Enabling VIMAGE by default for FreeBSD 11?

[John D. Hendrickson and Sara Darnell]

Alexander V. Chernikov wrote:
> On 11 Oct 2014, at 21:58, Craig Rodrigues <rodrigc at FreeBSD.org> wrote:
> 
>> Hi,
>>
>> What action items are left to enable VIMAGE by default for FreeBSD 11?
> Are there any tests results showing performance implications on different network-related workloads?
>> Not everyone uses bhyve, so VIMAGE is quite useful when using jails.
>>
>> --
>> Craig
>> _______________________________________________
>> freebsd-net at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-net
>> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>>
> 
> _______________________________________________
> freebsd-arch at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-arch
> To unsubscribe, send any mail to "freebsd-arch-unsubscribe at freebsd.org"
> 

i know little about chroot jails or 7 ring processor levels

but let me ask rhetorically ...

do you mean VIMAGE allows a jail to use an iface device for many IPs 
or even MAC?  i thought that was already the case all cards can 
"listen" - it's only a headers trick per say.

but do you mean a chroot can have access to an iface (which there 
are pkg for setting up if i remember)?  but if a jail is allowed to 
use an iface why not allocate it - meaning: what is the purpose of 
middleman vimage connecting device to jail unless there is a strict 
filter inbetween (ie, strippign headers, or even controlling what 
iface/routes are alllowed)?

i can't see what it's for, but much less making it mandatorily 
injected upon all jailsm, except maybe it may BREAK existing jails 
by allowing net access where there is NOT supposed to be any / 
assumed not to be any

if they old programmers didn't want anyone compiling software who 
logged in: they'd insure there was no compiler.  if they didn't want 
typing at a terminal: they'd take away the keyboard right?