Re: jail/vimage level virtualisation requirements.

Julian Elischer wrote:
I don't want to discuss virtualisation that duplicates the entire kernel,
other than the single question "Should we drop support for jails and vimage
style virtualisation in favour of "Userland linux/dragonfly/freeBSD"
or Xen or {your favourite virtualmachine}.

That's an easy one - a big "no". Broader virtualization technologies are fine,
but they serve a different need and shouldn't take over what jails (especially
with certain extensions) offer. Namely: ...

IF we decide to keep teh jail/super-chroot/vimage support, then
what do we want to see out of it?

Light weight. The main thing I want to see is being able to partition the jail
into a separate virtual environment without bloating the kernel, or adding new
kernels. To be able to offer a complete FreeBSD userspace environment largely
indistinguishable from the unjailed, with the benefit of keeping different
jails from interfering with other as much as possible. I'm not interested
(for the purposes of this topic) in acting like another OS, or acting like
you're on some kind of different hardware.

Basically, I'm looking for everything Matt Dillon said we shouldn't bother
to do at this level.

- Jamie
_______________________________________________
freebsd-arch@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-arch
To unsubscribe, send any mail to "freebsd-arch-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: kernel level virtualisation requirements.
    ... It's the one that requires us to make architectural changes to our kernel the most, ... However, this is not necessarily an ideal solution, since there is the fairly major unknown of differences between a "true" RELENG_5 system, and one that is RELENG_5 userland + RELENG_7 kernel. ... jails absolutely serve a purpose, something which I also make extensive use of, albeit in testbed environments, for solid segregation of application-level services whilst running on the same hardware, but it does really require that both the master and all jails are synced up as far as kernel + userland goes, for each jail. ...
    (freebsd-arch)
  • Re: [fw-wiz] VM system for firewall use
    ... > RSBAC, SE Linux, or TrustedBSD if it's far enough along. ... > are really nice for things like this, but jails aren't all that bad, the ... UML has to be run on a kernel with SKAS enabled to ...
    (Firewall-Wizards)
  • Re: Socket leak (Was: Re: What triggers "No Buffer Space) ?Available"?
    ... in use with 90 jails. ... That's about 120 sockets per jail, ... USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND ... this really looks like a leak in the kernel. ...
    (freebsd-stable)
  • Re: started playing with jails
    ... manually update these jails when i buildworld and kernel for other systems as ... that updating the host would not also update the jails)? ... try to meet in order to have my jails run the best the can (or a ratio of memory ...
    (freebsd-questions)
  • Re: No updates needed to update system to 6.2-RELEASE-p7?
    ... involved changes to BIND and the symlink attack starting up jails, ... Didn't realize that only when the kernel gets updated does ... I was under the impression that all updates ... kernel even if thats the only part thats updated. ...
    (freebsd-questions)