Date: Thu, 17 Aug 2000 11:57:29 -0400 From: "Matthew Emmerton" <matt@gsicomp.on.ca> To: "The Hermit Hacker" <scrappy@hub.org> Cc: "Tony Finch" <dot@dotat.at>, <freebsd-ports@FreeBSD.ORG> Subject: Re: FreeVSD: Anyone working on porting this? Message-ID: <004101c00863$df8dca90$1200a8c0@matt> References: <Pine.BSF.4.21.0008160149560.92127-100000@thelab.hub.org>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "The Hermit Hacker" <scrappy@hub.org> To: "Matthew Emmerton" <matt@gsicomp.on.ca> Cc: "Tony Finch" <dot@dotat.at>; <freebsd-ports@FreeBSD.ORG> Sent: Wednesday, August 16, 2000 12:52 AM Subject: Re: FreeVSD: Anyone working on porting this? > On Sun, 13 Aug 2000, Matthew Emmerton wrote: > > > > The Hermit Hacker <scrappy@hub.org> wrote: > > > > > > > >http://www.freevsd.org/ > > > > > > Doesn't jail(8) achieve this? > > > > On the surface, it looks like jail(8) might just do what FreeVSD aims to > > provide. However, since jail(8) is only in 4.x, and lots of people > > (including myself) are still running 3.x, FreeVSD may be a good solution for > > those who aren't ready to upgrade to 4.x. > > okay, I just read scan'd through the pages for jail(8) and wonder how it > would deal with something like running sendmail on port 25 for IP # vs IP > #+1, writing its mail to a Cyrus mail spool, for instance ... > > My understanding/feel of FreeVSD is that it essentially built a "virtual > machine" similar to the way that VMware would do it, without all the > overhead ... but each 'virtual machine' would be attached to a unique IP, > and have its full range of ports still accessible to it ... Comparing the setup methods for FreeVSD and jail(8), they appear to be quite similar: In FreeBSD, you build a custom "jail-enabled" installation from the ground up, excluding kernel. In FreeVSD, you extract a minimal skeleton of system files and utilities, plus the special patched-for-VSD system binaries. Both FreeVSD and jail(8) expect the 'virtual machine' environment to run with a different IP from the host. BSD enforces this with custom binaries, VSD accomplishes this via a custom inetd and libvsd.a, which checks user/group privileges, quotas, and ensures that the 'virtual machine' is operating in it's proper environment. Overall, my opinion is that FreeVSD, while operating very similarly to jail(8), is a large, kludged hack to the RH6 codebase, and has many more opportunities for security loopholes to be found. As for your question regarding sendmail/cyrus, I believe the root of your concern is the fact that both virtual machines will use different filesystems, and you're wondering how sendmail will interact with Cyrus's deliver agent. Cyrus' deliver agent is just a wrapper for lmtpd, which can deliver mail remotely (via TCP) or locally (via sockets.) Hence, you could conceivably run sendmail using one jail(8)-ed environment and cyrus in another, with no problems with mail delivery. I think this just about closes the books on FreeVSD for FreeBSD. A nice idea, but one that we did better :) -- Matthew Emmerton GSI Computer Services +1 (800) 217-5409 (Canada) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004101c00863$df8dca90$1200a8c0>