Re: [fbsd] Re: jail extensions

Brooks Davis wrote:

On Fri, Jul 14, 2006 at 12:03:33PM +0200, Jeremie Le Hen wrote:


Hi,

On Thu, Jun 08, 2006 at 12:32:42PM +0100, Robert Watson wrote:


On Wed, 7 Jun 2006, Brooks Davis wrote:



It's not clear to me that we want to use the same containers to control all resouces since you might want a set of jails sharing IPC resources or being allocated a slice of processor time to divide amongst them selves if we had a hierarchical scheduler. That said, using a single prison structure could do this if we allowed the administrator to specifiy a hierarchy of prisons and not necessicairly enclose all resources in all prisons.


When looking at improved virtualization support for things like System V IPC, my opinion has generally been that we introduce virtualization as a primitive, and then have jail use the primitive much in the same way it does chroot. This leaves flexibility to use it without jail, etc, but means we have a well-understood and well-defined interaction with jail.


IMHO, it is worth having virtualization primitives wherever it is
required and make jails use them. This can be the case for the
System V IPC as well as for the network stack (think of Marko's work).

My point is that the usability of virtual network stacks remains
interesting outside the jail framework and should be able to be managed
from its own userland tool (though the latter should probably not be
able to destroy a virtual network stack associated with a jail).
However I don't think that IPC are worth virtualizing outside a
jail framework.



I could definitly use the ability to virtualize IPC inside a lighter
container then a jail. I'd like to be able to tie them to jobs in a
batch system managed by Sun Grid Engine so I can constrain resources on
a per-job basis and insure the no IPC objects outlive the job.

-- Brooks


I think that the term "jail" needs to be replaced by something else in this context..
maybe a "virtual context".. virtual contexts would have the option of virtualising
different parts of the system.
for example they would have the option of whether or not to have a chroot, or their own
networking stack, or their own process space..
_______________________________________________
freebsd-arch@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-arch
To unsubscribe, send any mail to "freebsd-arch-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: new feature: private IPC for every jail
    ... What happens now, if I load ipc, start up postgresql and then try to unload ipc? ... There are two general ways to approach adding virtualization to the System V IPC name spaces: ... Key virtualization to the identity of the jail. ... This is a nice piece of behavior, as it means file system subsetting is a facility available to be used regardless of the use of jail, and avoids hard-coding jail instrumentation throughout the file system code. ...
    (freebsd-current)
  • Re: new feature: private IPC for every jail
    ... What happens now, if I load ipc, start up postgresql and then try to unload ipc? ... There are two general ways to approach adding virtualization to the System V IPC name spaces: ... Key virtualization to the identity of the jail. ... This is a nice piece of behavior, as it means file system subsetting is a facility available to be used regardless of the use of jail, and avoids hard-coding jail instrumentation throughout the file system code. ...
    (freebsd-stable)
  • Re: Multiple IP Jails patch for FreeBSD 6.2
    ... high-end stuff where you offer jail based virtual machines ... It has a complete virtualized stack for each jail. ... virtualization prototype for -CURRENT is still far from being ready ... machine running a virtualized -CURRENT kernel under different kinds ...
    (freebsd-hackers)
  • Re: [fbsd] Re: jail extensions
    ... hierarchy of prisons and not necessicairly enclose all resources in all ... When looking at improved virtualization support for things like System V ... IPC, my opinion has generally been that we introduce virtualization as a ... This leaves flexibility to use it without jail, etc, but means ...
    (freebsd-arch)
  • Re: Multiple IP Jails patch for FreeBSD 6.2
    ... create an entirely new network instance per jail and probably ... It has a complete virtualized stack for each jail. ... Knowing that I had a machine running a virtualized -CURRENT kernel ... various kernel structures needed to support stack virtualization. ...
    (freebsd-hackers)