Re: jail() for Linux ?
Hi !
J.J. van Gorkum wrote:
>The only thing I found that looks the same is...
>
>http://www.solucorp.qc.ca/miscprj/s_context.hc
>
>
Matt Ayres wrote:
>You can use vserver (http://www.solucorp.qc.ca/miscprj/s_context.hc). I'd be interested in what you did for jail, would it be possible for me to get a rundown of features or an advance copy?
>
>
Thanks a lot - I will test this patch if its compatible with my software :-)
A already discovered a substitute for the "mount_null" command - "mount
-link" :-))
The features of my software:
--
#############################################################
###
### JAILMANAGER : DESIGN AND CONCEPTS
###
This file gives a short overview about the basic design- and
conceptional ideas of Jailmanger.
## Software - Environment
-> Free-BSD 4.6 and higher
-> Perl v5.6.1 and higher
## Basic Features
The use of Jailmanger gives you several advantages compared
to a regular jail-setup.
-> centralized software management
-> no redundance files
-> no time consuming updates
-> automated setup of the central software-reference
-> every virtual server only needs an minimal disc-space
of 10 megabytes
-> automated setup and creation of virtual-servers
-> maintainance shell for every virtual server
-> automated starting and stopping of jails
-> maintainance-tools which helps you to get informations
about the currently configured jails.
-> showing the processes for every jail/for a certain jail
-> showing the status of jails
-> Logging of maintainance-tasks to a logfile
-> every information about a certain jail is populated in
one singe directory.
(this increases transparence, and makes it very easy to
transfer a jail to another hosting-server.)
-> batched configuration changes
-> execution of a certain script/program in every jail
-> optional interactive mode, which helps to verify
automated actions
-> passing of environment-variables which contain the
configuration data of a certain jail to the executed
programs to ease configuration tasks.
-> /SW-Support
(/SW is a concept for maintaining software for multiple
hardware-platforms)
-> shellscript-supported update of configuration-files
->identifying of differences beetween the reference and
the user-jail
->interactive merging of configfiles
-> multi-ip-support for each jail
## ultrashort design overview
* master-jail:
This jail is automatically generated from /usr/src by a script,
and represents the software-reference for every user-jail
(see description below).
This Jail is fully functional - but it will be never directly
used for productive needs.
The directory where the master-jail resides is read-only mounted
to every user-jail with the mount_null-command.
* user-jail:
Jails of this type provide the different virtual-server-environments.
Almost all files which are need for the complete virtual server, are
provided by the master-jail directory which is mounted to a certain
directory within the user-jail.
All directories of the user-jail are symlinked to the corresponding
directory in the master-jail - except those which are needed for
local modifications. (i.e /etc/, /var/, /root, ....)
example view to such a user-jail file-system:
----
root@install07 $ls -la
total 25
drwxr-xr-x 13 root wheel 512 Mar 10 13:10 .
drwxr-xr-x 13 root wheel 512 Mar 10 13:10 ..
lrwxrwxr-x 1 root wheel 30 Mar 5 14:31 .cshrc ->
/slash-root/master-jail/.cshrc
lrwxrwxr-x 1 root wheel 32 Mar 5 14:31 .profile ->
/slash-root/master-jail/.profile
lrwxrwxr-x 1 root wheel 33 Mar 5 14:31 COPYRIGHT ->
/slash-root/master-jail/COPYRIGHT
lrwxrwxr-x 1 root wheel 27 Mar 5 14:31 bin ->
/slash-root/master-jail/bin
lrwxrwxr-x 1 root wheel 28 Mar 5 14:31 boot ->
/slash-root/master-jail/boot
drwxr-xr-x 13 root wheel 512 Mar 5 14:31 client
drwxr-xr-x 3 root wheel 1536 Mar 6 09:36 dev
drwxr-xr-x 11 root wheel 1536 Mar 6 13:52 etc
lrwxrwxr-x 1 root wheel 9 Mar 5 14:31 kernel -> /dev/null
drwxr-xr-x 2 root wheel 512 Mar 5 14:31 mnt
lrwxrwxr-x 1 root wheel 31 Mar 5 14:31 modules ->
/slash-root/master-jail/modules
dr-xr-xr-x 1 root wheel 512 Mar 10 13:10 proc
drwxr-xr-x 5 root wheel 512 Mar 6 09:38 root
lrwxrwxr-x 1 root wheel 28 Mar 5 14:31 sbin ->
/slash-root/master-jail/sbin
drwxrwxr-x 3 root wheel 512 Mar 5 14:31 serv
drwxr-xr-x 4 root wheel 512 Mar 5 14:31 slash-root
lrwxrwxr-x 1 root wheel 15 Mar 5 14:31 sw -> /slash-root/sw/
lrwxrwxr-x 1 root wheel 27 Mar 5 14:31 sys ->
/slash-root/master-jail/sys
drwxrwxrwt 3 root wheel 512 Mar 10 03:01 tmp
drwxrwxr-x 3 root wheel 512 Mar 5 14:31 usr
drwxr-xr-x 20 root wheel 512 Mar 5 10:24 var
----
The master-jail is read-only mounted to /slash-root/master-jail with
mount_null.
(the man-page says that mount_null "MAY, IN FACT, DESTROY DATA ON YOUR
SYSTEM" -
this warning was written in 1995 - i think this is a little bit outdated.
On several web-sites you can read that mount_null is stable enough :-))
The typical environment for a user-jail looks like that:
/<path-to-the-user-jails>/<hostname>/filesystem
/<path-to-the-user-jails>/<hostname>/user-jail.conf
The "filesystem"-directory contains the files like described above,
"user-jail.conf" contains jail-specific configuration-data.
(IP-address, ...)
--
Best Regards
Marc Schoechlin
Reply to: