[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Freebsd Jails implementation over OpenBSD
----- Original Message -----
From: "Attila Nagy" <bra@fsn.hu>
To: "geraldo busato" <anorexia@softhome.net>
Cc: "Artur Grabowski" <art@blahonga.org>; <tech@openbsd.org>
Sent: Wednesday, January 09, 2002 6:07 AM
Subject: Re: Freebsd Jails implementation over OpenBSD
> Don't forget that there is an ongoing project called jail-ng, which wants
> to improve (or rewrite) the jail code in FreeBSD.
> That is because that jail implementation is basically a "quick hack" and
> should be implemented more thoroughly (just think about the IPv6 support,
> the jail-naming, managing issues).
>
> But I think (for replying to a previous post) the jail isn't just a
> security feature. It seems to me that the original jail idea was to
> provide virtual machines for customers on a large machine, not provide
> ultimate high security.
>
I use FBSD jails extensively, and agree that their use goes well beyond "just
security."
They are good for everything from creating test environments to containing
braindead(but needed) commercial software that insists on grabbing every
available IP on the box.
There are other ways of accomplishing much of what FBSD jails do, but they are
a nice neat package to do it all in.
But I also agree that the FBSD code is probably not worth much more than
conceptual reference, helping to point out what/where some of the
issues/problems may be. I'd love to see the functionality in OBSD, but
wouldn't want a quick hack.
The jail-ng stuff does look good, I'll be happy to get it when 5.0 sees the
light of day. If OBSD decides to embark on the task, jail-ng would certainly
be the base to start from.
Jerry