svn commit: r191673 - in head: lib/libc/sys
sys/cddl/compat/opensolaris/kern
sys/compat/freebsd32 sys/kern sys/sys
Jamie Gritton
jamie at FreeBSD.org
Thu Apr 30 13:47:38 UTC 2009
Alexander Leidinger wrote:
> Quoting Jamie Gritton <jamie at FreeBSD.org> (from Wed, 29 Apr 2009
> 21:14:16 +0000 (UTC)):
>
>> Author: jamie
>> Date: Wed Apr 29 21:14:15 2009
>> New Revision: 191673
>> URL: http://svn.freebsd.org/changeset/base/191673
>>
>> Log:
>> Introduce the extensible jail framework, using the same "name=value"
>> interface as nmount(2). Three new system calls are added:
>> * jail_set, to create jails and change the parameters of existing
>> jails.
>> This replaces jail(2).
>> * jail_get, to read the parameters of existing jails. This replaces
>> the
>> security.jail.list sysctl.
>> * jail_remove to kill off a jail's processes and remove the jail.
>> Most jail parameters may now be changed after creation, and jails
>> may be
>> set to exist without any attached processes. The current jail(2)
>> system
>> call still exists, though it is now a stub to jail_set(2).
>
> Does this mean it is theoretically possible now to add/remove IP
> addresses to/from a running jail? If yes, are you going to implement the
> corresponding ifconfig feature? I would expect this in ifconfig, as on
> Solaris ifconfig is able to do this with zones, I haven't looked if the
> jail utility is able to do it.
Yes and maybe. Jails can get IP addresses added and removed midstream.
But the userland interface remains to be done. I had no plans to
specify a jail in ifconfig but I could do that at some point. There's
no specific tie between interfaces and jails like there appears to be
for zones, so it would be something different than Solaris has. For now
I'll just be modifying jail(8) to assign existing addresses to jails,
the way they're done now upon creation.
- Jamie
More information about the svn-src-head
mailing list