[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: jail() for Linux ?

Hi !

J.J. van Gorkum wrote:

>The only thing I found that looks the same is...
>
>http://www.solucorp.qc.ca/miscprj/s_context.hc
>  
>
Matt Ayres wrote:

>You can use vserver (http://www.solucorp.qc.ca/miscprj/s_context.hc).  I'd be interested in what you did for jail, would it be possible for me to get a rundown of features or an advance copy?
>  
>
Thanks a lot - I will test this patch if its compatible with my software :-)

A already discovered a substitute for the "mount_null" command - "mount
-link" :-))

The features of  my software:
--

#############################################################
###
### JAILMANAGER : DESIGN AND CONCEPTS
###


This file gives a short overview about the basic design- and
conceptional ideas of Jailmanger.


## Software - Environment

-> Free-BSD 4.6 and higher
-> Perl v5.6.1 and higher


## Basic Features

The use of Jailmanger gives you several advantages compared
to a regular jail-setup.

-> centralized software management

   -> no redundance files 
   -> no time consuming updates
   -> automated setup of the central software-reference
   -> every virtual server only needs an minimal disc-space
      of 10 megabytes

-> automated setup and creation of virtual-servers

-> maintainance shell for every virtual server

-> automated starting and stopping of jails

-> maintainance-tools which helps you to get informations
   about the currently configured jails.

   -> showing the processes for every jail/for a certain jail
   -> showing the status of jails

-> Logging of maintainance-tasks to a logfile
  
-> every information about a certain jail is populated in
   one singe directory.
   (this increases transparence, and makes it very easy to
    transfer a jail to another hosting-server.)

-> batched configuration changes

   -> execution of a certain script/program in every jail
   -> optional interactive mode, which helps to verify
      automated actions
   -> passing of environment-variables which contain the
      configuration data of a certain jail to the executed
      programs to ease configuration tasks.

-> /SW-Support
   (/SW is a concept for maintaining software for multiple
    hardware-platforms)

-> shellscript-supported update of configuration-files

   ->identifying of differences beetween the reference and
     the user-jail
    
   ->interactive merging of configfiles

-> multi-ip-support for each jail

## ultrashort design overview


* master-jail:

  This jail is automatically generated from /usr/src by a script,
  and represents the software-reference for every user-jail
  (see description below).
 
  This Jail is fully functional - but it will be never directly
  used for productive needs.

  The directory where the master-jail resides is read-only mounted
  to every user-jail with the mount_null-command.


* user-jail:

  Jails of this type provide the different virtual-server-environments.
 
  Almost all files which are need for the complete virtual server, are
  provided by the master-jail directory which is mounted to a certain
  directory within the user-jail.

  All directories of the user-jail are symlinked to the corresponding
  directory in the master-jail - except those which are needed for
  local modifications. (i.e /etc/, /var/, /root, ....)

  example view to such a user-jail file-system:
  ----
  root@install07 $ls -la
  total 25
  drwxr-xr-x  13 root  wheel   512 Mar 10 13:10 .
  drwxr-xr-x  13 root  wheel   512 Mar 10 13:10 ..
  lrwxrwxr-x   1 root  wheel    30 Mar  5 14:31 .cshrc ->
/slash-root/master-jail/.cshrc
  lrwxrwxr-x   1 root  wheel    32 Mar  5 14:31 .profile ->
/slash-root/master-jail/.profile
  lrwxrwxr-x   1 root  wheel    33 Mar  5 14:31 COPYRIGHT ->
/slash-root/master-jail/COPYRIGHT
  lrwxrwxr-x   1 root  wheel    27 Mar  5 14:31 bin ->
/slash-root/master-jail/bin
  lrwxrwxr-x   1 root  wheel    28 Mar  5 14:31 boot ->
/slash-root/master-jail/boot
  drwxr-xr-x  13 root  wheel   512 Mar  5 14:31 client
  drwxr-xr-x   3 root  wheel  1536 Mar  6 09:36 dev
  drwxr-xr-x  11 root  wheel  1536 Mar  6 13:52 etc
  lrwxrwxr-x   1 root  wheel     9 Mar  5 14:31 kernel -> /dev/null
  drwxr-xr-x   2 root  wheel   512 Mar  5 14:31 mnt
  lrwxrwxr-x   1 root  wheel    31 Mar  5 14:31 modules ->
/slash-root/master-jail/modules
  dr-xr-xr-x   1 root  wheel   512 Mar 10 13:10 proc
  drwxr-xr-x   5 root  wheel   512 Mar  6 09:38 root
  lrwxrwxr-x   1 root  wheel    28 Mar  5 14:31 sbin ->
/slash-root/master-jail/sbin
  drwxrwxr-x   3 root  wheel   512 Mar  5 14:31 serv
  drwxr-xr-x   4 root  wheel   512 Mar  5 14:31 slash-root
  lrwxrwxr-x   1 root  wheel    15 Mar  5 14:31 sw -> /slash-root/sw/
  lrwxrwxr-x   1 root  wheel    27 Mar  5 14:31 sys ->
/slash-root/master-jail/sys
  drwxrwxrwt   3 root  wheel   512 Mar 10 03:01 tmp
  drwxrwxr-x   3 root  wheel   512 Mar  5 14:31 usr
  drwxr-xr-x  20 root  wheel   512 Mar  5 10:24 var
  ----

  The master-jail is read-only mounted to /slash-root/master-jail with
  mount_null.
  (the man-page says that mount_null "MAY, IN FACT, DESTROY DATA ON YOUR
SYSTEM" -
  this warning was written in 1995 - i think this is a little bit outdated.
  On several web-sites you can read that mount_null is stable enough :-))
 
  The typical environment for a user-jail looks like that:

  /<path-to-the-user-jails>/<hostname>/filesystem

  /<path-to-the-user-jails>/<hostname>/user-jail.conf
             

  The "filesystem"-directory contains the files like described above,
  "user-jail.conf" contains jail-specific configuration-data.
  (IP-address, ...)
--

Best Regards

Marc Schoechlin
Reply to: