Date: Sun, 6 Jan 2019 20:09:54 +0100 (CET) From: Wojciech Puchar <wojtek@puchar.net> To: Alan Somers <asomers@freebsd.org> Cc: Wojciech Puchar <wojtek@puchar.net>, Cy Schubert <Cy.Schubert@cschubert.com>, Hackers freeBSD <freebsd-hackers@freebsd.org>, Igor Mozolevsky <igor@hybrid-lab.co.uk>, Enji Cooper <yaneurabeya@gmail.com> Subject: Re: Strategic Thinking (was: Re: Speculative: Rust for base system components) Message-ID: <alpine.BSF.2.20.1901062002230.54477@puchar.net> In-Reply-To: <CAOtMX2hvB9p9WJ2rBw8QLgpm6tvv9VVRDLdTJ0J07XNTfT14DQ@mail.gmail.com> References: <201901051953.x05JrucZ071109@slippy.cwsent.com> <alpine.BSF.2.20.1901061929510.48074@puchar.net> <CAOtMX2hvB9p9WJ2rBw8QLgpm6tvv9VVRDLdTJ0J07XNTfT14DQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>> why this "microservices" - which are simply complete programs without >> dependencies (or should be) - cannot be run simply as processes on >> different user accounts? > > Several reasons: > 1) Separate accounts don't provide as much security as separate > containers. Capsicum does, but people aren't used to using Capsicum I use separate processes and don't feel the lack of security. I don't use capsicum too. Could you explain it more precisely why standard process and user/group separation is insufficient? Simply access rights and setting security.bsd.see_other_uids=0 is enough for me. If something could be added then it would be limiting what ports can each user open. But it's not really a problem. > 2) Fragmentation. The Linux world is much more fragmented than the > FreeBSD world. It's hard to write a program that will work correctly That's what i agree with you. Anyway if these microservices would be statically linked this argument would be irrevelant. And from what i've read it's how microservices should be made. > 3) Fashion. You may not care about the latest IT craze, but a lot of > IT departments do. And you can't change their minds all by yourself. I don't even try to change their minds. I don't discuss with such people. You can discuss and present arguments to people that don't think. > If FreeBSD is to be used by people who deploy microservices, then it > needs to do what they want. That means it needs Docker or something > similar (IT admins won't want to learn ezjail if they're already > comfortable with Docker), or we need to convince people to use > CloudABI. CloudABI has the potential to outperform containers. It > just hasn't gained traction yet. > -Alan Docker is already in ports. If someone want to use it - what a problem? Anyway if they prefer linux let they use linux.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.20.1901062002230.54477>