Re: OS-level virtualization

To: netbsd-users%netbsd.org@localhost
Subject: Re: OS-level virtualization
From: "Aaron B." <aaron%zadzmo.org@localhost>
Date: Thu, 8 Apr 2021 13:00:18 -0400

On Thu, 8 Apr 2021 18:12:18 +0200
Rhialto <rhialto%falu.nl@localhost> wrote:

> I had the same idea in the past, but haven't done anything concrete with
> it.

I'd like to give it a try. My big roadblock at the moment is how to add
a system call. The only thing search engines are finding appear to be
FreeBSD specific; is there a NetBSD guide or a man page for this?

> For other things, like UIDs, GIDs, etc it is a bit trickier because you
> could get multiple 'namespaces' using the same value and you can't even
> prevent it without causing weird failures. For those, you'd need some
> mapping layer somewhere to translate between global values and
> inside-the-namespace values. There is something like that for stacked
> file systems (mount_umap)  but that won't be enough.
> 

If kauth is preventing processes from any interaction, why do the
UID/GID even matter anymore?

Unless processes in different PID namespaces are also sharing the same
filesystem. I can't think of a use case for that (Not that there isn't
one :)

-- 
Aaron B. <aaron%zadzmo.org@localhost>

References:
- OS-level virtualization
  - From: Austin Kim
- Re: OS-level virtualization
  - From: Pierre-Philipp Braun
- Re: OS-level virtualization
  - From: Aaron B.
- Re: OS-level virtualization
  - From: Martin Husemann
- Re: OS-level virtualization
  - From: Christos Zoulas
- Re: OS-level virtualization
  - From: Martin Husemann
- Re: OS-level virtualization
  - From: Austin Kim
- Re: OS-level virtualization
  - From: Rhialto

Prev by Date: Re: OS-level virtualization
Next by Date: ANNOUNCE: mk-configure-0.37.0 -- portable build system friendly to BSD developers
Previous by Thread: Re: OS-level virtualization
Next by Thread: Re: OS-level virtualization
Indexes:

Home | Main Index | Thread Index | Old Index