sysjail: OpenBSD "jail" implementation

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

sysjail: OpenBSD "jail" implementation

Kristaps Johnson-2

For those enjoying FreeBSD's jail utility, we're pleased to announce a
user-space implementation for OpenBSD (using systrace.4).

From the introduction:

``sysjail is a userland virtualisation system for operating systems
supporting the systrace library. It is developed on and currently supports
OpenBSD. The first generation of sysjail is as close to a drop-in
replacement for FreeBSD's jail subsystem as permitted. As with a jail,
processes within a sysjail are disallowed resources belonging to the
system proper, known as the "host" system, or other sysjail instances.
While sysjail currently behaves as an OpenBSD implementation of jail, it
has the potential to provide significant auditing, profiling and debugging
tools allowing full auditing of intercepted system calls, run-time
modification and extension of policies, etc. The sysjail sources are
released mainly under OpenBSD's 3-part license.''

sysjail is suggested only for experienced operators at this time.  We
welcome bug reports and jail-compliance notes!

Thanks, and hope this is useful,
Kristaps & Maikls