BSD Jails, a Better Virtual Server?

gManZboy writes "Poul-Henning Kamp, a FreeBSD committer, has an article up about BSD Jails as part of Queue's special report on virtual machines. He describes BSD's interesting 'semi-permeable' approach to VMs, and the importance of security in VM architectures. The article is co-written by Robert Watson, a DARPA principal investigator in the Host Intrusion Protection (HIP) Research Group at McAfee Research."

How is this different?

[shaitand]

In what way does this differ from a linux VM, what are the up's and downs?

Re:How is this different?

[astrashe]

I just saw a blog post today, about user mode linux, and the grief it inflicts:

http://www.golden-gryphon.com/blog/manoj/softwar e/ misc/manoj.2004.07.27.html

I don't know that's not a direct answer to your question, but I think it's one of the main differences between doing this sort of thing on BSD and Linux.

Re:How is this different?

UML should be getting merged into the kernel around 2.6.9 or so. With the 2.6 kernel's support for nonlinear mappings, UML can run with virtually no performance penalty.

UML is the better way of doing a virtual environment because it isn't intrusive and provides a protected environment, which, even if it is hacked leaves the running kernel intact. Unlike jails, which partitions different tasks within the single kernel.

Re:How is this different?

[_Sharp'r_]

Naw, better to run Linux compatibility mode within a FreeBSD jail and then use UML inside that.

If that doesn't confuse the users and crackers alike, I don't know what will....

Re:How is this different?

Actually, you are clueless. You don't need "jails" in BSD to prevent a user from "seeing" all processes! Read the FreeBSD handbook before trolling.

Re:How is this different?

[ptaff]

The Linux VServer Project is a similar beast, if not the original inspiration. It's available as a kernel patch for linux-2.4 (and almost ready for 2.6), plus a handful of userspace utilities.

The idea revolves around isolated contexts, each with a different IP address - so in practice you access each of the vservers as a different machine, with its own filesystem, users, processes, semaphores, ...

As you can chroot your applications to make them see different parts of the filesystem as /, you use this patch to make each vserver see different parts of the global process table - so that each vserver doesn't know about the others. Should you want to access a vserver from another vserver, you must think like they're two different machines - use the network.

As the gist of it is the isolation between processes and NOT emulation, you experience absolutely no overhead (unlike UML). And if you worry about disk space (as each vserver owns in fact a complete /), you can hardlink files between vservers, so that the second, third and son on vservers may have a disk space cost as small as 30MB. Memory-wise, it's a bit more hungry as you'd like to have crond, sshd and so on running in every vserver.

Work is being done to circumvent one of the disadvantages: a vserver can drown the whole machine as resources are not really yet limited for a particular context.

Re:How is this different?

So can I have more than one jail cell on the same BSD system, and put them all in the same directory so they're all in one place? It would be like The Green Mile.

Re:How is this different?

[tigga]

The Linux VServer Project is a similar beast, if not the original inspiration.

Common, jail appeared in FreeBSD in 1999 and Vserver patches appeared in when, 2001 ?

Re:How is this different?

maybe colinux will... a sort of user mode linux on top of windows...

Re:How is this different?

[walt-sjc]

It seems it would be possible to start a jail, give it an IP address, install FreeBSD into the jail, NAT out the SSH port from the jail and give the root password of the jail to the "virtual server admin".

Indeed, that is exactly what some hosting companies are doing. I played around inside a BSD jail as root with one of these $15 / month virtual servers. It actually worked Very well, allowing me to compile my own applications including installing the BSD ports collection. I'm quite impressed. Apparently this hosting company runs up to 120 jails per system. The system I was on only had about 30, and I was seeing loads of up to 20. For this reason, I canceled the account, but the concept is quite sound.

The BSD jail more like a super chroot than usermode linux- a LOT more isolation than just the file system, but less than a true VM. It seems to have much less overhead than a full VM such as vmware or UML. Hardware is not virtualized, but rather just more restricted.

This is great for running things like mail servers, web servers, etc. especially where you want to give applications the ability to run external scripts / CGI's without most the security issues that come along with it.

Re:How is this different?

[mccoma]

oh great, security through "My $DIETY, this guy is insane.... I need to hack something else"

thinking about it, it would probably work.

Re:How is this different?

[Just+Some+Guy]

Yep, that's about right. In fact, that's how I run a newsserver and a Freenet node inside their own virtual environments.

One non-obvious point is that the chroot directory need not be a full (or even partial) FreeBSD installation. At one time I managed to do a complete Gentoo install using FreeBSD's Linux emulation and pointed the "jail" command at that directory. Voila - a full simulated Linux environment. Other than the inability to load Linux kernel modules, it looked and acted pretty much exactly like any typical bare-metal setup.

Plug: for easy management, install my JailAdmin port. Loads of secure environment goodness!

