org [216.240.48.38]) by idiom.com (Postfix) with ESMTP id 4F9952D6013; Tue, 12 May 2009 14:50:51 -0700 (PDT) Message-ID: <4A09EF38.6060407@elischer.org> Date: Tue, 12 May 2009 14:50:48 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.21 (Macintosh/20090302) MIME-Version: 1.0 To: Marko Zec References: <200905121848.n4CImKQt036691@repoman.freebsd.org> In-Reply-To: <200905121848.n4CImKQt036691@repoman.freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: virtualization@freebsd.org, Perforce Change Reviews Subject: Re: PERFORCE change 161987 for review X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 May 2009 21:50:53 -0000 Marko Zec wrote: > http://perforce.freebsd.org/chv.cgi?CH=161987 > > Change 161987 by zec@zec_tpx32 on 2009/05/12 18:47:49 > > Back out O(n**2) ad-hoc hack for searching for available > ifunits in cloning ifnets, and restore the standard O(n) > bitmapped searching / ifunit allocation method for both > default and options VIMAGE builds. > > HOWEVER, hereby we also introduce per-vnet if_clone driver > registration and ifunit allocation. As a (necessary) example, > if_loop is modified to attach itself as an independent > cloner instance to each vnet. > > This approach has a neat byproduct: if_clone drivers that > do not explicitly declare themselves as multi-vnet, by > exporting an iattach() method and registering to the vnet > framework, continue to work with unmodified semantics in > the default vnet. However, they will NOT be available > in other vnets. Ah I didn't read this right the first time.. generally, good but... So we cannot have tun drivers in vimages? tun needs it's /dev entres, so can not be 'renumbered' (in the base sense) until we somehow add vimage support to devfs. however having tun3 in one vimage and tun4 in another would still be pretty ok I think. So I think the modes wanted would be: "Unvirtualised" appears in base vimage only "Scattered" one namespace, but in different vimages. "Virtualised" separate namespaces. p.s excuse my unamerican way of spelling 'ised' (not ized) my fingers refuse to co-operate. > > This brings us a step closer to being able to selectively > attach subsystems to particular vnets, instead of having > all subsystems unconditionally available to all vnets by > default. > From owner-freebsd-virtualization@FreeBSD.ORG Tue May 12 23:18:37 2009 Return-Path: Delivered-To: virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DB7EA106564A for ; Tue, 12 May 2009 23:18:37 +0000 (UTC) (envelope-from zec@freebsd.org) Received: from xaqua.tel.fer.hr (xaqua.tel.fer.hr [161.53.19.25]) by mx1.freebsd.org (Postfix) with ESMTP id 6DAB88FC18 for ; Tue, 12 May 2009 23:18:37 +0000 (UTC) (envelope-from zec@freebsd.org) Received: by xaqua.tel.fer.hr (Postfix, from userid 20006) id 5ABE99B647; Wed, 13 May 2009 01:00:49 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on xaqua.tel.fer.hr X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from localhost (imunes.tel.fer.hr [161.53.19.8]) by xaqua.tel.fer.hr (Postfix) with ESMTP id 535249B645; Wed, 13 May 2009 01:00:33 +0200 (CEST) From: Marko Zec To: Julian Elischer Date: Wed, 13 May 2009 01:00:32 +0200 User-Agent: KMail/1.9.10 References: <200905121848.n4CImKQt036691@repoman.freebsd.org> <4A09EF38.6060407@elischer.org> In-Reply-To: <4A09EF38.6060407@elischer.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200905130100.32678.zec@freebsd.org> Cc: virtualization@freebsd.org, Perforce Change Reviews Subject: Re: PERFORCE change 161987 for review X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 May 2009 23:18:38 -0000 On Tuesday 12 May 2009 23:50:48 Julian Elischer wrote: > Marko Zec wrote: > > http://perforce.freebsd.org/chv.cgi?CH=161987 > > > > Change 161987 by zec@zec_tpx32 on 2009/05/12 18:47:49 > > > > Back out O(n**2) ad-hoc hack for searching for available > > ifunits in cloning ifnets, and restore the standard O(n) > > bitmapped searching / ifunit allocation method for both > > default and options VIMAGE builds. > > > > HOWEVER, hereby we also introduce per-vnet if_clone driver > > registration and ifunit allocation. As a (necessary) example, > > if_loop is modified to attach itself as an independent > > cloner instance to each vnet. > > > > This approach has a neat byproduct: if_clone drivers that > > do not explicitly declare themselves as multi-vnet, by > > exporting an iattach() method and registering to the vnet > > framework, continue to work with unmodified semantics in > > the default vnet. However, they will NOT be available > > in other vnets. > > Ah I didn't read this right the first time.. > generally, good but... > > So we cannot have tun drivers in vimages? > > tun needs it's /dev entres, so can not be 'renumbered' (in the > base sense) until we somehow add vimage support to devfs. > however having tun3 in one vimage and tun4 in another would still > be pretty ok I think. Hmm but how would such an approach help with say /dev/pf, which also has to be functional in all vnets? Wouldn't it be useful if a single /dev entry could provide access to appropriate subsystem instances in different vnets, depending in which vnet the process which opens the special file operates? I think this is how the virtualized pf did work, and there's anegdotal evidence that it did work well, at least until this got ripped off the vimage branch with the next pf import from OpenBSD :) Marko > So I think the modes wanted would be: > > "Unvirtualised" appears in base vimage only > "Scattered" one namespace, but in different vimages. > "Virtualised" separate namespaces. > > p.s excuse my unamerican way of spelling 'ised' (not ized) > my fingers refuse to co-operate. > > > This brings us a step closer to being able to selectively > > attach subsystems to particular vnets, instead of having > > all subsystems unconditionally available to all vnets by > > default. From owner-freebsd-virtualization@FreeBSD.ORG Thu May 14 06:06:25 2009 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 427CF106566C for ; Thu, 14 May 2009 06:06:25 +0000 (UTC) (envelope-from marco.borsatino@poste.it) Received: from relay-pt3.poste.it (relay-pt3.poste.it [62.241.4.129]) by mx1.freebsd.org (Postfix) with ESMTP id 0388D8FC21 for ; Thu, 14 May 2009 06:06:24 +0000 (UTC) (envelope-from marco.borsatino@poste.it) Received: from poste.it (192.168.44.18) by relay-pt3.poste.it (7.3.122) id 4A0B51720000103B for freebsd-virtualization@freebsd.org; Thu, 14 May 2009 07:45:33 +0200 Date: Thu, 14 May 2009 07:45:32 +0200 Message-Id: MIME-Version: 1.0 X-Sensitivity: 3 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: "marco\.borsatino\@poste\.it" To: freebsd-virtualization@freebsd.org X-XaM3-API-Version: 5.0(R1) X-SenderIP: 79.25.226.154 Subject: virtual network with qemu X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 May 2009 06:06:25 -0000 Hi to all. I'd like to implement a little virtual network using QEMU 0.10.2, but, un= til now, I have failed. This is the situation. Host: AMD 64 running FreeBSD 7.2 #ifconfig nfe0: flags=3D8843 metric 0 mtu 1= 500 options=3D10b ether 00:15:f2:44:2d:f9 inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255 media: Ethernet autoselect (100baseTX ) status: active plip0: flags=3D108810 metric 0 = mtu 1500 lo0: flags=3D8049 metric 0 mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff000000 I've create an image using the FreeBSD 7.2 DVD: #qemu-img create -f qcow2 hda fbsd72.img 10G The image has been created. #qemu -L /usr/local/share/qemu/ -cdrom /dev/acd0 -m 512 -boot d fbsd72.im= g Alfter a long time, the installation of the guest system has been complet= ed. When the installation program asked for information about network configu= ration, as a first step, I chose DHCP configuration and, as usualy, the network has be= en set like this: IP 10.0.2.15/255.255.255.0 gateway 10.0.2.2 nameserver 10.0.2.3 When the installation of the guest PC was finished, I've copied the image to pc01.img, to keep the original untouched. After that I've starte= d qemu like this: #qemu -L /usr/local/share/qemu -localtime -net nic,macaddr=3D00:15:f2:44:= 2d:01 -net socket,mcast=3D230.0.0.1:1234 -hda pc01.img -cdrom /dev/acd0 &= but the network in the guest system does not work. ifconfig in the guest system tells: #ifconfig -a ed0: flags=3D8843 metric 0 mtu 15= 00 ether 00:15:f2:44:2d:01 media: Ethernet 10baseT/UTP plip0: ... lo0: ... If I try: #ping 10.0.2.2 (the gateway) all packets are lost. For this reason, I've tryed a static IP configurati= on like this: IP 10.0.2.4/255.255.255.0 gateway 10.0.2.2 nameserver 10.0.2.3 but the gateway does not respond. So it is useless to try with a second g= uest system. Please help. Sorry for my bad english. Marco From owner-freebsd-virtualization@FreeBSD.ORG Thu May 14 17:12:57 2009 Return-Path: Delivered-To: virtualization@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7012B106567F; Thu, 14 May 2009 17:12:57 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from gritton.org (gritton.org [161.58.222.4]) by mx1.freebsd.org (Postfix) with ESMTP id 1BA158FC29; Thu, 14 May 2009 17:12:56 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from guppy.corp.verio.net (fw.oremut02.us.wh.verio.net [198.65.168.24]) (authenticated bits=0) by gritton.org (8.13.6.20060614/8.13.6) with ESMTP id n4EHCtVb038375; Thu, 14 May 2009 11:12:55 -0600 (MDT) Message-ID: <4A0C5112.9010103@FreeBSD.org> Date: Thu, 14 May 2009 11:12:50 -0600 From: Jamie Gritton User-Agent: Thunderbird 2.0.0.19 (X11/20090109) MIME-Version: 1.0 To: jail@FreeBSD.org, virtualization@FreeBSD.org References: <4A051DE3.30705@FreeBSD.org> In-Reply-To: <4A051DE3.30705@FreeBSD.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.94.2/9358/Thu May 14 08:48:24 2009 on gritton.org X-Virus-Status: Clean Cc: FreeBSD Current Subject: Re: Hierarchical jails X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 May 2009 17:12:58 -0000 There's still a change to offer your input on the new jails before they go in! OK, given the lack of response so far, it's less "still a chance" than "please?". Current plans are to have this in place for 8.0, with connections to the ongoing Vimage work. Hopefully the silence is approval, and commits will likely be appearing soon. I wrote: > Here's the first round of hierarchical jails under the new framework. > > Instead of creds having either a prison or a NULL pointer, they all have > a prison pointer with the default being the global "prison0" that > contains information about the real environment. Jailed root may (if > granted permission) create prisons that would be under its place in the > hierarchy, but may not alter (or even see) prisons at its level or > above. > > The JID space is flat, i.e. every prison in the system has a unique ID. > The prison name space is hierarchical, with jails having dot-separated > component names. > > prison0 contains three fields that were system globals: pr_root, > pr_host, and pr_securelevel. I've kept the globals rootvnode and > hostname, and take care that when one is changed the other changes too > (not yet true for hostname - read on). But I've actually removed the > global securelevel, instead forcing people to use securelevel_gt() and > securelevel_ge() (or in very rare cases to check prison0.pr_securelevel > directly). I chose to do that because while using the global rootvnode > and hostname may be incorrect, using the wrong securelevel is, well, > insecure. Actually it would be insecure to use the wrong rootvnode too, > but I'm not convinced removing that global is worth the headache. > > Other globals are subsumed into prison0, but they were only ever part of > the jail system anyway: the various jail-related permission bits and > such administrative things as prisoncount. > > The prison hierarchy keeps track of restrictions placed on prisons, and > will reflect them downward so a child jail is always at least as > restricted as its ancestors. It doesn't go the other way though: if a > prison's restrictions are loosened, the children stay as they are. > > This patch doesn't have anything for userland, and hierarchical jails > won't work without that patch (because jails don't have permission to > create sub-jails by default, and jail(2) can't grant that permission). > A userland patch will follow soon, very similar to the version I posted > here recently. > > - Jamie From owner-freebsd-virtualization@FreeBSD.ORG