jail: external and localhost distinction
Robert Watson
rwatson at FreeBSD.org
Sat Feb 7 08:26:39 PST 2009
On Sat, 7 Feb 2009, Dmitry Morozovsky wrote:
> On Fri, 6 Feb 2009, Robert Watson wrote:
>
> RW> > Thank you for clarification, now I see this is actually expected behaviour
> RW> > :)
> RW> >
> RW> > Would then starting second jail with the same root and, say, 127.10.0.1 as
> RW> > an address be a workaround?
> RW>
> RW> There's no technical reason you can't have more than one jail using the same
> RW> file system root, and even IP -- you'll find that ps(1) in one jail can't
> RW> see processes in the other (and can't signal, etc) but otherwise works as
> RW> expected. Of course, any given process has to be a member of at most one of
> RW> the two.
>
> But, in the case of IP sharing, I suppose, the second process tries to bind
> to the same port will got "socket already in use", won't it?
In general, if two processes independently bind the same port but using two
specific IPs, then there won't be a conflict and both will be allowed to
succeed. Conflicts arise if there are two bindings of the same address and
port, so if both jails use the same IP and one binds it, then the other will
get a socket already in use error, yes.
FYI, I see that Bjoern has now committed the multi-IP patch for Jail to
7-STABLE, which should make Jails a lot more flexible.
Robert N M Watson
Computer Laboratory
University of Cambridge
More information about the freebsd-stable
mailing list