Date: Thu, 25 Nov 2021 01:49:16 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> To: Shawn Webb <shawn.webb@hardenedbsd.org>, Joseph Mingrone <jrm@FreeBSD.org> Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: Call for Foundation-supported Project Ideas Message-ID: <6f33be37-a7c1-6217-8646-30b7c0306226@quip.cz> In-Reply-To: <20211123232814.6vx3sqnsdvc52oc3@mutt-hbsd> References: <861r36xzpe.fsf@phe.ftfl.ca> <20211123232814.6vx3sqnsdvc52oc3@mutt-hbsd>
index | next in thread | previous in thread | raw e-mail
On 24/11/2021 00:28, Shawn Webb wrote: [...] > 3. jail orchestration in base. it's great that we have all these > disparate jail management ports, but we lack a fully > coherent/integreated solution. I'd love to see jail orchestration > get the same love as zfs in base. While we are talking about jail orchestration in base (which will be really useful to me as well) I would like to see better integration of jail in more aspects in base. Jails are part of the base for more than a decade but still kind of hidden (similar to cpuset - many users don't know about it / how to use it easily). Alexander Leidinger posted proposal in 2019 "automatic jailing of services (rc.d/*)" [1] with patch [2]. This seems useful and easy to implement in base to me. As far as I know, Alexander also have patch to allow run Xorg in jail. As for cpuset thing - 11 years ago I proposed patch to add support for cpuset in rc.subr for any service [3] PR 142434 [4]. I think it is even more useful these days as computers have really a lot of CPU cores. [1] https://lists.freebsd.org/pipermail/freebsd-jail/2019-February/003710.html [2] https://pastebin.com/LBZRezgu [3] https://lists.freebsd.org/pipermail/freebsd-rc/2010-January/001816.html [4] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=142434 Kind regards Miroslav Lachmanhelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6f33be37-a7c1-6217-8646-30b7c0306226>