On 2/4/2014 6:23 AM, Julian Elischer wrote:
On 2/4/14, 3:40 PM, Robert N. M. Watson wrote:
On 3 Feb 2014, at 23:53, Doug Ambrisko <ambri...@ambrisko.com> wrote:
It's unfortunate that vimage requires jail. I want to use vimage but
not have the security restrictions of a jail. To do this I patched
jail to basically let everything through. It would be nice to be
able to run jail in an insecure mode which I understand is a
contradition.
I do use the jail infrastructure to set the uname*/getosreldate so
that a specific jail thinks it is FreeBSD version blah. Then I can ssh
into that jail and pkg_add things, make ports etc. I use this on
my laptop running current on the base. My other jails run various
versions of FreeBSD. I don't care about security in this case.
vimage was not originally tied to jails. I can't remember why we
decided to do that :-)
Leaving the smiley aside for the present, I remember that one - and
it's closely tied to this discussion. It was part of this more
flexible vision of jails that had added features, of which security
was just one (optional) part. I thought of them as a more general
encapsulation framework as needs would arise.
Vimage was one of those needs. Marko Zec had originally implemented
it with its own set of containers that ran parallel with jails,
partially implementing some parts of jail but only well enough for the
proof-of-concept of his networking idea. One thing vimage had going
for it was hierarchies, which allowed one virtual network to exist
encapsulated inside another, and that's how jails themselves became
hierarchical. It was a requirement for Marko to agree to allow his
own vimage-only encapsulation to be subsumed inside jails.
Perhaps all that is what the smiley meant, but it's good to have a
little history every now and then.
- Jamie
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
