| Log Message: |
MFC:
r185435:
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
r185441:
Unbreak the no-networks (no INET/6) build.
r185899:
Correctly check the number of prison states to not access anything
outside the prison_states array.
When checking if there is a name configured for the prison, check the
first character to not be '\0' instead of checking if the char array
is present, which it always is. Note, that this is different for the
*jailname in the syscall.
Found with: Coverity Prevent(tm)
CID: 4156, 4155
r186085:
Make sure that the direct jls invocations prints something
reasonable close to and in the same format as it had always.
r186606:
Make sure that unused j->ip[46] are cleared.
r186834:
Document the special loopback address behaviour of jails.
PR: kern/103464
r186841:
Put the devfs ruleset next to devfs enable, add a comment about
the suggested ruleset[1].
While here use an IP from the 'test-net' prefix for docs.
PR: kern/130102
r187059:
Add a short section talking about jails and file systems; mention the
mountand jail-aware file systems as well as quota.
PR: kern/68192
r187092:
Sort .Xr.
r187365:
s,unmount 8,umount 8, it is unmount(2) which I did not mean.
r187669:
Update the description of the '-h' option wrt to primary addresses
per address family and add a reference to the ip-addresses option.
r187670:
New sentence starts on a new line.
|
stable/7/UPDATING
stable/7/etc/