limitations on jail style virtualization
Brandon Gooch
jamesbrandongooch at gmail.com
Sat Nov 13 22:20:56 UTC 2010
On Sat, Nov 13, 2010 at 2:59 PM, Julian Elischer <julian at freebsd.org> wrote:
> We discussed this at MeetBSD last week and it woudl seem that the next
> big hurdle for virtualization would seem to be a good concept to allow
> jails to have virtual versions of various virtual devices..
>
> for example
>
> pf has been virtualized (when IS that patch going to get committed?) but
> pfsync
> and pflog use special devices in /dev.
>
> similarly bpf uses /dev entries but the way they are used means they are
> still useful.
>
> so what happend when a device that is accessed from within a jail creates a
> cloning device?
> should it just turn up in the devfs for that jail?
> and should it be visible in other jails that happen to be sharing the same
> /dev?
>
>
> I have no preconceived ideas abot this. Just possibilities.
>
> should the cloning code work alongside a new devfs feature that would make
> 'per jail' entries? i.e. tun0 would be a different device depending on what
> jail
> you were in looking at the /dev?
>
Was this brought up in any of the discussions?
http://www.7he.at/freebsd/vps/
I'm not sure if the VPS project pertains directly to what you're
talking about, but perhaps some of the code or ideas from the project
might?
Even if it doesn't, it's still an exciting project that adds a ton of
value to FreeBSD's light-weight virtualization strategy. What do think
about the VPS concept in relation to the current virtualization effort
being put in to jails? It seems to me that recent efforts at
virtualizing kernel-level objects makes VPS the future of FreeBSD's
virtualization, leaving jails as a great way to isolate
applications...
-Brandon
More information about the freebsd-virtualization
mailing list