At Sun, 17 May 2020 11:11:22 +0200, Niels Dettenbach <nd%syndicat.com@localhost> wrote: Subject: Re: NetBSD Jails > > Am 17.05.2020 um 06:01 schrieb Greg A. Woods <woods%planix.com@localhost>: > > > > I know some people do allow human users to login to FreeBSD "jails", but > > I really have to wonder why. I think if you want to give human users > > the idea that they have their own machine then you really do need to > > give them a whole VM (at least with Unix/POSIX systems -- modernized > > multics-like systems might be a better way). > > if you really wonder, take a look at i.e. FreeNAS as other projects > which uses BSD jails as containers for virtual multi host environments > (i.e. mailservers, LAMP stuff, Database servers, Samba stuff and > proprietary / binary software etc) which all have their own IPs as > root as user contexts in fs as userspace and security isolation > (system as net / firewalling etc) is a major reason. This is one of > the most used scenarios today. Indeed, as I say, I know people do this and I've seen lots of it. I have friends and colleagues who have tried to tell me how and why. I've gone to talks at BSDCan about the how's and why's and I've chatted to people in the halls after about these talks. But what I've been trying to express in my questions on this thread is that I still don't understand the deep reasons why this is seen as a _necessary_ approach. Many folks are doing it because others do it. Well, all I can say to that is have fun on your bandwagon, and don't let me stop you! Some think there are some security benefits. I continue to see security issues which are a direct result of more complex code, more complex configurations, and more complex management overhead. Chroot isn't 100% secure, especially not for processes with superuser privileges, and jails are no better. I.e. I think chroot environments are good, in so far as they go, but I'm less trusting of even FreeBSD jails because of the added complexity, both under the hood, and in configuration and management. Other competing technologies on other platforms such as those on Solaris and Linux are even more complex and convoluted. In the end there is inherently less security with any and all forms of virtualization and/or sharing of resources. If absolute security is your requirement then you really need separate hardware for each circle of trust (especially as we've seen with the issues coming from the very fundamentals of modern CPU internals). Some think there are performance benefits. I do see there are performance tradeoffs, but if chroot is enough then why add even the additional layers of code needed for FreeBSD jails? If you actually really need a fully isolated and completely full featured environment where you can run complex applications in "reasonably secure" sandbox style isolation then why not choose the best possible hardware you can afford that supports a full virtual machine environment such as Xen, or nvmm/bhyve with qemu or virtualbox, etc.? (e.g. I bought a used Dell server for about $500 and I can run Xen with many domUs on it very efficiently) -- Greg A. Woods <gwoods%acm.org@localhost> Kelowna, BC +1 250 762-7675 RoboHack <woods%robohack.ca@localhost> Planix, Inc. <woods%planix.com@localhost> Avoncote Farms <woods%avoncote.ca@localhost>
Attachment:
pgpcJ6bZFM1tS.pgp
Description: OpenPGP Digital Signature