Date: Mon, 11 Mar 2002 13:29:58 -0500 From: Jon Ringuette <wintermute@imeme.net> To: "Oliver, Michael W." <oliver.michael@gargantuan.com>, questions@freebsd.org Subject: Re: Jail, jail, and more jail Message-ID: <3C8CF7A6.9020504@imeme.net> References: <1DA741CA6767A144BAA4F10012536C27AA02@LKLDDC01.GARGANTUAN.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
Oliver, Michael W. wrote: >Folks, > >I have been tinkering around with jail for the past couple of days, and I >have to commend the FreeBSD folks... it is pretty cool. I have a few >questions that were exactly answered by the man page, and was hoping that >some of you smarties out there could straighten me out. Here we go... > I can try :) > > >1. I can start the /stand/sysinstall in the jail, but I always install >everything via FTP, and I have discovered that I cannot do this in a jail. >To wit, I get an answer along the lines of: > >No network devices available! > >Which leaves me in the position of downloading all of the packages manually >and installing them via pkg_add. Not that big of a problem, but sysinstall >is nice for automatically fetching all dependencies. I can live with it >like this, but if there is a fix for my problem, I would sure like to know >about it. > sysinstall trys to make low level calls it seems directly on the ethernet device even if only doing ftp (it trys to ensure the address are properly bound etc..) and jail does not allow low level tcp calls or low level hardware calls. > >2. I want to know if a freshly created jail directory structure is portable. >Meaning, after I create one jail, and I simply (recursively) copy that jail >into another directory and have a second, working jail? > Yes very much so. I run a company where we sell jail environments to developers and we started with a single 'template' jail that we copied several hundred times along all of our servers. (just make sure to edit the /etc/hosts file in each on to reflect its interal and external ip) > >3. I run Apache (w/IPv6) right now on the host system, and I have some >virtual hosts that are IPv6-only. How can I assign a specific IPv6 address >for a particular jail? Is it even possible? This answer to this question >will make or break my decision to move Apache to a jail. > Currently this is not possable though you may use nat or your firewall to maybe redirect IPv6 packets to an internal IPv4 network in which the jails live. > >4. Can I run xntpd inside a jail? I haven't tried this yet, but it seems to >me that allowing an application to change the system time wouldn't be >allowed in a jail... > Jails can change their own time zope but their clock will be the same as the main systems. > >Thanks in advance to all who respond, I really appreciate your guidance. >Also, once I have compiled all of this information, I will be posting a FYI >email to the list for archival purposes with a link to my site where this >will be documented. > Hope this helped. -jon iMeme http://imeme.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C8CF7A6.9020504>