quBSD - A New Jails and bhyve Wrapper That Emulates Qubes

BawdyAnarchist · Feb 3, 2022

It's been quite a few months in the making, but I believe I have something good enough to share with the community. It's written in shell, based on zfs, and uses the underlying FreeBSD tools.

Here's a summary of features:

All workloads are run inside of jails
GUI jails! Comes with a pre-configured template
Network Isolation
NIC and USB PCI devices are isolated in separate VMs
- A series of gateway/tunnel jails provide network to client jails
- Host is always offline, except for updates/pkgs
- Just like Qubes has pristine templates, quBSD has *rootjails*
A set of scripts act as a simplying wrapper for daily use and mgmt
An installer script configures the intial setup of jails and VMs
Default i3 integration (but can be easily modified for any WM)
Useful setup, even if you're running headless.

I hope that people find it useful. Let me know what you think!

GitHub - BawdyAnarchist/quBSD: A FreeBSD jails and bhyve wrapper; which emulates a Qubes-like containerization schema

A FreeBSD jails and bhyve wrapper; which emulates a Qubes-like containerization schema - BawdyAnarchist/quBSD

github.com

grahamperrin · Feb 8, 2022

BawdyAnarchist said:
GUI jails!

Eyes widen!

I might take a look at the weekend. Thanks!

BawdyAnarchist · Feb 12, 2022

grahamperrin said:
Eyes widen!

I might take a look at the weekend. Thanks!

Cool! Shoot me a message if you have any questions or recommendations.

dchmelik · May 2, 2023

Does that mean it can run other *BSD/OpenSolaris/IllumOS or GNU/Linux inside? I'm most interested in usability of running programs from different OS in the same X session more than any extra security.

quBSD - A New Jails and bhyve Wrapper That Emulates Qubes

BawdyAnarchist

GitHub - BawdyAnarchist/quBSD: A FreeBSD jails and bhyve wrapper; which emulates a Qubes-like containerization schema

grahamperrin

BawdyAnarchist

dchmelik