NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: OS-level virtualization

In article <>,
Martin Husemann  <> wrote:
>On Tue, Apr 06, 2021 at 12:29:31PM -0400, Aaron B. wrote:
>> It's just the same chroot system call under the hood. And currently,
>> that's all there is. The kernel simply doesn't have any other way to
>> isolate processes at the time.
>Well, there is kauth(9), which can be extended by specific listeners
>(but AFAIK nothing shrink-wrapped is shipped with the base OS).

Well, kauth does authorization checking, we are talking here about providing
separate namespaces for different processes (networking, filesystem etc.)


Home | Main Index | Thread Index | Old Index