[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Thinking about "branes" for netbsd...
On Thu, May 03, 2012 at 12:23:36PM -0400, Mouse wrote:
> >>> [...] "processes get chroot'd into branes" [...]
> >> I'm not even sure what it could mean, [...]. Perhaps something is
> >> being extended metaphorically, but it's unclear to me what or how
> >> that could be.
> > "Give processes a different view to the network than 'the rest of the
> > machine' has" - not that different to "give processes a different
> > view to the file system", no?
> Yeah, but that involves (or, at least, I would expect that to involve)
> more than just the routing table. Or do branes cover more than just
I'm not sure how that particular bikeshed is planned, but I'd consider
"IP addresses on Interfaces + Routing + Firewall rules" to be all I
need to define a network environment. If that's a "brane", I could
very well see a process being "chroot()"ed into that.
Sort of like a VRF on a Cisco router, with some of the services on
the box (like "telnet") only operating within a certain routing
instance, but not in others. Or particularily, telnet://192.168.0.1
only working in a particular VRF, and not in another that happens
to use 192.168.0.1 as well [not that this works overly well on Cisco
today, but some bits already do, and the idea is sane].
USENET is *not* the non-clickable part of WWW!
Gert Doering - Munich, Germany
Main Index |
Thread Index |