jailNG

NOTE: This web page is of historic interest only -- please see the jail(2) man page on various FreeBSD versions (especially 7.x and 8.x) for more information on jail programming and architectural directions.

From-scratch reimplementation of the jail(2) code on FreeBSD. Addresses a number of limitations including:

• SMPng-safe
• Persistent named jails
• Improved management capabilities, including per-jail sysctl's toggling previously global jail configuration settings as well as new per-jail settings:
  • sysvipc_permitted
  • set_hostname_permitted
  • socket_ipv4_permitted
  • socket_unix_permitted
  • socket_route_permitted
  • socket_other_permitted
  • ipv4addr
• Ability to add new processes to a jail
• Improved management tool
• Improved use of kernel security abstractions and primitives

• Ability to address a signal to an entire jail from outside the jail (permitting forceable) shutdown of a jail)
• jailinit(8) to manage jail environment modeled on init(8)
• Re-introduce Linuxulator per-jail settings
• Additional management toggles
• Allow management tool to provide prettier interface to toggle some sysctl's, such as the jail IPv4 address
• Scripted or jailctl'd reading of jail.conf plus run-time tool for external jail management
• Re-write interactions with network subsystem (everything below the "compaibility code" comment in kern_jail.c)
• Explore possible multiple address support, as well as IPv6 support

• jailctl.tgz
• jailng.diff
• jailng.1.diff Revised patch to add mutex assertions, staticize variables, add comments, rename flags.