Subject: Re: Implementing jail
To: Simas Mockevicius <Simas@remo.lt>
From: Brian Chase <vaxzilla@jarai.org>
List: tech-kern
Date: 12/15/2002 09:53:23
On Sun, 15 Dec 2002, Simas Mockevicius wrote:
> On Sun, 15 Dec 2002, Bill Studenmund wrote:
> > Note: we have chroot, which adds the fs-tree-limiting part. We just
> > don't do the virtual server part, as mentioned above.
> but NetBSD have in the TODO list this tool? Or maybe there are another
> thoughts about how to create on the running system virtual server, lets
> say, for virtual hosting? I think it would be a great idea. Lets see: we
> create a fe-tree with chroot, but we can also add an option like another
> IP address working on that "virtual" server, maybe even emulating other
> os, like linux? Now very hard to control many virtual servers, or very
> expensive to buy a seprate machines to all clients. Or I am dreaming ? :)
I'll make a suggestion, partially in jest, but if you are are only
concerned with security and not about performance, there is at least one
way to do this. Now that it offers DEQNA (NIC) emulation, you could run
one or more SIMH VAX emulator instances on your NetBSD/i386 system; then
install NetBSD/vax on the emulated VAXen.
Given that the virtual VAX systems would be emulated system means that
performance would be very poor, but it would offer you with a secure
system.
-brian.