Hierarchical jails
Miroslav Lachman
000.fbsd at quip.cz
Sat May 9 09:57:48 UTC 2009
Jamie Gritton wrote:
> Here's the first round of hierarchical jails under the new framework.
>
> Instead of creds having either a prison or a NULL pointer, they all have
> a prison pointer with the default being the global "prison0" that
> contains information about the real environment. Jailed root may (if
> granted permission) create prisons that would be under its place in the
> hierarchy, but may not alter (or even see) prisons at its level or
> above.
>
> The JID space is flat, i.e. every prison in the system has a unique ID.
> The prison name space is hierarchical, with jails having dot-separated
> component names.
[...]
I am glad that you are working on this feature!
I added info + links to this patches on wiki http://wiki.freebsd.org/Jails
I hope I will have some free time to test it soon.
Miroslav Lachman
More information about the freebsd-jail
mailing list