I can appreciate the spirit of that. Carry on good sir. Ken
On Thu, May 24, 2018 at 01:19:07PM +0200, Thomas Huber wrote: > Hi Ken, > > sure, thats the way to go for docker, kubernetes and [add buzzword here]. > The _why_ is more about tinkering and getting deeper into the rabbit-hole. > > Thomas > > > On 24 May 2018 at 12:51, Ken M <k...@mack-z.com> wrote: > > > > I want to ask the question of why? And why this way? I think if you want > docker > > like functionality, just add docker to openbsd. The best way to do so is > to add > > a lightweight linux into vmm and connect to that docker daemon. Alpine or > > Rancher are probably the best bet for that. > > > > I say nothing on the security of that. But at least you also get the > critical > > mass of pre-built images from the docker world. To me that is the real > value of > > docker anyway. As a containerization system I do not like it, but as a > means to > > make the OS less of a factor to an install, absolutely. > > > > Just my thoughts. > > > > On Thu, May 24, 2018 at 11:28:13AM +0200, Thomas Huber wrote: > > > Hi Reyk, > > > > > > no it is not about chroot-ing switchd. > > > What i have in mind is a kind of poor-mans kubernetes or docker-swarm > which > > > makes use of chroot(8), login.conf(5) and mount_vnd(8) to isolate, limit > > > and encapsulate some processes. > > > I´ll call this the "chroot-jail" and thought it is common wording after > > > reading about this topic across the internet. > > > Like in this (kind of outdated) tutorial: > > > > https://www.ibm.com/developerworks/community/blogs/karsten/entry/openbsd_chroot > > > The chroot-jail is basically a extracted base##.tgz plus dev, some users > > > and configs. > > > What I have in mind now with switchd is, to attach this chroot-jails the > > > same way like a virtual-machine. > > > > > > But also not sure if this makes sense anyway. > > > It´s more I kind of learning project for myself to see how things work > and > > > if they play nicely together. > > > And if this set-up works I´ld go on and use ansible to automate and to > > > "orchestrate" this parts. > > > > > > Thomas > > > > > > > > > > > > On 24 May 2018 at 00:35, Reyk Floeter <r...@openbsd.org> wrote: > > > > > > > > switchd is already privsep‘ed with a chroot jail. > > > > > > > > But I don’t quite understand what you mean. > > > > > > > > > Am 23.05.2018 um 10:35 schrieb Thomas Huber <miracu...@gmail.com>: > > > > > > > > > > Hi all, > > > > > > > > > > I´m just tinkering a little bit and try to mimic some > > > "containerization" on > > > > > OpenBSD with chroot. Is it somehow possible to attach a chrooted > > > > > envirionment to swtichd(8) ? > > > > > > > > > > Thanks > > > > > Thomas > >
