Date: Thu, 17 Jan 2008 14:06:20 +0100 From: Alexander Leidinger <Alexander@Leidinger.net> To: =?utf-8?b?QW5kcsOp?= Olsson <Andre.olsson@c2solutions.se> Cc: freebsd-jail@freebsd.org Subject: Re: Citrix client within jail Message-ID: <20080117140620.d8rgqla11cocswow@webmail.leidinger.net> In-Reply-To: <560C0DF65A89F34DB1782E1B8890DDA656F5@ssp> References: <560C0DF65A89F34DB1782E1B8890DDA656F5@ssp>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Andr=C3=A9 Olsson <Andre.olsson@c2solutions.se> (from Thu, 17 Jan = =20 2008 11:30:00 +0100): > Hi > > we are trying to set up a client with FreeBSD 6.2-RELEASE as the =20 > host OS and with two jails configured on it. > Each jail is going to run a Citrix-client against two different =20 > separated Citrix-systems. > > Since the user is going to work locally on the client we need it to =20 > be possible to run both the X-server and the > X-application (citrix client) from within the same jail. You need kernel patches to be able to run an X-server in a jail. The =20 trick is to allow access to /dev/mem (or some similar sensible device, =20 can't remember from the top of my head) even from a jail. Then you =20 need to add /dev/mem and some other devices to the jail (I use a =20 custom ruleset for devfs). I only have patches for 7.x or -current =20 (not online). > Our goal is to connect one jail1 to one Display and the jail2 to =20 > another Display and for the User to > to jump inbetween the citrix-sessions ( Ctrl-Alt- F3...Ctrl-Alt-F4). Because of the access to the /dev/mem, root of one jail can take over =20 the entire machine. Below I will propose something different. I don't know if it is possible to switch via Fx to different servers =20 (I never tried this). You can have two graphic cards (or one with two =20 outputs) in the machine and connect two screens (and optionally two =20 keyboards/mice) to it, and have them displayed at the same time. > * syntax to start xterm within jail > > ssh -f -X -T 192.168.0.155 xterm & > > " output from above syntax > xterm Xt error: Cant open display: %s > xterm: DISPLAY is not set If you want to have the xterm displayed on the system where you ssh =20 from, you need to check some things. Maybe the path to xauth is not =20 set correctly in sshd (the path changed with a recent ports tree). > We've never runned any X-applications within a jail before, only =20 > bind,apache,mysql and such, but I hope > I've made my question understandable anyway:) > Maybe we are barkin up the wrong tree and there is an easier way to =20 > connect 2 jails to 2 different > local displays? There are several. The following ones don't open up a side-channel =20 between jails which have /dev/mem accessible. You start the X-server(s) on the host (not in a jail), and in the =20 startup you connect to the jails via a passwordless ssh-key and let =20 the applications from the two jails display their stuff on the =20 X-server of the host. You start a vnc server in each jail and let the user connect to the =20 vnc server either from the host with one X server running on it =20 (alternatively you can connect to the vnc server from other machines). Bye, Alexander. --=20 The value of a program is proportional to the weight of its output. http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID =3D B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID =3D 72077137
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080117140620.d8rgqla11cocswow>