tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: firefox sandboxing



On Mon 14 May 2018 at 15:38:09 +0200, Thomas Klausner wrote:
> We already support chroot(2). Are user namespaces
> (http://man7.org/linux/man-pages/man7/user_namespaces.7.html - looks
> like capabilities) something that would be good to have for NetBSD?

It might help to get a NetBSD version of Docker.

Although, as far as I understand Docker, you could probably get a lot of
the process isolation that it needs done by writing an appropriate kauth
policy?

-Olaf.
-- 
___ Olaf 'Rhialto' Seibert  -- Wayland: Those who don't understand X
\X/ rhialto/at/falu.nl      -- are condemned to reinvent it. Poorly.

Attachment: signature.asc
Description: PGP signature



Home | Main Index | Thread Index | Old Index