17.05.2020 7:02, Ihor Antonov wrote:

> So far it seems that my endeavor is doomed. Any comments or suggestions are 
> appreciated.

You'll need to write and test lots of kernel-level code to achieve this.

I'd suggest you re-think your decision about jails because it seems jails can 
really be the solution
if you combine jail with other system abilities. For example, sharing subtree
with r/o access is easily achieved using read-only nullfs mount.

Also, shared PAM does not mean duplication of system user database,
take a look at: man -k pam_|fgrep '(8)'

Usage of jails does not require any modification of the application.
I did it for multiple setups and it works perfectly.

As last resort, you may run nested FreeBSD system using bhyve(8).

_______________________________________________
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"

Reply via email to