Jails for NetBSD – Kernel Enforced Isolation and Native Resource Control

 (netbsd-jails.petermann-digital.de)

38 points | by vermaden 4 hours ago

2 comments

  • ggm 4 hours ago
    I'll make the same comment I did on the other post about this. Either document how it differs from FreeBSD jails or give it some other name. Anything else is asking for confusion.
    [-]
    • __patchbit__ 2 hours ago
      That some other name: 'cells' (or 'tiles'), in the compositional sense of leaf and tree, forest, framework is more inviting for creative work than 'jails'.
    • dizhn 2 hours ago
      It's not a port of FreeBSD jails ?
    • LargoLasskhyfv 3 hours ago
      Does the third entry of the FAQ not suffice?
      [-]
      • ggm 1 hour ago
        No. A feature table would help. An abstraction/layer diagram. A lot more.

        Could bastille port to it as-is? How about podman?

        [-]
        • LargoLasskhyfv 1 hour ago
          > Could bastille port to it as-is? How about podman?

          He wrote things like these are out of scope.

          Just light and robust jails without further external dependencies.

          [-]
          • PunchyHamster 1 hour ago
            so it's useless then as you can't run anything you'd want to there
            [-]
            • LargoLasskhyfv 39 minutes ago
              Besides the fact it isn't even ready yet, of course you could run everything which runs on NetBSD in there. Just not the ways you're used to.

              IMO anything which makes NetBSD's base more complete is good.

              When it is ready, it remains to be seen which external tools may be ported to make use of the newly available internals. If ever.

  • DeathArrow 1 hour ago
    It would have been more interesting have they released something compatible with Open Container Initiative. Most people use Docker containers and having Docker compatible containers would have helped with improved adoption of BSDs.
    [-]
    • Gud 24 minutes ago
      No thanks. I prefer my jails just the way they are and think Docker sucks.
    • PunchyHamster 1 hour ago
      OCI is kinda layer above whatever solution is used for separation
    • jmclnx 28 minutes ago
      I have used jails and I still say it is far easier to maintain, lighter and more secure that what Linux has. The only good thing I can say about docker is it is easier to setup.

      Also the way I read the document, NetBSD's Jail is going to be very close to what FreeBSD does.