Subject: Re: jail command?
To: Luke Mewburn <lukem@wasabisystems.com>
From: Alistair Crooks <agc@wasabisystems.com>
List: netbsd-users
Date: 04/29/2002 10:15:07
On Mon, Apr 29, 2002 at 05:41:35PM +1000, Luke Mewburn wrote:
> On Mon, Apr 29, 2002 at 07:25:21AM +0000, Malcolm Herbert wrote:
>   | Is there any equivalent to FreeBSD's jail command under NetBSD? I've
>   | seen someone use it recently and was itching to try it out, only to be
>   | told it was a FreeBSD-only thing ... say it isn't so!
> 
> NetBSD does not currently support jails a la FreeBSD.
> It may do so in the future.

Whilst the functionality is nice, there is a concern to me:

Taken from the FreeBSD 4.5 jail(2) manual page:

>      #include <sys/types.h>
>      #include <sys/jail.h>
> 
>      int
>      jail(struct jail *jail);
> 
> DESCRIPTION
>      The jail system call sets up a jail and locks the current process in it.
> 
>      The argument is a pointer to a structure describing the prison:
> 
>            struct jail {
>                    u_int32_t       version;
>                    char            *path;
>                    char            *hostname;
>                    u_int32_t       ip_number;
>            };
> 
>      ``version'' defines the version of the API in use.  It should be set to
>      zero at this time.
> 
>      The ``path'' pointer should be set to the directory which is to be the
>      root of the prison.
> 
>      The ``hostname'' pointer can be set to the hostname of the prison.  This
>      can be changed from the inside of the prison.
> 
>      The ``ip_number'' can be set to the IP number assigned to the prison.

How can you do IPv6-related work using jail(2)?

Regards,
Alistair