17.05.2020 7:02, Ihor Antonov wrote: > So far it seems that my endeavor is doomed. Any comments or suggestions are > appreciated.
You'll need to write and test lots of kernel-level code to achieve this. I'd suggest you re-think your decision about jails because it seems jails can really be the solution if you combine jail with other system abilities. For example, sharing subtree with r/o access is easily achieved using read-only nullfs mount. Also, shared PAM does not mean duplication of system user database, take a look at: man -k pam_|fgrep '(8)' Usage of jails does not require any modification of the application. I did it for multiple setups and it works perfectly. As last resort, you may run nested FreeBSD system using bhyve(8). _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"