From nobody Thu Nov 25 22:18:51 2021
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 657DA18B0A5F
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Thu, 25 Nov 2021 22:19:00 +0000 (UTC)
	(envelope-from steffen@sdaoden.eu)
Received: from sdaoden.eu (sdaoden.eu [217.144.132.164])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4J0XN40yynz3DGL;
	Thu, 25 Nov 2021 22:18:59 +0000 (UTC)
	(envelope-from steffen@sdaoden.eu)
Received: from kent.sdaoden.eu (kent.sdaoden.eu [10.5.0.2])
	by sdaoden.eu (Postfix) with ESMTPS id 348E716056;
	Thu, 25 Nov 2021 23:18:52 +0100 (CET)
Received: by kent.sdaoden.eu (Postfix, from userid 1000)
	id 9C24320BE; Thu, 25 Nov 2021 23:18:51 +0100 (CET)
Date: Thu, 25 Nov 2021 23:18:51 +0100
Author: Steffen Nurpmeso <steffen@sdaoden.eu>
From: Steffen Nurpmeso <steffen@sdaoden.eu>
To: FreeBSD Hackers <freebsd-hackers@freebsd.org>
Cc: Miroslav Lachman <000.fbsd@quip.cz>,
 Shawn Webb <shawn.webb@hardenedbsd.org>,
 Joseph Mingrone <jrm@FreeBSD.org>
Subject: Re: Call for Foundation-supported Project Ideas
Message-ID: <20211125221851.RUtyA%steffen@sdaoden.eu>
In-Reply-To: <6f33be37-a7c1-6217-8646-30b7c0306226@quip.cz>
References: <861r36xzpe.fsf@phe.ftfl.ca>
 <20211123232814.6vx3sqnsdvc52oc3@mutt-hbsd>
 <6f33be37-a7c1-6217-8646-30b7c0306226@quip.cz>
Mail-Followup-To: FreeBSD Hackers <freebsd-hackers@freebsd.org>,
 Miroslav Lachman <000.fbsd@quip.cz>,
 Shawn Webb <shawn.webb@hardenedbsd.org>,
 Joseph Mingrone <jrm@FreeBSD.org>
User-Agent: s-nail v14.9.23-159-gccc1ac94e1
OpenPGP: id=EE19E1C1F2F7054F8D3954D8308964B51883A0DD;
 url=https://ftp.sdaoden.eu/steffen.asc; preference=signencrypt
BlahBlahBlah: Any stupid boy can crush a beetle. But all the professors in
 the world can make no bugs.
X-Rspamd-Queue-Id: 4J0XN40yynz3DGL
X-Spamd-Bar: ----
Authentication-Results: mx1.freebsd.org;
	none
X-Spamd-Result: default: False [-4.00 / 15.00];
	 REPLY(-4.00)[]
X-Spam: Yes
X-ThisMailContainsUnwantedMimeParts: N
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org

Miroslav Lachman wrote in
 <6f33be37-a7c1-6217-8646-30b7c0306226@quip.cz>:
 |On 24/11/2021 00:28, Shawn Webb wrote:
 |
 |[...]
 |
 |> 3. jail orchestration in base. it's great that we have all these
 |>     disparate jail management ports, but we lack a fully
 |>     coherent/integreated solution. I'd love to see jail orchestration
 |>     get the same love as zfs in base.
 |
 |While we are talking about jail orchestration in base (which will be 
 |really useful to me as well) I would like to see better integration of 
 |jail in more aspects in base. Jails are part of the base for more than a 
 |decade but still kind of hidden (similar to cpuset - many users don't 
 |know about it / how to use it easily).
 |
 |Alexander Leidinger posted proposal in 2019 "automatic jailing of 
 |services (rc.d/*)" [1] with patch [2]. This seems useful and easy to 
 |implement in base to me.
 |As far as I know, Alexander also have patch to allow run Xorg in jail.
 |
 |As for cpuset thing - 11 years ago I proposed patch to add support for 
 |cpuset in rc.subr for any service [3] PR 142434 [4]. I think it is even 
 |more useful these days as computers have really a lot of CPU cores.

All that is really great.  I have seen pkg got some jail-specific
improvements not too long ago.
What i always found desirable would be data sharing, without full
population of the file system; i.e., the jail overlays the base
filesystem via null mounts, and only gets writable storage for
dynamic data where desired.  What would be even more cool would be
if most of the filesystem would be hidden upon request, you know,
you give the name of the pkgs you want, and the rest gets
automatically removed; or even better, you start with anything
whiteout, and only un-whiteout desired pkg content.
Anyway like that disk space is saved, and all jails (managed like
that) automatically operate with the same set of files as the base
system does.
And for some base-system daemons predefined configs could be made
available, just enough to get them work; and some ports could ship
with the according recipe too; now that there is pkg everywhere.
(You know, i dreamed of that when jails came first, was this in
2004 with 5.3?  I still think it would be cool!)

 |[1] 
 |https://lists.freebsd.org/pipermail/freebsd-jail/2019-February/003710.html
 |[2] https://pastebin.com/LBZRezgu
 |[3] https://lists.freebsd.org/pipermail/freebsd-rc/2010-January/001816.html
 |[4] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=142434
 |
 |Kind regards
 |Miroslav Lachman
 |
 --End of <6f33be37-a7c1-6217-8646-30b7c0306226@quip.cz>

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)