Hi, Well AFAIK there is no such thing yet in NetBSD (or at least officially). NetBSD 9 will have it's own "KVM" like virtualisation solution named NVMM for AMD64 ( AKA x86_64). You can use also Xen. There was a solution back in the time named "sysjail" but it's deprecated because of serious security issues (see https://en.wikipedia.org/wiki/Sysjail). I personally use sailor ( https://gitlab.com/iMil/sailor ) but it's not supported by the NetBSD team.
IMHO that's a project the NetBSD team should be working on. Jails/Zones/Container or any Kernel Level virtualisation would totally align with NetBSD goal : Portability On Thu, Oct 10, 2019 at 11:10 AM Luis P. Mendes <luisl...@gmx.com> wrote: > Hi, > > > I've been using FreeBSD and it's jail system to power my server needs. > One jail for the database server, providing a unix socket that is null > mounted at other jails with webservers, mainly. > > As I don't find many readings about this kind of setup in NetBSD, I'd > like to know what do you do regarding the need to secure a database > server, a webserver with php, for example. > > Do you chroot each service? > Use ldd to find the missing components for the services to run? > Do it all by hand or is there an automation tools that helps? > How about the network stuff? With jails and pf I can route some > traffic to a specific jail running some service. How do you manage > this in NetBSD land? > > > -- > > > Luis Mendes >
