NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: NetBSD Jails

On Tue, 19 May 2020 21:26:02 -0700
"Greg A. Woods" <> wrote:

> One of the things I've been hoping to learn in this discussion is
> more concretely what the true low-level requirements are, over and above
> what can be done with existing chroot and user/login-class rlimits in
> order to provide useful isolation of applications.

For the purpose of isolation of applications, I'd like to segment the
process tree in the same way that chroot segments the filesystem tree.
I don't necessarily need a "root" user inside these segments.

Semantics similar to chroot, wherein a parent process calls the
appropriate system call and from that point forward can only interact
with it's child processes - which inherit the same segment - would be

Starting an entire bare metal hypervisor and multiple kernels feels
like overkill for this task, especially when plenty of other operating
systems have had the ability for a decade or more.

And yes, I have looked into curtain mode. It's interesting but does not
do this.

Aaron B. <>

Home | Main Index | Thread Index | Old Index