Re: [ezjail] Vimage Support


Yes you are right but if you destroy jail until you have jailed interface you destroy and jailed interface too (i hope you can get my point), this was before /etc/jail.conf now when remove jail with jail -r jail automatically remove jailed interface before destroy it (i mean destroy the jail itself)
This is same example if you start to run and broke a leg ...

Please check this example /etc/jail.conf:

# Default Settings

exec.start = “ifconfig lo0″;
exec.stop = “/bin/sh /etc/rc.shutdown”;

# Jails Settings

path = /jails/testjail;
host.hostname = testjail.jails.loacl;
jid = 1; # jail id
mount.fstab = /etc/fstab.test.jail.local;
devfs_ruleset = 5;
exec.prestart = “ifconfig epair1 create”;
exec.prestart += “ifconfig bridge0 addm epair1a up”;
exec.prestart += “ifconfig bridge0 alias″;
exec.prestart += “ifconfig epair1a up”;
vnet.interface = epair1b;
exec.start += “ifconfig epair1b″;
exec.start += “route add default″;
exec.start += “/bin/sh /etc/rc”;
exec.poststop = “ifconfig bridge0 deletem epair1a”;
exec.poststop += “ifconfig bridge0 -alias″;
exec.poststop += “ifconfig epair1a destroy”;

Also please check

sysctl -a |grep vnet
sysctl -a |grep jail.param

all values with security.jail.param can be used in  /etc/jail.conf

I can give you 100% this is working example you can start it stop it and etc without any issue. Please check this article http://www.dachev.info/?p=85 unfortunately is on Bulgaria but i think you will understand a lot of it.
Also if you want i can explain it in details.

for now please concentrate on first line of my example -- vnet; --- which is key word for vnet/vimage support with native jail and /etc/jail.conf

On Wed, 06 Nov 2013 21:09:35 +0100, Dirk Engling wrote:
On 06.11.13 12:54, nikolay AT dachev DOT info wrote:

I have a question, what do you mean with "OTOH I heard it still crashes
the system
occasionally."? for me work more than 1.5 years without any issues.
Probably someone try to
stop jail before remove jailded interface in this case is absolutely
normal to receive kernel panic for example.

So we seem to have a different understanding of what behaviour is
acceptable in a production system. I would call a kernel panic anything
than normal. Must not happen. Under no circumstances must interacting
with a jail cause kernel panics. This is a serious bug.

As i try to explain before at the moment after freebsd 9.x, rc.d/jail
have native support for vimage and no additional patch are required

Maybe I misunderstand you, but currently (FreeBSD-9.2) rc.d/jail does
not understand vnet. The only support I can find is built into jail(8).