From owner-freebsd-questions@freebsd.org Fri Dec 25 00:44:18 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CC6BB4B04E4 for ; Fri, 25 Dec 2020 00:44:18 +0000 (UTC) (envelope-from tomek@cedro.info) Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4D27Vp0t7rz3psp for ; Fri, 25 Dec 2020 00:44:17 +0000 (UTC) (envelope-from tomek@cedro.info) Received: by mail-ed1-x52e.google.com with SMTP id g24so3227747edw.9 for ; Thu, 24 Dec 2020 16:44:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cedro.info; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=tzzWevn9I2PTc3rEp6OEVGn1rp610PHPKODouXF5Kzs=; b=CtOb5y0j0CFDT8sgfleNMJh7Z1dKzxC+Sgc/yZc+Kb8g867+bB/7d9v145QV7lpUCK JvQ1SAXa7NffJzz6WBdEA9Y2VEkTMMmwLWfPD5D24vi41hIINc7voPFg02dBEhr6Kwv3 g3LVLv2mFWBvzl3ShlSLP+UKEAo8of2K0Kc8jF4BUtCOu/PePLK3lZ9mdFRAmkCc+FK6 yRyVy/aqxLg8OUx3/i7nStUOZ9HYu/I/YdpxdUlmYSi9iN/nKjTTbg9kSdYPS7pb8lhZ eO6SU6FBM+7Uhz+Rale6z1In+edyPXJdO8+EU3NGU2DnTLuTyWQBBV27axZohm1C/UzQ TlGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=tzzWevn9I2PTc3rEp6OEVGn1rp610PHPKODouXF5Kzs=; b=n9s9W0UrEx5jszrQ5l2mgT/R4qpZAVMa6GSJbx5/2cT/Womxflf0mJanOg4lZwvEIY //eX9x+EYfC+GwdPIRBOY6K8apYZbx8ulaqFhtUZzWCtbaPovOzbUskM+XI9cg2c7xh8 P082GaQpe2KTyD+h4aPS8Kxgk0jbTk45Wh2ptiqWGdzR2T8UoUU6ClTsTENxNMAQmbw0 eZe2rlOqhc2aYO5d90zLJgbjcv9dLs7vFAZRrYTtLlScfB25gmDdt2x5/T0v2sXgyA4V M1Vu/ftX9tbcKVQENmkU6N9N4kYBm8A7f2PiHIS5V2//lsg0cvJpjjHXSGI9TKyb5ovj oggQ== X-Gm-Message-State: AOAM533P4OHKeMleBgKvqHeL2/kBk6/bYGdzAYNAFnLjZp2UKgjprAX5 PWc1bxUMhMvbtBzPgnuEVLxGHgtvBs5V2yGsIyz4YqcpgIDZvg== X-Google-Smtp-Source: ABdhPJzkaQg49oNvfzBNh8Z22U2zgQJoXgZvfR4XiA8YwREJucsEYrOV4LX3rcDJYjfwHZl2L1l3OS+wXIn9Rnkmwd8= X-Received: by 2002:a05:6402:1caa:: with SMTP id cz10mr30658972edb.345.1608857055821; Thu, 24 Dec 2020 16:44:15 -0800 (PST) MIME-Version: 1.0 References: <20201223182227.da6c11d3604eb07bb4f18ce5@sohara.org> <2581038e-fa0f-231d-ae33-1b42d50c8600@antonovs.family> <25fbf315-7aec-853c-cf69-a805805bd06e@antonovs.family> <9a80d70b-3f37-09ac-825f-c87e2c3e4925@qeng-ho.org> <5d38e65e-98e2-4c27-7ccb-37be93f868df@antonovs.family> <1687992626.3246491.1608839712067@mail.yahoo.com> <20201224201945.c8ce7c55c1ce68d729805a64@sohara.org> In-Reply-To: <20201224201945.c8ce7c55c1ce68d729805a64@sohara.org> From: Tomasz CEDRO Date: Fri, 25 Dec 2020 01:44:04 +0100 Message-ID: Subject: Re: Network namespaces in FreeBSD To: "Steve O'Hara-Smith" Cc: FreeBSD Questions Mailing List , Ameya Deshpande X-Rspamd-Queue-Id: 4D27Vp0t7rz3psp X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=cedro.info header.s=google header.b=CtOb5y0j; dmarc=none; spf=none (mx1.freebsd.org: domain of tomek@cedro.info has no SPF policy when checking 2a00:1450:4864:20::52e) smtp.mailfrom=tomek@cedro.info X-Spamd-Result: default: False [-1.84 / 15.00]; RCVD_TLS_ALL(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[cedro.info:s=google]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; NEURAL_SPAM_SHORT(0.46)[0.455]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[cedro.info]; SPAMHAUS_ZRD(0.00)[2a00:1450:4864:20::52e:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[cedro.info:+]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::52e:from]; R_SPF_NA(0.00)[no SPF record]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RBL_DBL_DONT_QUERY_IPS(0.00)[2a00:1450:4864:20::52e:from]; RCVD_COUNT_TWO(0.00)[2]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; MAILMAN_DEST(0.00)[freebsd-questions]; FREEMAIL_CC(0.00)[freebsd.org,yahoo.com] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Dec 2020 00:44:18 -0000 On Thu, Dec 24, 2020, 21:20 Steve O'Hara-Smith wrote: > There's a half formed idea which keeps coming back to me not really > well enough formed to do anything with - imagine being able to do something > like this: > > pkg jail nginx --jail webserver-3 --ip4addr ... > > and obtain a jail with just enough in it to run nginx (or whatever > package you choose) and nothing else - by that I mean not a base system > with the necessary packages but a system stripped of everything but the > dependencies of the application - if the application doesn't need ls then > ls isn't there. > Sounds like a great idea! Also sounds very "BSD Way"^TM.. could be the "Fire-and-Forget"^TM alternative of Docker on BSD if bundled configurations could be also rolled/snapped/deployed that way :-) -- CeDeROM, SQ7MHZ, http://www.tomek.cedro.info >