On Fri, 6 Jun 2008, Michael Reifenberger wrote: > is the assumtion correct that an active jail has at least on process > associatet with it and that there can be only one active jail (with the same > hostname/ip-number) per system at the same time? > > Is there an convinient way to get the processes associatet with an jail. So > far I found only the method used by killall(1): jail_attach() to the jid and > read the process table... > > Thanks in advance! Michael-- No, those are incorrect assumptions: (1) Jails may exist without any processes -- jails are part of the process credential, and these may be cached and used asynchronously. The example many people run into is that the process credential that opened a TCP connection remains referenced until the TCP connection closes, so if a TCP connection enters TIME_WAIT, the jail will persist until the TIME_WAIT delay runs out. (2) It is quite possible, and in fact even quite reasonable, to have multiple jails with the same IP and hostname. When compartmentalizing services, there's no reason not to use the same (global) hostname for each service, and no reason not to attach the services to the same IP address. You can use jls(8) to list jails, and then for each jail ID, you can use ps(1) to list processes. You can find jid in the list of optional data to print for processes in the ps man page. Robert N M Watson Computer Laboratory University of CambridgeReceived on Fri Jun 06 2008 - 09:09:26 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:31 UTC