From owner-freebsd-jail@FreeBSD.ORG Mon May 21 13:47:56 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 59FC31065670; Mon, 21 May 2012 13:47:56 +0000 (UTC) (envelope-from dwindsor@gmail.com) Received: from mail-we0-f182.google.com (mail-we0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id 7A6CA8FC18; Mon, 21 May 2012 13:47:54 +0000 (UTC) Received: by werg1 with SMTP id g1so4190212wer.13 for ; Mon, 21 May 2012 06:47:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=F4DZpLFC0dHIT9uEwYSWZElvWqepdi++zNk8IQ/LO78=; b=Bhxwiz6H5vvjTUyWE5GzXR0eKfuLGD889QPZGXlI7yom74uAl+bFfrS4r/4uZselIQ FcytGvEum4/0eSDtAwJ7UR1CBKhg48xfbyRtLW3ynCx3vkuLElXF4+N4t/XOD7w/2j6z SXQUMLpsiGGpt/ACwNDs7pmljPWKqIA4qhDXQCfRUyUCAOkbXVd4dr4MkmEY/zn1t2AI Tg6UD64jgSzkB37C0DGy8TuST6AIDHuX9ZDEdyn4dxqfveB8X/t+EBgtoy59VnoFslHG yLBvaoBDeA0FBnfoHjhyFISTDJsKj9xj2UAfCK97m55pJKC/WuexYLP8WQa8mxEJAmi5 vrMw== MIME-Version: 1.0 Received: by 10.180.107.99 with SMTP id hb3mr25671078wib.0.1337608073978; Mon, 21 May 2012 06:47:53 -0700 (PDT) Received: by 10.194.59.107 with HTTP; Mon, 21 May 2012 06:47:53 -0700 (PDT) Date: Mon, 21 May 2012 09:47:53 -0400 Message-ID: From: David Windsor To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-hackers@freebsd.org Subject: PID/UID namespaces X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 May 2012 13:47:56 -0000 Hi, While doing some research on FreeBSD jails, I came across an item in the jails' TODO: - be able to have a separate PID space for it - be able to specify a separate UID space for it In other projects, these goals have been accomplished using namespaces. I tried to see if PID/UID namespaces existed in BSD and came across something called Capsicum, a sandboxing project which does not appear to implement outright namespaces for descriptors like PID/UID, but uses something called a "Process Descriptor." Is namespacing of PIDs and UIDs an eventual goal of the jails project of FreeBSD? Thanks, David PS: Excuse my ignorance of anything related to BSD, as I come from a Linux background. -- PGP: 6141 5FFD 11AE 9844 153E F268 7C98 7268 6B19 6CC9