Thu May 14 17:33:04 2009 Return-Path: Delivered-To: virtualization@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 587301065674 for ; Thu, 14 May 2009 17:33:04 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outG.internet-mail-service.net (outg.internet-mail-service.net [216.240.47.230]) by mx1.freebsd.org (Postfix) with ESMTP id 3A9358FC2E for ; Thu, 14 May 2009 17:33:04 +0000 (UTC) (envelope-from julian@elischer.org) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id 03221B9859; Thu, 14 May 2009 10:33:04 -0700 (PDT) X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (home.elischer.org [216.240.48.38]) by idiom.com (Postfix) with ESMTP id 5CC522D6018; Thu, 14 May 2009 10:33:03 -0700 (PDT) Message-ID: <4A0C55CF.70706@elischer.org> Date: Thu, 14 May 2009 10:33:03 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.21 (Macintosh/20090302) MIME-Version: 1.0 To: Jamie Gritton References: <4A051DE3.30705@FreeBSD.org> <4A0C5112.9010103@FreeBSD.org> In-Reply-To: <4A0C5112.9010103@FreeBSD.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: virtualization@FreeBSD.org, jail@FreeBSD.org, FreeBSD Current Subject: Re: Hierarchical jails X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 May 2009 17:33:05 -0000 Jamie Gritton wrote: > There's still a change to offer your input on the new jails before they > go in! OK, given the lack of response so far, it's less "still a > chance" than "please?". Current plans are to have this in place for > 8.0, with connections to the ongoing Vimage work. Hopefully the silence > is approval, and commits will likely be appearing soon. > I think I may have replied before but it all looks pretty good to me.. > > I wrote: >> Here's the first round of hierarchical jails under the new framework. >> >> Instead of creds having either a prison or a NULL pointer, they all have >> a prison pointer with the default being the global "prison0" that >> contains information about the real environment. Jailed root may (if >> granted permission) create prisons that would be under its place in the >> hierarchy, but may not alter (or even see) prisons at its level or >> above. agreed >> >> The JID space is flat, i.e. every prison in the system has a unique ID. >> The prison name space is hierarchical, with jails having dot-separated >> component names. agreed >> >> prison0 contains three fields that were system globals: pr_root, >> pr_host, and pr_securelevel. I've kept the globals rootvnode and >> hostname, and take care that when one is changed the other changes too >> (not yet true for hostname - read on). But I've actually removed the >> global securelevel, instead forcing people to use securelevel_gt() and >> securelevel_ge() (or in very rare cases to check prison0.pr_securelevel >> directly). I chose to do that because while using the global rootvnode >> and hostname may be incorrect, using the wrong securelevel is, well, >> insecure. Actually it would be insecure to use the wrong rootvnode too, >> but I'm not convinced removing that global is worth the headache. not sure why you want to keep hostname a true global It seems to me that it is an eminently virtalizable property. though possible a special hostname might exist for the base system for error messages etc. kind of like V_hostname an G_hostname :) otherwise I agree. >> >> Other globals are subsumed into prison0, but they were only ever part of >> the jail system anyway: the various jail-related permission bits and >> such administrative things as prisoncount. >> >> The prison hierarchy keeps track of restrictions placed on prisons, and >> will reflect them downward so a child jail is always at least as >> restricted as its ancestors. It doesn't go the other way though: if a >> prison's restrictions are loosened, the children stay as they are. I agree with this in principle and we'll see ow it works out in practice. >> >> This patch doesn't have anything for userland, and hierarchical jails >> won't work without that patch (because jails don't have permission to >> create sub-jails by default, and jail(2) can't grant that permission). >> A userland patch will follow