[posting to misc since this is not appropriate for tech where I originally sent it]
Hi misc, After reading about FreeBSD jails I naturally wondered whether OpenBSD had a similar feature. Well, I ran across sysjail. It's my understanding that sysjail was discontinued due to an inherent flaw involving race conditions. If I understand correctly, systrace/sysjail uses system call wrappers to enforce security policy, while FreeBSD jails are an in-kernel sandboxing mechanism. Assuming I'm not totally misunderstanding both sysjail and FreeBSD jails (and admittedly I have much more research to do), I'm curious as to whether the OpenBSD project has ever considered implementing a full operating system-level virtualization technology like FreeBSD jails. I'd also be interested to hear any arguments for or against implementing such jails in OpenBSD. Perhaps it's just a matter of someone being interested enough to take the plunge? Thanks for your time and thanks for creating a great operating system! -- -Dustin
