[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ezjail] Vimage Support
Yes you are right but if you destroy jail until you have jailed
interface you destroy and jailed interface too (i hope you can get my
point), this was before /etc/jail.conf
now when remove jail with jail -r jail automatically remove jailed
interface before destroy it (i mean destroy the jail itself)
This is same example if you start to run and broke a leg ...
Please check this example /etc/jail.conf:
# Default Settings
exec.start = “ifconfig lo0 127.0.0.1/8″;
exec.stop = “/bin/sh /etc/rc.shutdown”;
# Jails Settings
path = /jails/testjail;
host.hostname = testjail.jails.loacl;
jid = 1; # jail id
mount.fstab = /etc/fstab.test.jail.local;
devfs_ruleset = 5;
exec.prestart = “ifconfig epair1 create”;
exec.prestart += “ifconfig bridge0 addm epair1a up”;
exec.prestart += “ifconfig bridge0 alias 10.10.15.1/24″;
exec.prestart += “ifconfig epair1a up”;
vnet.interface = epair1b;
exec.start += “ifconfig epair1b 10.10.15.100/24″;
exec.start += “route add default 10.10.15.1″;
exec.start += “/bin/sh /etc/rc”;
exec.poststop = “ifconfig bridge0 deletem epair1a”;
exec.poststop += “ifconfig bridge0 -alias 10.10.15.1″;
exec.poststop += “ifconfig epair1a destroy”;
Also please check
sysctl -a |grep vnet
sysctl -a |grep jail.param
all values with security.jail.param can be used in /etc/jail.conf
I can give you 100% this is working example you can start it stop it
and etc without any issue.
Please check this article http://www.dachev.info/?p=85 unfortunately is
on Bulgaria but i think you will understand a lot of it.
Also if you want i can explain it in details.
for now please concentrate on first line of my example -- vnet; ---
which is key word for vnet/vimage support with native jail and
On Wed, 06 Nov 2013 21:09:35 +0100, Dirk Engling wrote:
On 06.11.13 12:54, nikolay AT dachev DOT info wrote:
I have a question, what do you mean with "OTOH I heard it still
occasionally."? for me work more than 1.5 years without any issues.
Probably someone try to
stop jail before remove jailded interface in this case is absolutely
normal to receive kernel panic for example.
So we seem to have a different understanding of what behaviour is
acceptable in a production system. I would call a kernel panic
than normal. Must not happen. Under no circumstances must interacting
with a jail cause kernel panics. This is a serious bug.
As i try to explain before at the moment after freebsd 9.x,
have native support for vimage and no additional patch are required
Maybe I misunderstand you, but currently (FreeBSD-9.2) rc.d/jail does
not understand vnet. The only support I can find is built into