soon, very similar to the version I posted >> here recently. I looked at that too. All in all, I like it. >> >> - Jamie > _______________________________________________ > freebsd-virtualization@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization > To unsubscribe, send any mail to > "freebsd-virtualization-unsubscribe@freebsd.org" From owner-freebsd-virtualization@FreeBSD.ORG Thu May 14 17:44:24 2009 Return-Path: Delivered-To: virtualization@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7A8EA106564A; Thu, 14 May 2009 17:44:24 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from gritton.org (gritton.org [161.58.222.4]) by mx1.freebsd.org (Postfix) with ESMTP id 3EB638FC19; Thu, 14 May 2009 17:44:23 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from guppy.corp.verio.net (fw.oremut02.us.wh.verio.net [198.65.168.24]) (authenticated bits=0) by gritton.org (8.13.6.20060614/8.13.6) with ESMTP id n4EHiMBb042281; Thu, 14 May 2009 11:44:22 -0600 (MDT) Message-ID: <4A0C5871.1080407@FreeBSD.org> Date: Thu, 14 May 2009 11:44:17 -0600 From: Jamie Gritton User-Agent: Thunderbird 2.0.0.19 (X11/20090109) MIME-Version: 1.0 To: Julian Elischer References: <4A051DE3.30705@FreeBSD.org> <4A0C5112.9010103@FreeBSD.org> <4A0C55CF.70706@elischer.org> In-Reply-To: <4A0C55CF.70706@elischer.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.94.2/9358/Thu May 14 08:48:24 2009 on gritton.org X-Virus-Status: Clean Cc: virtualization@FreeBSD.org, jail@FreeBSD.org, FreeBSD Current Subject: Re: Hierarchical jails X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 May 2009 17:44:25 -0000 Julian Elischer wrote: > Jamie Gritton wrote: >>> prison0 contains three fields that were system globals: pr_root, >>> pr_host, and pr_securelevel. I've kept the globals rootvnode and >>> hostname, and take care that when one is changed the other changes too >>> (not yet true for hostname - read on). But I've actually removed the >>> global securelevel, instead forcing people to use securelevel_gt() and >>> securelevel_ge() (or in very rare cases to check prison0.pr_securelevel >>> directly). I chose to do that because while using the global rootvnode >>> and hostname may be incorrect, using the wrong securelevel is, well, >>> insecure. Actually it would be insecure to use the wrong rootvnode too, >>> but I'm not convinced removing that global is worth the headache. > > not sure why you want to keep hostname a true global > It seems to me that it is an eminently virtalizable property. > though possible a special hostname might exist for the base system > for error messages etc. > kind of like V_hostname an G_hostname :) It was mostly for the number of times I saw that global being used - didn't want to upset the order of things too much. I didn't see nearly as much use of securelevel with the advent of securelevel_ge() and securelevel_gt(). But I suppose the G/V_hostname thing has already gotten that ball rolling. There is at least one place that uses the global securelevel directly (i.e. prison0.securelevel). The same could be done for hostnames, which does a pretty good job of pointing out that this is the global hostname being used. Because you're right - the hostname is at the center of of what it means to have a jail identity. Then there's rootvnode, the third global that's superseded by hierarchical jails. I could also remove that, allowing the use of prison0.pr_root for those who need the real root. From owner-freebsd-virtualization@FreeBSD.ORG Thu May 14 19:12:48 2009 Return-Path: Delivered-To: virtualization@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5FFCE1065672; Thu, 14 May 2009 19:12:48 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from gritton.org (gritton.org [161.58.222.4]) by mx1.freebsd.org (Postfix) with ESMTP id 26E178FC0A; Thu, 14 May 2009 19:12:47 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from guppy.corp.verio.net (fw.oremut02.us.wh.verio.net [198.65.168.24]) (authenticated bits=0) by gritton.org (8.13.6.20060614/8.13.6) with ESMTP id n4EJCk60054688; Thu, 14 May 2009 13:12:46 -0600 (MDT) Message-ID: <4A0C6D29.7020606@FreeBSD.org> Date: