tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Thinking about "branes" for netbsd...


On Thu, May 03, 2012 at 12:23:36PM -0400, Mouse wrote:
> >>> [...] "processes get chroot'd into branes" [...]
> >> I'm not even sure what it could mean, [...].  Perhaps something is
> >> being extended metaphorically, but it's unclear to me what or how
> >> that could be.
> > "Give processes a different view to the network than 'the rest of the
> > machine' has" - not that different to "give processes a different
> > view to the file system", no?
> Yeah, but that involves (or, at least, I would expect that to involve)
> more than just the routing table.  Or do branes cover more than just
> routing?

I'm not sure how that particular bikeshed is planned, but I'd consider
"IP addresses on Interfaces + Routing + Firewall rules" to be all I
need to define a network environment.  If that's a "brane", I could
very well see a process being "chroot()"ed into that.

Sort of like a VRF on a Cisco router, with some of the services on
the box (like "telnet") only operating within a certain routing
instance, but not in others.  Or particularily, telnet:// 
only working in a particular VRF, and not in another that happens
to use as well  [not that this works overly well on Cisco
today, but some bits already do, and the idea is sane].

USENET is *not* the non-clickable part of WWW!
Gert Doering - Munich, Germany                    
fax: +49-89-35655025               

Home | Main Index | Thread Index | Old Index