vimage-assigning interface to jail

From: "remodeler" <remodeler@xxxxxxxxxxxxxxx>
Date: Thu, 1 Oct 2009 13:56:43 -0400

I am experimenting with a vimage-enabled 8.0 kernel with multiple jails. I use
the rc.d method to start jails, because of the warning in /etc/rc.d/jails
about security. I would like to associate a vnet stack with each jail, and use
netgraph to bridge the service jails to the physical interface. The ifconfig
vnet additions allow an interface to be assigned to a particular jail;
however, I do not know how to create a vimage separate from a jail as they are
now unified (vimage -c creates both vnet and jail). I have also not had
success passing the vnet parameter in rc.conf, which Julian mentioned might be
as simple as "jail_xxx_extra_params".

Is there a way to create a vimage w/o a jail and assign it to a jail w/
ifconfig vnet, or to pass the vnet parameter in rc.conf to the jails?

I sincerely appreciate the work that's been done on vimage. I'm looking
forward to netstat being updated to work with vimage. Thanks in advance.
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"

Prev by Date: Re: Why not work whois -6 ?
Next by Date: Re: kern/138666: [multicast] [panic] not working multicast through igmpproxy
Previous by thread: Why not work whois -6 ?
Next by thread: Re: vimage-assigning interface to jail
Index(es):
- Date
- Thread

Relevant Pages

Re: VIMAGE
... I am a new bye on the FreeBSD and I am looking at the VIMAGE features experiencing some problems. ... ngctl mkpeer efface ether ether ... ngctl connect em0: bridge0: upper link1 ... There are 2 methods of jail setup, the rc.d method where your jail definition parameters go into the hosts rc.conf and the jailmethod where you can place each jails definition parameter in separate files. ...
(freebsd-questions)
Re: VIMAGE
... I am a new bye on the FreeBSD and I am looking at the VIMAGE features experiencing some problems. ... ngctl mkpeer efface ether ether ... For instance using DHCP, e0 on n1 sends DHCP packets but it does not receive the answers, in adding ... There are 2 methods of jail setup, the rc.d method where your jail definition parameters go into the hosts rc.conf and the jailmethod where you can place each jails definition parameter in separate files. ...
(freebsd-questions)
Was: My planned work on networking stack (vimage)
... The major problem with 'vimage' is that all statics are moved to a large ... > jail was designed to do, ... by providing a clone-able network stack within ...
(freebsd-current)
Was: My planned work on networking stack (vimage)
... The major problem with 'vimage' is that all statics are moved to a large ... > jail was designed to do, ... by providing a clone-able network stack within ...
(freebsd-net)
Re: warning of pending commit attempt.
... It includes enough of a framework to allow it to cope with loadable kernel modules and to integrate with jails. ... This means that this framework is avialable for other virtualisation work to use as well. ... I uses and expands on the jail infrastructure. ... If the objective of the exercise is to expose people to vimage, would it not be wiser to implement vimage as a fork in a more accessible repository format than Perforce? ...
(freebsd-current)