Thu, 14 May 2009 13:12:41 -0600 From: Jamie Gritton User-Agent: Thunderbird 2.0.0.19 (X11/20090109) MIME-Version: 1.0 To: Jilles Tjoelker References: <4A051DE3.30705@FreeBSD.org> <4A0C5112.9010103@FreeBSD.org> <20090514181446.GA42264@stack.nl> In-Reply-To: <20090514181446.GA42264@stack.nl> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.94.2/9358/Thu May 14 08:48:24 2009 on gritton.org X-Virus-Status: Clean Cc: virtualization@FreeBSD.org, jail@FreeBSD.org, FreeBSD Current Subject: Re: Hierarchical jails X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 May 2009 19:12:48 -0000 Jilles Tjoelker wrote: > On Thu, May 14, 2009 at 11:12:50AM -0600, Jamie Gritton wrote: >> There's still a change to offer your input on the new jails before they >> go in! OK, given the lack of response so far, it's less "still a >> chance" than "please?". Current plans are to have this in place for >> 8.0, with connections to the ongoing Vimage work. Hopefully the silence >> is approval, and commits will likely be appearing soon. > > I have not tried this, but I think this patch may allow jailed roots to > escape. The problem is that there is only one fd_jdir. The escape would > go like: jailed root creates a new jail in a subdirectory, opens its / > and sends the fd to a process in the new jail via a unix domain socket. > When the process calls fchdir on the fd, it will be able to access .. > normally. > > With nested chroot, or chroot in jail, this is not possible, because > fd_jdir always contains the first jail or chroot done and will not allow > escaping from it; however, root in a level 2 chroot can escape back to > level 1 using chroot. Indeed - considering how that was a major design point of jails, I'm not sure how I missed it. ".." processing will need to run up the jail tree. No big deal on performance and easily done, but embarrassing not have had that in place already. From owner-freebsd-virtualization@FreeBSD.ORG Tue May 12 11:31:08 2009 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E73F5106566B for ; Tue, 12 May 2009 11:31:07 +0000 (UTC) (envelope-from m.borsatino@alice.it) Received: from smtp-out113.alice.it (smtp-out113.alice.it [85.37.17.113]) by mx1.freebsd.org (Postfix) with ESMTP id 734108FC0A for ; Tue, 12 May 2009 11:31:06 +0000 (UTC) (envelope-from m.borsatino@alice.it) Received: from FBCMMO03.fbc.local ([192.168.68.197]) by smtp-out113.alice.it with Microsoft SMTPSVC(6.0.3790.3959); Tue, 12 May 2009 13:18:59 +0200 Received: from FBCMST11V01.fbc.local ([192.168.171.19]) by FBCMMO03.fbc.local with Microsoft SMTPSVC(6.0.3790.1830); Tue, 12 May 2009 13:18:40 +0200 Content-class: urn:content-classes:message MIME-Version: 1.0 X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Tue, 12 May 2009 13:14:05 +0200 Message-ID: <3B419C0DD853DC47AA4FA65D0FC92B5FE5C8FF@FBCMST11V01.fbc.local> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: qemu virtual network Thread-Index: AcnS8sNgyb3JYzadTDqUWmjz19qznQ== From: To: X-OriginalArrivalTime: 12 May 2009 11:18:40.0554 (UTC) FILETIME=[671BF0A0:01C9D2F3] X-Mailman-Approved-At: Thu, 14 May 2009 22:11:58 +0000 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: qemu virtual network X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 May 2009 11:31:08 -0000 Hi to all. I'd like to implement a little virtual network using QEMU 0.10.2, but, = until now, I have failed. This is the situation. Host: AMD 64 running FreeBSD 7.2 #ifconfig nfe0: flags=3D8843 metric 0 mtu = 1500 options=3D10b ether 00:15:f2:44:2d:f9 inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255 media: Ethernet autoselect (100baseTX ) status: active plip0: flags=3D108810 metric 0 = mtu 1500 lo0: flags=3D8049 metric 0 mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3=20 inet6 ::1 prefixlen 128=20 inet 127.0.0.1 netmask 0xff000000=20 I've create an image using the FreeBSD 7.2 DVD: #qemu-img create -f qcow2 hda fbsd72.img 10G The image has been created. #qemu -L /usr/local/share/qemu/ -cdrom /dev/acd0 -m 512 -boot d = fbsd72.img Alfter a long time, the installation of the guest system has been = completed. When the installation