vimage-assigning interface to jail

remodeler remodeler at alentogroup.org
Thu Oct 1 17:44:32 UTC 2009


I am experimenting with a vimage-enabled 8.0 kernel with multiple jails. I use
the rc.d method to start jails, because of the warning in /etc/rc.d/jails
about security. I would like to associate a vnet stack with each jail, and use
netgraph to bridge the service jails to the physical interface. The ifconfig
vnet additions allow an interface to be assigned to a particular jail;
however, I do not know how to create a vimage separate from a jail as they are
now unified (vimage -c creates both vnet and jail). I have also not had
success passing the vnet parameter in rc.conf, which Julian mentioned might be
as simple as "jail_xxx_extra_params". 

Is there a way to create a vimage w/o a jail and assign it to a jail w/
ifconfig vnet, or to pass the vnet parameter in rc.conf to the jails?

I sincerely appreciate the work that's been done on vimage. I'm looking
forward to netstat being updated to work with vimage. Thanks in advance.


More information about the freebsd-net mailing list