From owner-freebsd-hackers@FreeBSD.ORG  Mon May 21 19:26:47 2012
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 564A61065674;
	Mon, 21 May 2012 19:26:47 +0000 (UTC)
	(envelope-from utisoft@gmail.com)
Received: from mail-bk0-f54.google.com (mail-bk0-f54.google.com
	[209.85.214.54])
	by mx1.freebsd.org (Postfix) with ESMTP id 9FAA28FC23;
	Mon, 21 May 2012 19:26:46 +0000 (UTC)
Received: by bkvi18 with SMTP id i18so5868132bkv.13
	for <multiple recipients>; Mon, 21 May 2012 12:26:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:sender:in-reply-to:references:from:date
	:x-google-sender-auth:message-id:subject:to:cc:content-type
	:content-transfer-encoding;
	bh=RnV2xWrS9cGpVO/sgyoZ8src6UMP30WTcC8P1Ac/3cI=;
	b=VvUtGirvBZGmzcHeZgGfN1AvKM7MUCMaBB5mUm3eJBjUVTiEFc+kBhGHVAZT14QuTQ
	GiJ9dArEBvFCsgQXo+rqza4SUEA90I3fZ+Otp5OXgaXfEzDzsmXk8gjcvfvqWgACEXb3
	gNJ5e4y0CiWIW7BWgx90Ev4qpY6J354I5yjqUImZmrcmsxToKnS2mRzZTtRPdCeHDDN1
	AOzIOdBBkY/4Sn7EVf+pQFZ1R5Cg9X9h7dUxV2qLl5DzUMY5YjBYDSGIiW2XggRLzJbd
	g8rbMyxt2y0pXKgJ3H8lh/4RDSxP2wk0VJ5R3RA4rOZoBvNSfYudqK6CsdKg6j0Xl/C3
	Dl4w==
Received: by 10.204.154.214 with SMTP id p22mr8097532bkw.115.1337628405499;
	Mon, 21 May 2012 12:26:45 -0700 (PDT)
MIME-Version: 1.0
Sender: utisoft@gmail.com
Received: by 10.204.171.138 with HTTP; Mon, 21 May 2012 12:26:15 -0700 (PDT)
In-Reply-To: <CAEXv5_igz7FLTipWeRKRM6DbTJ9-FDHZLjvhZ=929rmWNKQNww@mail.gmail.com>
References: <CAEXv5_igz7FLTipWeRKRM6DbTJ9-FDHZLjvhZ=929rmWNKQNww@mail.gmail.com>
From: Chris Rees <crees@FreeBSD.org>
Date: Mon, 21 May 2012 20:26:15 +0100
X-Google-Sender-Auth: BreNSxghnRaCkGnboNNdn2Koj34
Message-ID: <CADLo838voV_Xi+A_WjD3H7E_d4Qi+OdJYnHPoim5BbZAWnXFyg@mail.gmail.com>
To: David Windsor <dwindsor@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: freebsd-hackers@freebsd.org, freebsd-jail@freebsd.org
Subject: Re: PID/UID namespaces
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 21 May 2012 19:26:47 -0000

On 21 May 2012 14:47, David Windsor <dwindsor@gmail.com> wrote:
> Hi,
>
> While doing some research on FreeBSD jails, I came across an item in the
> jails' TODO:
>
>
> =A0 - be able to have a separate PID space for it
> =A0 - be able to specify a separate UID space for it
>
> In other projects, these goals have been accomplished using namespaces. =
=A0I
> tried to see if PID/UID namespaces existed in BSD and came across somethi=
ng
> called Capsicum, a sandboxing project which does not appear to implement
> outright namespaces for descriptors like PID/UID, but uses something call=
ed
> a "Process Descriptor."
>
> Is namespacing of PIDs and UIDs an eventual goal of the jails project of
> FreeBSD?

It would certainly prevent many common problems when setting up jails;
UID collision is much more common than you'd think, given that the
default UIDs remain the same.

Chris