FreeBSD development seems lost

[rbranco]

I think we'd need some kind of design document to discuss the concept. For instance, in Linux rootless podman is an approach to set up systemd to allow users to interact directly with systemd without root privileges. I think what we need here is to review what kind of exposures might there be should we choose to make /usr/sbin/bhyve* setuid root or better, capsicumize bhyve.

Rootless containers don't need Systemd at all. You can run rootless Podman & Docker on Alpine Linux.

 

[rbranco]

Take a look at any of the presentations done by Aleksa Sarai to make rootless containers happen on Linux. Here are some:

https://events.static.linuxfound.org/sites/events/files/slides/rootless-containers-2016.pdf

Rootless Containers | Rootless Containers

Rootless Containers

rootlesscontaine.rs

 

[cy@]

Rootless containers don't need Systemd at all. You can run rootless Podman & Docker on Alpine Linux.

If running by hand, yes. All my users expect their pods be started at boot. To enable this we must,

usermod -a -G systemd-journal users_service_account

Then allow the service the pod runs under to linger after the users logs out:

loginctl enable-linger user_service_account

To run the pod they would use systemd-run.

Otherwise there are limitations.

We don't let users run "production" workloads under podman. Only test/dev. Real production must be run in the on-prem cloud instance (OpenShift).

 

[rbranco]

If running by hand, yes. All my users expect their pods be started at boot. To enable this we must,

Podman only requires Systemd for quadlets. Podman can also be run as a daemon:

podman-system-service — Podman documentation

podman-remote — Podman documentation

 

[bored2tears]

Normally when a user logs into a Linux box systemd creates a context but if a user su's or sudo's to a service account no such context is created. Hence they must "tell" systemd to create a context for them. We have no such BS in FreeBSD.

That BS is called dbus session and many more software (especially wayland portal stuff) just ouright breaks. Flatpak, pipewire, wayland, podman, whatever. You log in weird way (through a chroot or with ssh tied to Ansible) dbus wont be engaged and some software just wont work.

 

[T-Aoki]

Rootless containers don't need Systemd at all.

As cy@ already noted, FreeBSD doesn't have Systemd at all. What FreeBSD has is a variant of legacy init() + rc (having rc.d).

 

[cy@]

As cy@ already noted, FreeBSD doesn't have Systemd at all. What FreeBSD has is a variant of legacy init() + rc (having rc.d).

And I'm sure it will stay that way. Not the least of which systemd is GPL.

 

[rbranco]

As cy@ already noted, FreeBSD doesn't have Systemd at all. What FreeBSD has is a variant of legacy init() + rc (having rc.d).

I know.

 

[cy@]

That BS is called dbus session and many more software (especially wayland portal stuff) just ouright breaks. Flatpak, pipewire, wayland, podman, whatever. You log in weird way (through a chroot or with ssh tied to Ansible) dbus wont be engaged and some software just wont work.

My customer with their 1400 RHEL servers live in that world.

 

[hasbeen]

And many are trying to do the same with a bicycle, for over 100 years, reinventing the travel on 2 wheels. They started with steel frame, then various metal alloys and now composites. They redesigned the frame, gearing, handle bars, seat and electrified that old tech. But, the latest and greatest bike still needs 2 pedals, 2 wheels and 2 human legs to get going. So, my old free old tech bike works for me, it gets me going just like the FreeBSD if I loose my bike, I'll walk to get there.