program asked for information about network = configuration, as a first step, I chose DHCP configuration and, as = usualy, the network has been set like this: IP 10.0.2.15/255.255.255.0 gateway 10.0.2.2 nameserver 10.0.2.3 When the installation of the guest PC was finished, I've copied the = image to pc01.img, to keep the original untouched. After that I've = started qemu like this: #qemu -L /usr/local/share/qemu -localtime -net = nic,macaddr=3D00:15:f2:44:2d:01 -net socket,mcast=3D230.0.0.1:1234 -hda = pc01.img -cdrom /dev/acd0 & but the network in the guest system does not work. ifconfig in the guest system tells: #ifconfig -a ed0: flags=3D8843 metric 0 mtu = 1500 ether 00:15:f2:44:2d:01 media: Ethernet 10baseT/UTP plip0: ... lo0: ... If I try: #ping 10.0.2.2 (the gateway) all packets are lost. For this reason, I've tryed a static IP = configuration like this: IP 10.0.2.4/255.255.255.0 gateway 10.0.2.2 nameserver 10.0.2.3 but the gateway does not respond. So it is useless to try with a second = guest system. Please help. Sorry for my bad english. Marco From owner-freebsd-virtualization@FreeBSD.ORG Wed May 13 17:52:25 2009 Return-Path: Delivered-To: virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 64E321065724; Wed, 13 May 2009 17:52:25 +0000 (UTC) (envelope-from ed@hoeg.nl) Received: from palm.hoeg.nl (mx0.hoeg.nl [IPv6:2001:7b8:613:100::211]) by mx1.freebsd.org (Postfix) with ESMTP id 012D38FC08; Wed, 13 May 2009 17:52:24 +0000 (UTC) (envelope-from ed@hoeg.nl) Received: by palm.hoeg.nl (Postfix, from userid 1000) id AA0031D2B4; Wed, 13 May 2009 19:52:23 +0200 (CEST) Date: Wed, 13 May 2009 19:52:23 +0200 From: Ed Schouten To: Julian Elischer Message-ID: <20090513175223.GG58540@hoeg.nl> References: <200905121848.n4CImKQt036691@repoman.freebsd.org> <4A09EF38.6060407@elischer.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="YE/X56qLfGGj1U5i" Content-Disposition: inline In-Reply-To: <4A09EF38.6060407@elischer.org> User-Agent: Mutt/1.5.19 (2009-01-05) X-Mailman-Approved-At: Thu, 14 May 2009 22:11:58 +0000 Cc: virtualization@freebsd.org, Perforce Change Reviews , Marko Zec Subject: Re: PERFORCE change 161987 for review X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 May 2009 17:52:26 -0000 --YE/X56qLfGGj1U5i Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Julian Elischer wrote: > tun needs it's /dev entres, so can not be 'renumbered' (in the > base sense) until we somehow add vimage support to devfs. > however having tun3 in one vimage and tun4 in another would still > be pretty ok I think. So I think the modes wanted would be: It's the same with pts(4) right now. Be sure to prevent tun entries from being opened from a different jail, though. --=20 Ed Schouten WWW: http://80386.nl/ --YE/X56qLfGGj1U5i Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEARECAAYFAkoLCNcACgkQ52SDGA2eCwU/OACePSwrSYZ7isUVfuzOvGrtk1pa XSYAn2btSbkb5+y46MnZIo4yIbsbD1X6 =MLiI -----END PGP SIGNATURE----- --YE/X56qLfGGj1U5i-- From owner-freebsd-virtualization@FreeBSD.ORG Thu May 14 18:15:03 2009 Return-Path: Delivered-To: virtualization@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1402C106566C; Thu, 14 May 2009 18:15:03 +0000 (UTC) (envelope-from jilles@stack.nl) Received: from mx1.stack.nl (relay02.stack.nl [IPv6:2001:610:1108:5010::104]) by mx1.freebsd.org (Postfix) with ESMTP id C39F78FC23; Thu, 14 May 2009 18:15:02 +0000 (UTC) (envelope-from jilles@stack.nl) Received: by mx1.stack.nl (Postfix, from userid 65534) id 81A7D359966; Thu, 14 May 2009 20:15:01 +0200 (CEST) X-Spam-DCC: wuwien: scanner01.stack.nl 1290; Body=1 Fuz1=1 Fuz2=1 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on scanner01.stack.nl X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=AWL,BAYES_00,NO_RELAYS autolearn=ham version=3.2.5 X-Spam-Relay-Country: _RELAYCOUNTRY_ Received: from snail.stack.nl (snail.stack.nl [IPv6:2001:610:1108:5010::131]) by mx1.stack.nl (Postfix) with ESMTP id 7287C359957; Thu, 14 May 2009 20:14:59 +0200 (CEST) Received: by snail.stack.nl (Postfix, from userid 1677) id BCD41228A9; Thu, 14 May 2009 20:14:46 +0200 (CEST) Date: Thu, 14 May 2009 20:14:46 +0200 