Re: NetBSD Jails

To: NetBSD Users's Discussion List <netbsd-users%netbsd.org@localhost>
Subject: Re: NetBSD Jails
From: Sad Clouds <cryintothebluesky%gmail.com@localhost>
Date: Wed, 20 May 2020 09:17:07 +0100

On Tue, 19 May 2020 21:26:02 -0700
"Greg A. Woods" <woods%planix.com@localhost> wrote:

> So what more is needed, beyond chroot and login classes, to make
> possible the kinds things like allowing a customer to install web-app
> "plugins" to their instance of a web server?  I can't think of
> _anything_ else that's _actually_ needed, other than management
> tooling to make it all clickety-web-GUI-ish.  You certainly don't
> need/want to give them root in their chroot.

Some things can be achieved with chroot and various other tools in
NetBSD, other things are not going to work with chroot. It's nothing to
do with GUI management, but the fundamental architecture of chroot.

I've started looking into this some time ago, as I wanted to partition
my applications into isolated zones, without using Xen or other
hypervisors. I don't use NetBSD for anything serious, so not concerned
about security implications at the moment, as this is mostly a toy
project.

So it is mainly looking at what NetBSD provides to restrict and manage
resources (CPU and memory limits, Veriexec and other security
frameworks, Rump, mount_null and mount_union, QoS for disk and network
I/O, etc). Not quite sure how this will work out in the end.

References:
- Re: NetBSD Jails
  - From: Greg A. Woods
- Re: NetBSD Jails
  - From: Sad Clouds
- Re: NetBSD Jails
  - From: Greg A. Woods
- Re: NetBSD Jails
  - From: Niels Dettenbach
- Re: NetBSD Jails
  - From: Greg A. Woods

Prev by Date: Re: NetBSD Jails
Next by Date: Re: Trouble installing NetBSD 9.0 amd64
Previous by Thread: Re: NetBSD Jails
Next by Thread: Re: NetBSD Jails
Indexes:

Home | Main Index | Thread Index | Old Index