Hey!
First of all, I'm a pretty new FreeBSD user. I've mostly been using Linux, but there are certain aspects of FreeBSD that is pulling me in. The linux compat layer has so far been great, but there are certain limitations that is slightly... bothersome- and that is that a lot of the software I've been using on linux have been using various namespaces. Be it Steam, or or some other software.
So I decided to give it a try to see if I could start implementing namespaces (initially user namspaces), and so far it's been pretty fun writing on this. Still have a lot of things I need to figure out of course.
Now I have a few questions:
- Is linux containers something that FreeBSD should support, any interest in this?
- Would it be fair to say that any such implementation should not be a security feature? That is, this implementation cannot and should not be used as an alternative to jails. These would be more like "views" than actual namespacing and jailing? Or would that be an unacceptable limitation to namespaces?
I admit there is a whole lot I haven't thought through, and I've only recently started going through the kernel source learning this stuff as I go. While I see myself as a somewhat okay C developer, I haven't written any kernel code before, so it's something new alright!
Any thoughts?
First of all, I'm a pretty new FreeBSD user. I've mostly been using Linux, but there are certain aspects of FreeBSD that is pulling me in. The linux compat layer has so far been great, but there are certain limitations that is slightly... bothersome- and that is that a lot of the software I've been using on linux have been using various namespaces. Be it Steam, or or some other software.
So I decided to give it a try to see if I could start implementing namespaces (initially user namspaces), and so far it's been pretty fun writing on this. Still have a lot of things I need to figure out of course.
Now I have a few questions:
- Is linux containers something that FreeBSD should support, any interest in this?
- Would it be fair to say that any such implementation should not be a security feature? That is, this implementation cannot and should not be used as an alternative to jails. These would be more like "views" than actual namespacing and jailing? Or would that be an unacceptable limitation to namespaces?
I admit there is a whole lot I haven't thought through, and I've only recently started going through the kernel source learning this stuff as I go. While I see myself as a somewhat okay C developer, I haven't written any kernel code before, so it's something new alright!
Any thoughts?