RE: Call for Foundation-supported Project Ideas

From: <paul.g.webster_at_googlemail.com>
Date: Thu, 25 Nov 2021 10:27:28 UTC
You can add Bhyve and IPFW to that list as well, though both are well
documented good examples and guides that are not ancient and out of date are
rare as gold dust.

-----Original Message-----
From: owner-freebsd-hackers@freebsd.org <owner-freebsd-hackers@freebsd.org>
On Behalf Of Miroslav Lachman
Sent: 25 November 2021 00:49
To: Shawn Webb <shawn.webb@hardenedbsd.org>; Joseph Mingrone
<jrm@FreeBSD.org>
Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org>
Subject: Re: Call for Foundation-supported Project Ideas

On 24/11/2021 00:28, Shawn Webb wrote:

[...]

> 3. jail orchestration in base. it's great that we have all these
>     disparate jail management ports, but we lack a fully
>     coherent/integreated solution. I'd love to see jail orchestration
>     get the same love as zfs in base.

While we are talking about jail orchestration in base (which will be really
useful to me as well) I would like to see better integration of jail in more
aspects in base. Jails are part of the base for more than a decade but still
kind of hidden (similar to cpuset - many users don't know about it / how to
use it easily).

Alexander Leidinger posted proposal in 2019 "automatic jailing of services
(rc.d/*)" [1] with patch [2]. This seems useful and easy to implement in
base to me.
As far as I know, Alexander also have patch to allow run Xorg in jail.

As for cpuset thing - 11 years ago I proposed patch to add support for
cpuset in rc.subr for any service [3] PR 142434 [4]. I think it is even more
useful these days as computers have really a lot of CPU cores.

[1]
https://lists.freebsd.org/pipermail/freebsd-jail/2019-February/003710.html
[2] https://pastebin.com/LBZRezgu
[3] https://lists.freebsd.org/pipermail/freebsd-rc/2010-January/001816.html
[4] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=142434

Kind regards
Miroslav Lachman