Re:How is this different?

[gtrubetskoy]

The Linux VServer Project is a similar beast, if not the original inspiration.

I believe somewhere on the VServer pages it mentions that it is basically the same thing as FreeBSD jail, so the inspiration most definitely comes from FreeBSD.

However, I think the Linux VServer people right now have a leg up on FreeBSD jails. I really like the idea of contexts 0 and 1, where 'killall -HUP named' does not result in all named's in jails be restarted and ps and top aren't cluttered with jailed processes. The unify tool that finds same files and hardlinks them is really nice, and the disk space limits per context is great.

Re:How is this different?

[ultranova]

And if you worry about disk space (as each vserver owns in fact a complete /), you can hardlink files between vservers, so that the second, third and son on vservers may have a disk space cost as small as 30MB.

So if I give root password to one of the contexts to a user, and he proceeds to owerwrite the C library with "youresmartbutiamsmarterthanyouresmartbut..." I'm screwed ?

Of course, you might make one context into an NFS server and have others mount the / filesystem through it (or just mount it read-only and remove the capability to remount rw from all but one context)... But what's stopping this new admin from making a dev directory with devices for accessing my hard disks and proceeding to nuke these hard disks ?

Re:How is this different?

[SillyNickName4me]

> However, I think the Linux VServer people right now have a leg up on FreeBSD jails. I really like the idea of contexts 0 and 1, where 'killall -HUP named' does not result in all named's in jails be restarted and ps and top aren't cluttered with jailed processes.

Yep, that is a very nice idea, it is however seldom needed in practise. Why?

First of all, your 'host' environment should nto be used to run anything like named or such, rather, it should be used to start, stop and administer jails. If you do otherwise you break one of the most important defenses that jails can offer, the fact that a service runs in a 'protected' envrionment and cannot affect other environments on the same machine (at least not easily).

So it is cool to have, but in practise a rather minor feature. If I want to restart the named in a specific jail, typing 'jexec x killall -HUP named' in the host environment will do the job.

> The unify tool that finds same files and hardlinks them is really nice, and the disk space limits per context is great.

I'd say that this introduces a much bigger risk of a compromise spreading from one jail to another, so I rather doubt the wisdom of this approach.

fp

[ZeekWatson]

fp!

*BSD = MORE DEAD THAN MARY-KATE OLSEN!

DEAD!

Just think...

[clifgriffin]

Just think of the virtual servers that could be created with per-process namespaces.

I'll let myself out.

Story text. (Someone has to post something...)

Want to securely partition VMs? One option is to put 'em in Jail.

History

The history of computing has been characterized by continuous transformation resulting from the dramatic increases in performance and drops in price described by Moore's law. Computing "power" has migrated from centralized mainframes/servers to distributed systems and the commodity desktop. Despite these changes, system sharing remains an important tool for computing. From the multitasking, file-sharing, and virtual machines of the desktop environment to the large-scale sharing of server-class ISP hardware in collocation centers, safely sharing hardware between mutually untrusting parties requires addressing critical concerns of accidental and malicious damage.

There has been a strong continuing interest in access control and separation technologies to support safe yet efficient sharing of computing systems. Although the degree of sharing taking place has increased because of similarly dramatic changes in networking, there has not been a marked change in the nature of security concerns. Costs of adapting software, identifying policy goals, and minimizing administrative complexity remain a balancing act. The fundamental security primitives for separation have not changed, but our experience in attempting to apply them is substantially greater.

In this discussion, we will review existing systems that provide strong separation via access control, virtualization, namespace management, and partitioning. We will then explore the FreeBSD Jail system, implemented by us, which adopts a hybrid approach to applying security primitives. We will pay particular attention to the implementation and administrative costs of modifying an existing system. We will also make recommendations for the design of new systems to facilitate the future introduction of security and separation features. These recommendations will reach the somewhat unsurprising conclusion that the path to security turns out to also be the path of improved and intentional software design and abstraction.
Why share systems?

The sharing of systems refers to the use of a system to serve simultaneous functions with differing security properties. Sharing systems offers the following benefits:

In environments with inadequate computing resources, especially early computing environments and modern clusters, sharing allows for a more efficient use of valuable hardware resources, as well as for a joint investment in hardware resources.

The development of ubiquitous local-area and wide-area networking has facilitated large-scale inter-system communication, permitting computers to become meeting points between individuals and organizations.

Although the terms of sharing have changed, the requirements remain largely the same: tasks and data representing the interests of multiple users coexisting on the same hardware platform.

The means to share common hardware resources has been a fertile area for research and development for decades. From the days of early time sharing, operating systems have been used as platforms for sharing by scheduling jobs, providing resource mediation and virtualization, and later providing access control. As data communication spread, the desire to connect and share data became a strong driver for sharing systems, placing focus on safe sharing.

