Re: Call for Foundation-supported Project Ideas

In reply to: Miroslav Lachman : "Re: Call for Foundation-supported Project Ideas"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Steffen Nurpmeso <steffen_at_sdaoden.eu>
Date: Thu, 25 Nov 2021 22:18:51 UTC
Miroslav Lachman wrote in
 <6f33be37-a7c1-6217-8646-30b7c0306226@quip.cz>:
 |On 24/11/2021 00:28, Shawn Webb wrote:
 |
 |[...]
 |
 |> 3. jail orchestration in base. it's great that we have all these
 |>     disparate jail management ports, but we lack a fully
 |>     coherent/integreated solution. I'd love to see jail orchestration
 |>     get the same love as zfs in base.
 |
 |While we are talking about jail orchestration in base (which will be 
 |really useful to me as well) I would like to see better integration of 
 |jail in more aspects in base. Jails are part of the base for more than a 
 |decade but still kind of hidden (similar to cpuset - many users don't 
 |know about it / how to use it easily).
 |
 |Alexander Leidinger posted proposal in 2019 "automatic jailing of 
 |services (rc.d/*)" [1] with patch [2]. This seems useful and easy to 
 |implement in base to me.
 |As far as I know, Alexander also have patch to allow run Xorg in jail.
 |
 |As for cpuset thing - 11 years ago I proposed patch to add support for 
 |cpuset in rc.subr for any service [3] PR 142434 [4]. I think it is even 
 |more useful these days as computers have really a lot of CPU cores.

All that is really great.  I have seen pkg got some jail-specific
improvements not too long ago.
What i always found desirable would be data sharing, without full
population of the file system; i.e., the jail overlays the base
filesystem via null mounts, and only gets writable storage for
dynamic data where desired.  What would be even more cool would be
if most of the filesystem would be hidden upon request, you know,
you give the name of the pkgs you want, and the rest gets
automatically removed; or even better, you start with anything
whiteout, and only un-whiteout desired pkg content.
Anyway like that disk space is saved, and all jails (managed like
that) automatically operate with the same set of files as the base
system does.
And for some base-system daemons predefined configs could be made
available, just enough to get them work; and some ports could ship
with the according recipe too; now that there is pkg everywhere.
(You know, i dreamed of that when jails came first, was this in
2004 with 5.3?  I still think it would be cool!)

 |[1] 
 |https://lists.freebsd.org/pipermail/freebsd-jail/2019-February/003710.html
 |[2] https://pastebin.com/LBZRezgu
 |[3] https://lists.freebsd.org/pipermail/freebsd-rc/2010-January/001816.html
 |[4] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=142434
 |
 |Kind regards
 |Miroslav Lachman
 |
 --End of <6f33be37-a7c1-6217-8646-30b7c0306226@quip.cz>

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)