FreeBSD on Xserve?
Igor Shmukler
shmukler at mail.ru
Sun Sep 12 12:54:39 PDT 2004
> > If original author wants to mature OS with MAC and SMP support SELinux
> > might be a good candidate.
> > However, Linux does not have jails. Only other OS that has them is
> > Solaris 10 which does not run on PPC.
>
> There's something named User Mode Linux which seems to be a little like
> jails. I haven't got the faintest idea how well it works.
I could be wrong, but AFAIK UML is not same thing as jail. AFAIK, UML has a serious performance penalty.
It used to work pretty well for 2.4.x kernels. However, there are associated issues with keeping UML up to date.
I don't think UML ever made it into mainline. Jail is part of kernel.
Personally, I think that if jail was available on Apple hardware it would be a serious argument for using FreeBSD instead of Linux.
IBM boxes support virtualization, but Apple machines don't have that feature. The flip side is that probably most people who buy G5 machines are more concerned about FP performance.
> > I am not sure what kind of stack protection was referred in the
> > original email. OpenBSD has propolis, but I was under impression there
> > is no such option in FreeBSD. I recall that it was decided that
> > security by obscurity will not make it into the kernel.
>
> It's "propolice".
Thank you for correcting me. Indeed I did not spell propolice correctly.
> Maybe http://www.trl.ibm.com/projects/security/ssp/buildfreebsd.html
> would be of interest.
>
> There's more than just obscurity to it, but it is obviously better to
> have correct code to begin with, then things like Propolice isn't
> needed...
That's a choice of terminilogy. The word obscurity has no mathematical style definition.
More information about the freebsd-hackers
mailing list