cvs commit: src/usr.sbin/jexec jexec.8 jexec.c
Robert Watson
rwatson at FreeBSD.org
Fri May 30 15:40:29 UTC 2008
On Fri, 30 May 2008, Ceri Davies wrote:
>>>> Thats something that the admin should take care for.
>>>
>>> How might they do that? Remember that any command that works only when
>>> the jail IP is "unambiguous" will become effectively non-deterministic as
>>> a result of un-garbage collected jails. So
>>
>> Is it feasible to change the hostname of a dying jail? We could prefix it
>> with some string at some point of the shutdown...
>
> We'd be better off just dropping all the connections at that point.
TCP TIME_WAIT exists for a reason that it is better not to disregard. This
question gets a bit more complicated in light of vimage, which is something
we'll need to discuss at the August developer summit.
Also, TIME_WAIT is just one example of a jail persisting due to continuing
references to a credential -- there are other legitimate, albeit less common,
reasons that it may occur, and those are also valid use cases.
Robert N M Watson
Computer Laboratory
University of Cambridge
More information about the cvs-src
mailing list