Shared systems introduce inefficiencies such as slower performance; they also create serious security concerns. Security cannot simply be a question of retaining control of the system in a technical sense, but must also address moral and legal requirements for separation and privacy.
How to share systems

In this section we will discuss a number of existing systems generally representative of broad classes of similar systems allowing for resource sharing, as well as techniques that accomplish separation. We will first discuss a classic control-free environment and then consider the Unix process model, Unix discretionary access control, full virtual

MONTY PYTHON SAID IT BEST:

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING.

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING.

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING.

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING.

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING.

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING.

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING.

MONTY PYTHON SAID IT BEST:

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING.

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING.

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING.

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING.

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING.

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. asdf

MONTY PYTHON SAID IT BEST:

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING.

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING.

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING.

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING.

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING.

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING.

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. asdfasdf

MONTY PYTHON SAID IT BEST:

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING.

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING.

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING.

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING.

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING.

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING.

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. fe2asdf3e

BSD isn't dying...

...it's just in jail!

MONTY PYTHON SAID IT BEST:

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING.

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING.

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING.

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING.

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING.

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING.

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING.

BRING OUT YOUR DEAD! deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. deadness filter encountered. Post aborted! Reason: Don't use so many *BSD. It's like DYING. asdfasdfasdfasdff

FreeBSD 4.10 Jail

[jaredmauch]

I've been using the FreeBSD 4.8-4.10 system to host several Jails on a beefy machine that i have under my control. My personal e-mail system resides within a jail on this system, and there are very few problems i've encountered. The biggest issues i've encountered are as follows:

• UDP Kernel bug that breaks SNMP (eg: mrtg) inside a jail
• ICMP inside jail needs to be split out better to prevent ugly hacks/kernel patches being required
• PostgreSQL needs sysvipc

  /sbin/sysctl -w jail.sysvipc_allowed=1

I've managed to work around these various issues (running mrtg from the "jail-side" host, making it chroot to my directories to run. Enabling the required sysctls, including my own kernel patch to let ping/traceroute work..

It lets me and others share a single host that is very beefy (2x2.8G Xeon, 4g ram, 315g raid-5 ultra-320 disk, etc..) on a fast link. The FreeBSD-5 jail subsystem is a bit more refined than that in FreeBSD-4... I'm pondering upgrading the system, but haven't done so yet.. You can also put a small bit of effort into the system and use rsync to keep various (important) system binaries (eg: sshd, sendmail) in-sync across all the systems so they're bug-free if an advisory comes out.. but that's basic sysadmin/patching stuff, not anything jail specific.. but if their jail is r00ted, i don't need to worry about my own files being compromised, unless they get at the 'host' system.. (which runs no services to speak of)...

Re:FreeBSD 4.10 Jail

*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_
g_______________________________________________g_ _
o_/_____\_____________\____________/____\_______o_ _
a|_______|_____________\__________|______|______a_ _
t|_______`._____________|_________|_______:_____t_ _
s`________|_____________|________\|_______|_____s_ _
e_\_______|_/_______/__\\\___--___\\_______:____e_ _
x__\______\/____--~~__________~--__|_\_____|____x_ _
*___\______\_-~____________________~-_\____|____*_ _
g____\______\_________.--------.______\|___|____g_ _
o______\_____\______//_________(_(__>__\___|____o_ _
a_______\___.__C____)_________(_(____>__|__/____a_ _
t_______/\_|___C_____)/______\_(_____>__|_/_____t_ _
s______/_/\|___C_____)__*BSD_|__(___>___/__\____s_ _
e_____|___(____C_____)\______/__//__/_/_____\___e_ _
x_____|____\__|_____\\_________//_(__/_______|__x_ _
*____|_\____\____)___`----___--'_____________|__*_ _
g____|__\______________\_______/____________/_|_g_ _
o___|______________/____|_____|__\____________|_o_ _
a___|_____________|____/_______\__\___________|_a_ _
t___|__________/_/____|_________|__\___________|t_ _
s___|_________/_/______\__/\___/____|__________|s_ _
e__|_________/_/________|____|_______|_________|e_ _
x__|__________|_________|____|_______|_________|x_ _
*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_

Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

*BSD HAS SOME KNOWN HOLES:

