From owner-freebsd-questions@freebsd.org Fri Dec 25 20:29:21 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0AEB84C95F5 for ; Fri, 25 Dec 2020 20:29:21 +0000 (UTC) (envelope-from 4250.82.1d4c700019ab420.1b18e03338e16615514b600557625a56@email-od.com) Received: from s1-b0c6.socketlabs.email-od.com (s1-b0c6.socketlabs.email-od.com [142.0.176.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4D2dp817n7z3r6K for ; Fri, 25 Dec 2020 20:29:19 +0000 (UTC) (envelope-from 4250.82.1d4c700019ab420.1b18e03338e16615514b600557625a56@email-od.com) DKIM-Signature: v=1; a=rsa-sha256; d=email-od.com;i=@email-od.com;s=dkim; c=relaxed/relaxed; q=dns/txt; t=1608928160; x=1611520160; h=content-transfer-encoding:content-type:mime-version:references:in-reply-to:message-id:subject:cc:to:from:date:x-thread-info; bh=Gc/mYyJ+47844JnX0ODDhkqxYkVF25gOlxhcJXTtExM=; b=MHjz7ktqm2n8Gt26cZoz9v63Hc0uhHGmhKIbc/9TejBqgIsDOfSkK4rvGpU2o1VcokaUAs0LKqliMXnQt9Ul1Q5m0o0c6kvUL+BsUFABPWlczqEGFoApVJG03TFIefg14bze6HTX3Hgp1THmnXV93qxQ469dVAuwtsqOng2O5vM= X-Thread-Info: NDI1MC45Mi4xZDRjNzAwMDE5YWI0MjAuZnJlZWJzZC1xdWVzdGlvbnM9ZnJlZWJzZC5vcmc= Received: from r1.us-east-2.aws.in.socketlabs.com (r1.us-east-2.aws.in.socketlabs.com [142.0.189.1]) by mxsg2.email-od.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Fri, 25 Dec 2020 15:29:09 -0500 Received: from smtp.lan.sohara.org (EMTPY [185.202.17.215]) by r1.us-east-2.aws.in.socketlabs.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Fri, 25 Dec 2020 15:29:08 -0500 Received: from [192.168.63.1] (helo=steve.lan.sohara.org) by smtp.lan.sohara.org with smtp (Exim 4.94 (FreeBSD)) (envelope-from ) id 1ksthy-000FQB-LY; Fri, 25 Dec 2020 20:29:06 +0000 Date: Fri, 25 Dec 2020 20:29:06 +0000 From: Steve O'Hara-Smith To: Tomasz CEDRO Cc: FreeBSD Questions Mailing List , Ameya Deshpande Subject: Re: Network namespaces in FreeBSD Message-Id: <20201225202906.72de7783912e4fb7744aa78c@sohara.org> In-Reply-To: References: <20201223182227.da6c11d3604eb07bb4f18ce5@sohara.org> <2581038e-fa0f-231d-ae33-1b42d50c8600@antonovs.family> <25fbf315-7aec-853c-cf69-a805805bd06e@antonovs.family> <9a80d70b-3f37-09ac-825f-c87e2c3e4925@qeng-ho.org> <5d38e65e-98e2-4c27-7ccb-37be93f868df@antonovs.family> <1687992626.3246491.1608839712067@mail.yahoo.com> <20201224201945.c8ce7c55c1ce68d729805a64@sohara.org> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.32; amd64-portbld-freebsd12.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4D2dp817n7z3r6K X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=email-od.com header.s=dkim header.b=MHjz7ktq; dmarc=none; spf=pass (mx1.freebsd.org: domain of 4250.82.1d4c700019ab420.1b18e03338e16615514b600557625a56@email-od.com designates 142.0.176.198 as permitted sender) smtp.mailfrom=4250.82.1d4c700019ab420.1b18e03338e16615514b600557625a56@email-od.com X-Spamd-Result: default: False [-2.70 / 15.00]; RWL_MAILSPIKE_GOOD(0.00)[142.0.176.198:from]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip4:142.0.176.0/20]; RCVD_COUNT_THREE(0.00)[4]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[email-od.com:+]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FORGED_SENDER(0.30)[steve@sohara.org,4250.82.1d4c700019ab420.1b18e03338e16615514b600557625a56@email-od.com]; RCVD_TLS_LAST(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[142.0.176.198:from]; ASN(0.00)[asn:7381, ipnet:142.0.176.0/22, country:US]; MID_RHS_MATCH_FROM(0.00)[]; FROM_NEQ_ENVFROM(0.00)[steve@sohara.org,4250.82.1d4c700019ab420.1b18e03338e16615514b600557625a56@email-od.com]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[email-od.com:s=dkim]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[sohara.org]; SPAMHAUS_ZRD(0.00)[142.0.176.198:from:127.0.2.255]; MIME_TRACE(0.00)[0:+]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[142.0.176.198:from]; FREEMAIL_CC(0.00)[freebsd.org,yahoo.com]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Dec 2020 20:29:21 -0000 On Fri, 25 Dec 2020 01:44:04 +0100 Tomasz CEDRO wrote: > On Thu, Dec 24, 2020, 21:20 Steve O'Hara-Smith wrote: > > > There's a half formed idea which keeps coming back to me not > > really well enough formed to do anything with - imagine being able to > > do something like this: > > > > pkg jail nginx --jail webserver-3 --ip4addr ... > > > > and obtain a jail with just enough in it to run nginx (or > > whatever package you choose) and nothing else - by that I mean not a > > base system with the necessary packages but a system stripped of > > everything but the dependencies of the application - if the application > > doesn't need ls then ls isn't there. > > > > Sounds like a great idea! Also sounds very "BSD Way"^TM.. could be the Thank you - I'll see if I can't get some simple cases going when time permits. > "Fire-and-Forget"^TM alternative of Docker on BSD if bundled > configurations could be also rolled/snapped/deployed that way :-) Packaged configuration sets could be a thing, with the application packages as dependencies so you just install the configuration set. The kind of load balanced, auto-deployed multi layer client-server over auto-configured vpns all from a YAML file magic that docker and kubernetes perform would still be some ways off. -- Steve O'Hara-Smith | Directable Mirror Arrays C:\>WIN | A better way to focus the sun The computer obeys and wins. | licences available see You lose and Bill collects. | http://www.sohara.org/