Page MenuHomeFreeBSD

Provide process space virtualisation functionality for jails.
Needs ReviewPublic

Authored by bz on Jun 17 2018, 2:55 PM.



This is the initial logic which will give a jail its own init,
have a dedicated kernel process "0" (swapper) per jail, its
own pid, etc. space if enabled.
Add ddb support to aid debugging as was done for vnet.

Obtained from:

		(parts, originally as provided by iXsystems, Inc.)

Sponsored by: iXsystems, Inc.

Diff Detail

Lint OK
No Unit Test Coverage
Build Status
Buildable 17983
Build 17737: arc lint + arc unit

Event Timeline


Panicking seems harsh when kproc_create can fail simply because the process limit has been hit. Is there a way to just fail the jail creation, or if not that to destroy the jail? Perhaps with a warning - a sort of VPS panic.


Is this something you've found to happen? I know that zombie jails often sit around indefinitely waiting for a cred hold to go away; perhaps it's something like that?

Follow-up on comments to @jamie


Yes. There's a few such situations; we would need to add a flag to the vps structure, check in between every sysinit invokation; in case of error, undo the exact bits we already allocated/initialised, and the return an error to jail creation. We never did for vnets; maybe it's time; but the cleanup can be "complex" to get fully symmetric. For the moment having well-defined errors (panic) seems better while developing.


Yes I have but so far no one has ever tried to cleanly shutdown process space so (as with vnet) we expect to find certain leaks. I am sure that the buffer cache is a major problem for process space references. One thing at a time though. At the moment I am seeing linger DYING jails around with plain HEAD and not even vnets; took something over 50 days for one to go. Need a more general "tracker" which I do not want to intermix with this work.

  • Merge branch 'p2' into p3