limitations on jail style virtualization

Bjoern A. Zeeb bzeeb-lists at lists.zabbadoz.net
Sat Nov 13 21:30:07 UTC 2010


On Sat, 13 Nov 2010, Julian Elischer wrote:

Hi Julian,

> We discussed this at MeetBSD last week and it woudl seem that the next
> big hurdle for virtualization would seem to be a good concept to allow
> jails to have virtual versions of various virtual devices..
>
> for example
>
> pf has been virtualized (when IS that patch going to get committed?) but 
> pfsync
> and pflog use special devices in /dev.
>
> similarly bpf uses /dev entries but the way they are used means they are 
> still useful.
>
> so what happend when a device that is accessed from within a jail creates a 
> cloning device?
> should it just turn up in the devfs for that jail?
> and should it be visible in other jails that happen to be sharing the same 
> /dev?
>
>
> I have no preconceived ideas abot this. Just possibilities.
>
> should the cloning code work alongside a new devfs feature that would make
> 'per jail' entries?  i.e. tun0 would be a different device depending on what 
> jail
> you were in looking at the /dev?


For a discussion summary that sounds sparse unless it was only a short
brainstorming;-)  Can you please elaborate on the "we" and other "use
cases" as this really sounds like a per-interface decision to me and
there might be work in progress from multiple people already.

/bz

-- 
Bjoern A. Zeeb                              Welcome a new stage of life.
         <ks> Going to jail sucks -- <bz> All my daemons like it!
   http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails.html


More information about the freebsd-virtualization mailing list