Hi Tech,

After reading about FreeBSD jails I naturally wondered whether OpenBSD
had a similar feature.  Well, I ran across sysjail.  Based on my
reading of the wikipedia article, it's my understanding that sysjail
was discontinued due to an inherent flaw involving race conditions.
If I understand correctly, sysjail used user-space wrappers to system
calls to enforce security policy, while FreeBSD jails are an in-kernel
sandboxing mechanism.  Assuming I'm not totally misunderstanding both
sysjail and FreeBSD jails (and admittedly I have much more research to
do), I'm curious as to whether the OpenBSD project has ever considered
implementing a full operating system-level virtualization technology
like FreeBSD jails.  I'd also be interested to hear any arguments for
or against implementing such jails in OpenBSD.  I have not conducted a
search of the mailing list archives beyond looking for discussion of
sysjail, so I apologize if this has already been thoroughly discussed
in another thread.  Thanks for your time and I really appreciate the
work you guys do in making a very high-quality and secure operating
system freely available.

-- 
-Dustin

Reply via email to