Hello hackers. I have prepared patch for jail functionality against FreeBSD 5.0-CURRENT. It provides multi-level jailing and multiple ips for jails.
Example of use:
IPS on machine:
tl0:
12.34.56.1
12.34.56.2
12.34.56.3
10.10.10.1
fxp0:
98.76.54.32
98.76.54.31
You can create jails inside of jails:
# jail / jail-1 12.34.56.1,12.34.56.2,10.10.10.1,98.76.54.31 /bin/sh
[ we are in jail-1 ]
# jail / jail-2 12.34.56.1,10.10.10.1,98.76.54.31 /bin/sh
[ we are in jail-2 ]
# jail / jail-3 12.34.56.1,98.76.54.31 /bin/sh
[ we are in jail-3 ]
# jail / jail-4 12.34.56.1,10.10.10.1 /bin/sh
[ EINVAL, because we are already jailed and
want to take IP from outside the jail ]
Only processes from jail-2, jail-3 and jail-4 and jail-1 are visable in jail-1.
Only processes from jail-4 and jail-3 are visable in jail-3.
Jail-2 is child of jail-1, jail-1 is parent of jail-2, jail-3 is child of
jail-2, jail-2 is parent of jail-3. If Parent exits, parent of parent
will be new parent - If last process of jail-2 exits jail-1 became parent
of jail-3 and jail-3 became child of jail-1.
Ifconfigs from jails:
jail-1# ifconfig
rl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
inet 12.34.56.1 netmask 0xffffff00 broadcast 12.34.56.255
inet 12.34.56.2 netmask 0xffffffff broadcast 12.34.56.2
inet 10.10.10.1 netmask 0xffff0000 broadcast 10.10.255.255
ether 00:11:22:33:44:55
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 98.76.54.31 netmask 0xffffffff broadcast 98.76.54.31
ether ff:ee:dd:cc:bb:aa
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
jail-2# ifconfig
rl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
inet 12.34.56.1 netmask 0xffffff00 broadcast 12.34.56.255
inet 10.10.10.1 netmask 0xffff0000 broadcast 10.10.255.255
ether 00:11:22:33:44:55
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 98.76.54.31 netmask 0xffffffff broadcast 98.76.54.31
ether ff:ee:dd:cc:bb:aa
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
jail-3# ifconfig
rl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
inet 12.34.56.1 netmask 0xffffff00 broadcast 12.34.56.255
ether 00:11:22:33:44:55
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 98.76.54.31 netmask 0xffffffff broadcast 98.76.54.31
ether ff:ee:dd:cc:bb:aa
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
Patch is attached and also avaliable with README file here:
http://garage.freebsd.pl/mljail.tbz
--
Pawel Jakub Dawidek
UNIX Systems Administrator
http://garage.freebsd.pl
Am I Evil? Yes, I Am.
msg39976/pgp00000.pgp
Description: PGP signature
