Re: Freebsd Jails implementation over OpenBSD

[Ted U <grendel@heorot.stanford.edu>]

On Tue, 8 Jan 2002, geraldo busato wrote:

> Following the proactively secure statement of OpenBSD, I think it would
be indeed a good idea to implement the Jails functionality originally
> implemented over FreeBSD 4.0, which creates virtual machines over a
host machine. Certainly this would be safer than using plain chroot() for
> security as it is done today, and the jails would increase even more
the security in various enviroments. Also, the FreeBSD code brings safer
> and more functional chroot() code, which was patched accordingly to the
jail design. Implementing the code over OpenBSD wouldn't be trivial,

This has been gone over before.  I'm pretty sure it was basically vetoed.
It's a better use of time to fix buggy code than to work on
post-hitting-the-fan bandaids.

> 200 lines in two new kernel files. I guess it is a very nice idea, I
have the spare time to do it or at least to help a lot towards it. Do you
> think it is worth the time? I appreciate ideas and opinions.

Code it up.  Some people might appreciate it.  Even if it's not likely to
be merged into the sources, you might get it added to ports.



--
Ted - grendel@heorot.stanford.edu - http://heorot.stanford.edu/grendel/
"Welcome to Stanford.  There are no walls.  No guards.  But the campus
 is three weeks in every direction.  There is no escape, except death."