Network namespaces in FreeBSD
Steve O'Hara-Smith
steve at sohara.org
Thu Dec 24 20:19:57 UTC 2020
On Thu, 24 Dec 2020 19:55:12 +0000 (UTC)
Ameya Deshpande via freebsd-questions <freebsd-questions at freebsd.org> wrote:
> - we can't null-mount a single file (useful to inject configs or
> sockets; linux has mount --bind for that)
> - combining with jail's root on / it would be nice to be able to make
> some parts of the tree read-only for the jail (or even hide them)
There's a half formed idea which keeps coming back to me not really
well enough formed to do anything with - imagine being able to do something
like this:
pkg jail nginx --jail webserver-3 --ip4addr ...
and obtain a jail with just enough in it to run nginx (or whatever
package you choose) and nothing else - by that I mean not a base system
with the necessary packages but a system stripped of everything but the
dependencies of the application - if the application doesn't need ls then
ls isn't there.
--
Steve O'Hara-Smith <steve at sohara.org>
More information about the freebsd-questions
mailing list