From owner-freebsd-jail@FreeBSD.ORG Mon May 21 19:21:06 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 83D2C106564A; Mon, 21 May 2012 19:21:06 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) by mx1.freebsd.org (Postfix) with ESMTP id 5214C8FC0A; Mon, 21 May 2012 19:21:06 +0000 (UTC) Received: from julian-mac.elischer.org (c-67-180-24-15.hsd1.ca.comcast.net [67.180.24.15]) (authenticated bits=0) by vps1.elischer.org (8.14.5/8.14.5) with ESMTP id q4LJKxrW050526 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Mon, 21 May 2012 12:21:00 -0700 (PDT) (envelope-from julian@freebsd.org) Message-ID: <4FBA95A1.9050404@freebsd.org> Date: Mon, 21 May 2012 12:21:05 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.2.28) Gecko/20120306 Thunderbird/3.1.20 MIME-Version: 1.0 To: David Windsor References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-hackers@freebsd.org, freebsd-jail@freebsd.org Subject: Re: PID/UID namespaces X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 May 2012 19:21:06 -0000 On 5/21/12 6:47 AM, David Windsor wrote: > Hi, > > While doing some research on FreeBSD jails, I came across an item in the > jails' TODO: > > > - be able to have a separate PID space for it > - be able to specify a separate UID space for it > > In other projects, these goals have been accomplished using namespaces. I > tried to see if PID/UID namespaces existed in BSD and came across something > called Capsicum, a sandboxing project which does not appear to implement > outright namespaces for descriptors like PID/UID, but uses something called > a "Process Descriptor." > > Is namespacing of PIDs and UIDs an eventual goal of the jails project of > FreeBSD? "kinda" Note terribly explicitly, but somewhere in our collective subconscious.. > Thanks, > > David > > PS: Excuse my ignorance of anything related to BSD, as I come from a Linux > background. > >