From: Jilles Tjoelker To: Jamie Gritton Message-ID: <20090514181446.GA42264@stack.nl> References: <4A051DE3.30705@FreeBSD.org> <4A0C5112.9010103@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4A0C5112.9010103@FreeBSD.org> User-Agent: Mutt/1.5.18 (2008-05-17) X-Mailman-Approved-At: Thu, 14 May 2009 22:11:58 +0000 Cc: virtualization@FreeBSD.org, jail@FreeBSD.org, FreeBSD Current Subject: Re: Hierarchical jails X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 May 2009 18:15:04 -0000 On Thu, May 14, 2009 at 11:12:50AM -0600, Jamie Gritton wrote: > There's still a change to offer your input on the new jails before they > go in! OK, given the lack of response so far, it's less "still a > chance" than "please?". Current plans are to have this in place for > 8.0, with connections to the ongoing Vimage work. Hopefully the silence > is approval, and commits will likely be appearing soon. I have not tried this, but I think this patch may allow jailed roots to escape. The problem is that there is only one fd_jdir. The escape would go like: jailed root creates a new jail in a subdirectory, opens its / and sends the fd to a process in the new jail via a unix domain socket. When the process calls fchdir on the fd, it will be able to access .. normally. With nested chroot, or chroot in jail, this is not possible, because fd_jdir always contains the first jail or chroot done and will not allow escaping from it; however, root in a level 2 chroot can escape back to level 1 using chroot. -- Jilles Tjoelker From owner-freebsd-virtualization@FreeBSD.ORG Fri May 15 07:26:33 2009 Return-Path: Delivered-To: virtualization@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 29623106567D for ; Fri, 15 May 2009 07:26:33 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outA.internet-mail-service.net (outa.internet-mail-service.net [216.240.47.224]) by mx1.freebsd.org (Postfix) with ESMTP id E968D8FC1C for ; Fri, 15 May 2009 07:26:32 +0000 (UTC) (envelope-from julian@elischer.org) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id 82B79ACB80; Fri, 15 May 2009 00:26:32 -0700 (PDT) X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (home.elischer.org [216.240.48.38]) by idiom.com (Postfix) with ESMTP id CC44A2D600D; Fri, 15 May 2009 00:26:31 -0700 (PDT) Message-ID: <4A0D1927.8090303@elischer.org> Date: Fri, 15 May 2009 00:26:31 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.21 (Macintosh/20090302) MIME-Version: 1.0 To: Jilles Tjoelker References: <4A051DE3.30705@FreeBSD.org> <4A0C5112.9010103@FreeBSD.org> <20090514181446.GA42264@stack.nl> In-Reply-To: <20090514181446.GA42264@stack.nl> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: virtualization@FreeBSD.org, jail@FreeBSD.org, FreeBSD Current , Jamie Gritton Subject: Re: Hierarchical jails X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 May 2009 07:26:33 -0000 Jilles Tjoelker wrote: > On Thu, May 14, 2009 at 11:12:50AM -0600, Jamie Gritton wrote: >> There's still a change to offer your input on the new jails before they >> go in! OK, given the lack of response so far, it's less "still a >> chance" than "please?". Current plans are to have this in place for >> 8.0, with connections to the ongoing Vimage work. Hopefully the silence >> is approval, and commits will likely be appearing soon. > > I have not tried this, but I think this patch may allow jailed roots to > escape. The problem is that there is only one fd_jdir. The escape would > go like: jailed root creates a new jail in a subdirectory, opens its / > and sends the fd to a process in the new jail via a unix domain socket. > When the process calls fchdir on the fd, it will be able to access .. > normally. > > With nested chroot, or chroot in jail, this is not possible, because > fd_jdir always contains the first jail or chroot done and will not allow > escaping from it; however, root in a level 2 chroot can escape back to > level 1 using chroot. > this is the old chroot escape. it is well known and methods exist to stop it. I can not say what is done here, but your post does remind me to add this to the list of things we need to keep in mind.