Hello hackers.

I have prepared patch for jail functionality against FreeBSD 5.0-CURRENT.
It provides multi-level jailing and multiple ips for jails.

Example of use:
        IPS on machine:
        tl0:
                12.34.56.1
                12.34.56.2
                12.34.56.3
                10.10.10.1
        fxp0:
                98.76.54.32
                98.76.54.31

        You can create jails inside of jails:
        # jail / jail-1 12.34.56.1,12.34.56.2,10.10.10.1,98.76.54.31 /bin/sh
        [ we are in jail-1 ]
        # jail / jail-2 12.34.56.1,10.10.10.1,98.76.54.31 /bin/sh
        [ we are in jail-2 ]
        # jail / jail-3 12.34.56.1,98.76.54.31 /bin/sh
        [ we are in jail-3 ]
        # jail / jail-4 12.34.56.1,10.10.10.1 /bin/sh
        [ EINVAL, because we are already jailed and
          want to take IP from outside the jail ]

Only processes from jail-2, jail-3 and jail-4 and jail-1 are visable in jail-1.
Only processes from jail-4 and jail-3 are visable in jail-3.

Jail-2 is child of jail-1, jail-1 is parent of jail-2, jail-3 is child of
jail-2, jail-2 is parent of jail-3. If Parent exits, parent of parent
will be new parent - If last process of jail-2 exits jail-1 became parent
of jail-3 and jail-3 became child of jail-1.

Ifconfigs from jails:

        jail-1# ifconfig
        rl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
                inet 12.34.56.1 netmask 0xffffff00 broadcast 12.34.56.255
                inet 12.34.56.2 netmask 0xffffffff broadcast 12.34.56.2
                inet 10.10.10.1 netmask 0xffff0000 broadcast 10.10.255.255
                ether 00:11:22:33:44:55
                media: Ethernet autoselect (100baseTX <full-duplex>)
                status: active
        rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
                inet 98.76.54.31 netmask 0xffffffff broadcast 98.76.54.31
                ether ff:ee:dd:cc:bb:aa
                media: Ethernet autoselect (100baseTX <full-duplex>)
                status: active
        lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384

        jail-2# ifconfig
        rl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
                inet 12.34.56.1 netmask 0xffffff00 broadcast 12.34.56.255
                inet 10.10.10.1 netmask 0xffff0000 broadcast 10.10.255.255
                ether 00:11:22:33:44:55
                media: Ethernet autoselect (100baseTX <full-duplex>)
                status: active
        rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
                inet 98.76.54.31 netmask 0xffffffff broadcast 98.76.54.31
                ether ff:ee:dd:cc:bb:aa
                media: Ethernet autoselect (100baseTX <full-duplex>)
                status: active
        lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384

        jail-3# ifconfig
        rl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
                inet 12.34.56.1 netmask 0xffffff00 broadcast 12.34.56.255
                ether 00:11:22:33:44:55
                media: Ethernet autoselect (100baseTX <full-duplex>)
                status: active
        rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
                inet 98.76.54.31 netmask 0xffffffff broadcast 98.76.54.31
                ether ff:ee:dd:cc:bb:aa
                media: Ethernet autoselect (100baseTX <full-duplex>)
                status: active
        lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384

Patch is attached and also avaliable with README file here:

        http://garage.freebsd.pl/mljail.tbz

-- 
Pawel Jakub Dawidek
UNIX Systems Administrator
http://garage.freebsd.pl
Am I Evil? Yes, I Am.

Attachment: msg39976/pgp00000.pgp
Description: PGP signature

Reply via email to