From owner-freebsd-hackers@FreeBSD.ORG Sun Sep 12 19:54:39 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 07FFE16A4CE for ; Sun, 12 Sep 2004 19:54:39 +0000 (GMT) Received: from f26.mail.ru (f26.mail.ru [194.67.57.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id BC8FF43D48 for ; Sun, 12 Sep 2004 19:54:38 +0000 (GMT) (envelope-from shmukler@mail.ru) Received: from mail by f26.mail.ru with local id 1C6aQi-000KyU-00; Sun, 12 Sep 2004 23:54:32 +0400 Received: from [24.184.136.70] by msg.mail.ru with HTTP; Sun, 12 Sep 2004 23:54:32 +0400 From: Igor Shmukler To: Morten Liebach Mime-Version: 1.0 X-Mailer: mPOP Web-Mail 2.19 X-Originating-IP: [24.184.136.70] Date: Sun, 12 Sep 2004 23:54:32 +0400 In-Reply-To: <20040912183437.GF20097@mongers.org> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 8bit Message-Id: cc: freebsd-hackers@freebsd.org Subject: Re[2]: FreeBSD on Xserve? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Igor Shmukler List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Sep 2004 19:54:39 -0000 > > If original author wants to mature OS with MAC and SMP support SELinux > > might be a good candidate. > > However, Linux does not have jails. Only other OS that has them is > > Solaris 10 which does not run on PPC. > > There's something named User Mode Linux which seems to be a little like > jails. I haven't got the faintest idea how well it works. I could be wrong, but AFAIK UML is not same thing as jail. AFAIK, UML has a serious performance penalty. It used to work pretty well for 2.4.x kernels. However, there are associated issues with keeping UML up to date. I don't think UML ever made it into mainline. Jail is part of kernel. Personally, I think that if jail was available on Apple hardware it would be a serious argument for using FreeBSD instead of Linux. IBM boxes support virtualization, but Apple machines don't have that feature. The flip side is that probably most people who buy G5 machines are more concerned about FP performance. > > I am not sure what kind of stack protection was referred in the > > original email. OpenBSD has propolis, but I was under impression there > > is no such option in FreeBSD. I recall that it was decided that > > security by obscurity will not make it into the kernel. > > It's "propolice". Thank you for correcting me. Indeed I did not spell propolice correctly. > Maybe http://www.trl.ibm.com/projects/security/ssp/buildfreebsd.html > would be of interest. > > There's more than just obscurity to it, but it is obviously better to > have correct code to begin with, then things like Propolice isn't > needed... That's a choice of terminilogy. The word obscurity has no mathematical style definition.