Network namespaces in FreeBSD

Steve O'Hara-Smith steve at
Thu Dec 24 20:19:57 UTC 2020

On Thu, 24 Dec 2020 19:55:12 +0000 (UTC)
Ameya Deshpande via freebsd-questions <freebsd-questions at> wrote:

> - we can't null-mount a single file (useful to inject configs or 
> sockets; linux has mount --bind for that)
> - combining with jail's root on / it would be nice to be able to make 
> some parts of the tree read-only for the jail (or even hide them)

	There's a half formed idea which keeps coming back to me not really
well enough formed to do anything with - imagine being able to do something
like this:

pkg jail nginx --jail webserver-3 --ip4addr ...

	and obtain a jail with just enough in it to run nginx (or whatever
package you choose) and nothing else - by that I mean not a base system
with the necessary packages but a system stripped of everything but the
dependencies of the application - if the application doesn't need ls then
ls isn't there.

Steve O'Hara-Smith <steve at>

More information about the freebsd-questions mailing list