NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: NetBSD Jails



On Tue, 19 May 2020 21:26:02 -0700
"Greg A. Woods" <woods%planix.com@localhost> wrote:

> So what more is needed, beyond chroot and login classes, to make
> possible the kinds things like allowing a customer to install web-app
> "plugins" to their instance of a web server?  I can't think of
> _anything_ else that's _actually_ needed, other than management
> tooling to make it all clickety-web-GUI-ish.  You certainly don't
> need/want to give them root in their chroot.

Some things can be achieved with chroot and various other tools in
NetBSD, other things are not going to work with chroot. It's nothing to
do with GUI management, but the fundamental architecture of chroot.

I've started looking into this some time ago, as I wanted to partition
my applications into isolated zones, without using Xen or other
hypervisors. I don't use NetBSD for anything serious, so not concerned
about security implications at the moment, as this is mostly a toy
project.

So it is mainly looking at what NetBSD provides to restrict and manage
resources (CPU and memory limits, Veriexec and other security
frameworks, Rump, mount_null and mount_union, QoS for disk and network
I/O, etc). Not quite sure how this will work out in the end.


Home | Main Index | Thread Index | Old Index