Network namespaces in FreeBSD
Ihor Antonov
ihor at antonovs.family
Thu Dec 24 16:15:35 UTC 2020
On 12/24/20 1:07 AM, Arthur Chance wrote:
> On 23/12/2020 18:40, Ihor Antonov wrote:
>> On 12/23/20 10:32 AM, Kristof Provost wrote:
>>> On 23 Dec 2020, at 19:22, Steve O'Hara-Smith wrote:
>>>> On Wed, 23 Dec 2020 16:48:11 +0000
>>>> Ameya Deshpande via freebsd-questions <freebsd-questions at freebsd.org>
>>>> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I am new to FreeBSD. I was wondering if there is concept like Network
>>>>> Namespaces in FreeBSD, like it is in Linux?
>>>>
>>>> There is something similar see man setfib for details.
>>>>
>>> I’ve only briefly played with linux network namespaces, but aren’t
>>> vnet jails much closer to that?
>>
>> I have more experience with Linux than with FreeBSD, so I don't know for
>> sure what setfib is about.
>>
>> VNET jails is the closest thing that comes to mind when comparing to
>> Linux network namespaces. Unlike Linux, in a jail you will get all other
>> namespaces separated too (e.g. mount, pid etc.)
>>
>> Unfortunately I don't know if it is possible to get exactly same
>> behavior as in Linux - share all other namespaces except for network
>> stack. I imagine you can get something like this with Capsicum, but it
>> would require making changes to the app.
>
> Wouldn't a VNET jail rooted at / effectively be that?
>
Last time I played with jails setting jail's root to '/' was not allowed
for some reason. I don't remember exact error message though.
I remember that I ended up null-mounting every directory in / (like bin,
sbin, etc,) to jail's root directory, and that was quite painful to do
manually.
Ihor
More information about the freebsd-questions
mailing list