routing in VIMAGE jails with different versions

Teske, Devin Devin.Teske at fisglobal.com
Tue Apr 16 22:33:56 UTC 2013 

On Apr 16, 2013, at 2:01 PM, J David wrote:



On Tue, Apr 16, 2013 at 4:39 PM, Teske, Devin <Devin.Teske at fisglobal.com<mailto:Devin.Teske at fisglobal.com>> wrote:
I've been running with that patch for years now. I asked the author of the patch if he had plans to merge it in, he said he wasn't happy with one edge-case.

Did he happen to mention what the edge case was?

Just a kernel panic -- of which we have never hit personally (so can't verify the edge-case he was mentioning). It's pretty darned stable over here. We've been applying it to every release since 8.1 and it's been a huge help.


 If there really is no other way to set the default route in an i386 VIMAGE jail, maybe it's something that could be revisited.


There really is no way _other-way_ to set the route in a jail, safe for one edge-case (edge-case: I found that if you're running a legacy jail that is based on the old /usr/libexec/ld-elf* interpreter -- read: FreeBSD-4.11 -- on a modern host that is based on the new /libexec/ld-elf* interpreter -- read: FreeBSD 7? or higher -- then there is a work-around in which case you just copy the hosts' route(8) into the jail; this works only for split-release where jailing a legacy OS because the interpreters don't quash one another).



(Or I can try to track him down directly, but I don't want to annoy him with a bunch of questions he may already have answered. :) )


I think if you contacted him, it would resound that there's demand for this type of topology made possible by the fix.


I don't know where this stands, but just wanted to chime-in that the patch works well for us in the situation you describe.

Thanks for the feedback!

The 2011 patch was for 8.x and doesn't apply cleanly to the rtsock.c in 9-STABLE, which makes me nervous since this code is quite over my head.

I have to admit, I haven't tried applying it to RELENG_9 yet.


 But I've eyeballed the rejects anyway and they seem minor, so I may have something to test soon.


Excellent.

Do share if you get something stable.
--
Devin

_____________
The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.

More information about the freebsd-jail mailing list