On Wed, Jan 09, 2013 at 07:28:41AM +0000, John Long wrote: > I use Solaris zones to isolate a lot of stuff and I can host shell accounts > and occasional open source projects safely as far as I know. I would like to > be able to offer OpenBSD shell accounts but I don't know how to do that > safely without dedicating a machine to it so I haven't done it. I think > there would be a lot of value in zones/jails on OpenBSD. Mostly zones are a > superior solution to virtualbox/vmware etc. because they're very light and > provide good isolation and resource control and make good overall use of the > hardware.
As you know on Solaris a zone can use limited resources. So first OpenBSD would need to have a feature to group processes into resource pools to limit resources usage. Then WPAR/zone/lxc-like feature would make *real* sense. For shell accounts you can right now just use sshd with chroot and manage each chroot with jailkit. If you need temporary environment for devs, check oVirt and their 'pool' funcionality which offers 'pool' of VMs where each one can be stateless. jirib
