| |||||||||||||
init in Debianinit in DebianPosted Apr 25, 2012 22:05 UTC (Wed) by mpr22 (subscriber, #60784)In reply to: init in Debian by slashdot Parent article: Shuttleworth: Quality has a new name The inescapable process grouping is important (it seems to me the second most attractive feature after the whole "simple cases are much simpler" effect from the declarative config). Does any kernel other than Linux provide a comparable feature with close-enough semantics? Are the maintainers of any kernel other than Linux contemplating providing such a feature?
(Log in to post comments)
init in Debian Posted Apr 25, 2012 23:07 UTC (Wed) by mathstuf (subscriber, #69389) [Link]
<idea category="crazy">
On FreeBSD, the system could just set up a jail for each service. Mount filesystems as nullfs (for bonus points, be smart about ro and rw directory mounting[1]). It would need some changes so that the jail has the same IP and network view as the main system, but that might be minor compared to what a full cgroups implementation would be like.
[1]The .service file could even have this information and then systemd could set up top-level filters for open; FreeBSD would get it for "free" under the jails with selective mounts while Linux would need syscall filtering or automatic LXC creation.
init in Debian Posted Apr 25, 2012 23:32 UTC (Wed) by Cyberax (✭ supporter ✭, #52523) [Link]
Uhm. You might check the recent systemd.
It does filesystem confinement just fine (using cgroups), along with secure per-app /tmp.
init in Debian Posted Apr 26, 2012 2:48 UTC (Thu) by mathstuf (subscriber, #69389) [Link]
Ah, didn't know that.
|
|||||||||||||