Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 21 May 2012 20:26:15 +0100
From:      Chris Rees <crees@FreeBSD.org>
To:        David Windsor <dwindsor@gmail.com>
Cc:        freebsd-hackers@freebsd.org, freebsd-jail@freebsd.org
Subject:   Re: PID/UID namespaces
Message-ID:  <CADLo838voV_Xi%2BA_WjD3H7E_d4Qi%2BOdJYnHPoim5BbZAWnXFyg@mail.gmail.com>
In-Reply-To: <CAEXv5_igz7FLTipWeRKRM6DbTJ9-FDHZLjvhZ=929rmWNKQNww@mail.gmail.com>
References:  <CAEXv5_igz7FLTipWeRKRM6DbTJ9-FDHZLjvhZ=929rmWNKQNww@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On 21 May 2012 14:47, David Windsor <dwindsor@gmail.com> wrote:
> Hi,
>
> While doing some research on FreeBSD jails, I came across an item in the
> jails' TODO:
>
>
> =A0 - be able to have a separate PID space for it
> =A0 - be able to specify a separate UID space for it
>
> In other projects, these goals have been accomplished using namespaces. =
=A0I
> tried to see if PID/UID namespaces existed in BSD and came across somethi=
ng
> called Capsicum, a sandboxing project which does not appear to implement
> outright namespaces for descriptors like PID/UID, but uses something call=
ed
> a "Process Descriptor."
>
> Is namespacing of PIDs and UIDs an eventual goal of the jails project of
> FreeBSD?

It would certainly prevent many common problems when setting up jails;
UID collision is much more common than you'd think, given that the
default UIDs remain the same.

Chris



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADLo838voV_Xi%2BA_WjD3H7E_d4Qi%2BOdJYnHPoim5BbZAWnXFyg>