Date: Tue, 29 Jun 2010 12:12:26 +0200 From: Alexander Leidinger <Alexander@Leidinger.net> To: "James O'Gorman" <james@netinertia.co.uk> Cc: freebsd-jail@FreeBSD.org, Jamie Gritton <jamie@FreeBSD.org> Subject: Re: Thoughts on jail.config Message-ID: <20100629121226.17056remx4tvmhs0@webmail.leidinger.net> In-Reply-To: <A8FF5159-697A-4888-A986-20F15D8EB0CF@netinertia.co.uk> References: <4C22650C.40309@FreeBSD.org> <20100624144312.00003d9f@unknown> <4C238832.2050803@FreeBSD.org> <20100628162426.21226ds0q116ljks@webmail.leidinger.net> <AANLkTinHqqi0h_lHuy7K8UBAtHmXJ88vb38IC-65SvxQ@mail.gmail.com> <4C28C1DD.2020001@FreeBSD.org> <A8FF5159-697A-4888-A986-20F15D8EB0CF@netinertia.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting James O'Gorman <james@netinertia.co.uk> (from Mon, 28 Jun 2010 23:40:21 +0100): > On 28 Jun 2010, at 16:38, Jamie Gritton wrote: > >> On 06/28/10 08:41, Rodrigo Mosconi wrote: >> >>> An idea: if it works like a "jaild"? A daemon management the start-up, >>> shutdown, console redirection? All the admins task could be done by a >>> "jailctl"? >> >> I don't know what work a daemon would have to do. I only see it running >> tasks on startup, and then waiting until something tells it on shutdown >> to wake up and stop the jails. That "something" would have to be that >> jailctl you mention. If there's a jail program running anyway, might as >> well keep all functionality in that one program. > > Perhaps it's worth looking at Solaris Zones here, as that runs a > daemon in both the global zone and each container. I can't recall > exactly what it does off-hand as I don't have a Solaris box to hand > but it's probably similar to what you're talking about. I'm pretty > sure zoneadm talks to zoneadmd to start/stop/configure each zone in > the kernel. Yes, but it also takes care about the zone console device (http://docs.sun.com/app/docs/doc/817-1592/z.inst.ov-12?l=en&a=view). This (and maybe some resource control stuff) is the only thing I see which may make sense to be handled by a daemon, everything else could be handled by zoneadm directly. I also see a security benefit of the daemon if you give the right to manage zones to an user/role != root. Both is not available in FreeBSD. There is also the zsched running per zone. This process is explained at http://docs.sun.com/app/docs/doc/817-1592/z.inst.ov-13?a=view Bye, Alexander. -- Never have so many understood so little about so much. -- James Burke http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100629121226.17056remx4tvmhs0>