NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: NetBSD Jails

> Am 20.05.2020 um 06:26 schrieb Greg A. Woods <>:
> Sure, doing things smart/clean/elegant is definitely outdated when
> compared to the way many choose to work.  As I said, most seem to see
> the apparent surface simplicity of "docker pull nginx" as elegant
> enough.

I don’t use docker too and i‘m still curious why so many people i talk about linux containers confuse containers / lxc with „docker“. docker is just a (commercial) application of containers, like lxd, kubernetes, warden, lxc and many others today and i dont like that „dockerization of anything“ some people hype att because it makes things more inefficient / worse in many / most cases where other setups are much more efficient/ economical.

I like to avoid any kind of virtualization / „partitioning“ where possible too, but thats just one side of the medal, because in reality there are many scenarios where it won’t work without in a economically or way - because the application software ecosystem doesnt allow it without and scaling / HA / security is a rising factor too.

And i would prefer FreeBSD type jails over LXC if they are available on NetBSD btw..

At the end, NetBSD project will have to „decide“ about how much it play a role on larger network platform setups even as future „rich“ network equipment (like modern NAS or so) where (even with the „renaissance of bare metal“) „container“ (BSD jail) like isolation / „basic zoning“ is getting a required tool for growing amount of cases in the industry - be by security designs or business models etc..

BSD Jails was nearly not known / used (except from few „geeks“) over decades and with the availability of linux containers they got back significant attention in the last few years.

I dont know how far it would really cost in complexity to the NetBSD stack to „just“ get a similar to FreeBSD jails network „chroot isolation“ and „(pdeudo)virtual userspace“ (by uid/gid „offsets“ or so) get done (which typically uses a existing firewalling / net filter kind of stack (the most other required parts for such a basic jailing are still there in NetBSD). I can‘t believe that these costs will be higher then the won usability / application world it offers in the future, since Jails are not „geek niche“ anymore in the IT industry. 

so far,



Home | Main Index | Thread Index | Old Index