GAPING HOLES

*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_
g_______________________________________________g_ _
o_/_____\_____________\____________/____\_______o_ _
a|_______|_____________\__________|______|______a_ _
t|_______`._____________|_________|_______:_____t_ _
s`________|_____________|________\|_______|_____s_ _
e_\_______|_/_______/__\\\___--___\\_______:____e_ _
x__\______\/____--~~__________~--__|_\_____|____x_ _
*___\______\_-~____________________~-_\____|____*_ _
g____\______\_________.--------.______\|___|____g_ _
o______\_____\______//_________(_(__>__\___|____o_ _
a_______\___.__C____)_________(_(____>__|__/____a_ _
t_______/\_|___C_____)/______\_(_____>__|_/_____t_ _
s______/_/\|___C_____)__*BSD_|__(___>___/__\____s_ _
e_____|___(____C_____)\______/__//__/_/_____\___e_ _
x_____|____\__|_____\\_________//_(__/_______|__x_ _
*____|_\____\____)___`----___--'_____________|__*_ _
g____|__\______________\_______/____________/_|_g_ _
o___|______________/____|_____|__\____________|_o_ _
a___|_____________|____/_______\__\___________|_a_ _
t___|__________/_/____|_________|__\___________|t_ _
s___|_________/_/______\__/\___/____|__________|s_ _
e__|_________/_/________|____|_______|_________|e_ _
x__|__________|_________|____|_______|_________|x_ _
*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_

Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

PHK

Poul-Henning Kamp, a FreeBSD committer, has an article up about BSD Jails as part of Queue's special report on virtual machines.

As long as he's cowriting articles, he doesn't have to maintain code he's written. Way to go!

If he keeps going, maybe he can help divert some talented developers to projects with better outlooks than FreeBSD 5.

Comment removed

[account_deleted]

Comment removed based on user account deletion

This is no laughing matter.

[Dizzle]

...Host Intrusion Protection (HIP) Research Group...

Research is not supposed to be "hip". It is a very somber and serious process. I think it's shameful how these researchers would rather run the streets with their "rad crew" than commit to serious discovery. For shame.

Are BSD jails the only option?

Doesn't Linux 2.6.* have similar and better functionality now that SecureSomething patch has been merged into it?

Re:Are BSD jails the only option?

[seek31337]

Doesn't Linux 2.6.* have similar and better functionality now that SecureSomething patch has been merged into it?

Wow, what an interesting comment! "Linux 2.?.? has a whoosit something whatcha hoo hoo I heard someone maybe talk about? It's better than BSD, tho!"

Re:Are BSD jails the only option?

[auzy]

You mean SElinux?? Thats improves linux security dramatically, but it all depends on the policies really..

http://www.nsa.gov/selinux/

Stuff like Selinux though and NX should be considered as the last line of defence though, because they wont prevent people crashing the daemon, and can be circumvented..

Re:Are BSD jails the only option?

Yes. You have to set up Jails in BSD. And you have to set up policies in Linux. It all depends. Linux is more flexible and able to give you whatever you want.

OTOH, Jails are limited to 1 IP address, and you may have to waste disc space copying system programs around. You can configure Linux so that you won't have to do that.

Also, don't forget user-level-linux!

BSD jail system is good, but falls far behind compared to Linux nowadays.

Re:Are BSD jails the only option?

[Green+Light]

Dang it! Now I have to clean up all of this coffee that I spit all over my keyboard! Too funny!

Re:Are BSD jails the only option?

[Homology]

BSD jail system is good, but falls far behind compared to Linux nowadays.

This may be the case, but for many Linux users these security improvements are not easily available since they are not supported by the major Linux distributions.

As an example, OpenBSD supports and integrates various technologies out of the box, while similar technologies is unavailable for most Linux users. Unless you do a huge amount of work, and have the required knowledge to patch your system, of course.

It's like the old proverb "Better with one bird in the hand, than ten on the roof."

Re:Are BSD jails the only option?

the entire framework of NSA's SELinux (MAC/DTE/...) has been incorporated in FreeBSD 5.x, giving you exactly the same possibilities on a much more secure operating system. Considering Linux is a patched-up kernel with security issues every freaking month, I'd prefer this over Linux everyday.

And don't get me started on Linux' PAX or GRSecurity or OpenWall or LIDS or StackGuard or WhateverFancyOfTheWeek... they're only futile attempts to secure an otherwise insecure, unaudited kernel (written by people with almost no experience) that is always run in cooperation with an insecure userland-of-choiche, accessible thru an infamously insecure bash shell.

And since this is about jails, don't get met started on UserModeLinux either, it has been buggy, unsupported and not further developped for the last years.

fuckin' freakin' linux propaganda... learn to read code you linux kiddies.

Re:Are BSD jails the only option?

[SillyNickName4me]

I suggest looking also at MAC and posix 1e implementations which exist (and have existed for quite soem time) on FreeBSD. jails are only one of the options.

One drawback to jails

Is that they're apparently limited to a single ip address.

Re:One drawback to jails

[seek31337]

Just to be clear... A single jail is limited to a single IP. So you need one unique IP for each Jail on a machine.

Re:One drawback to jails

[mulvane]

You can get around that by using local ip's (127.0.0.X) and then use nat or other preferred method of traffic routing to secure each jail even further and have easy access between them on the local network.

Re:One drawback to jails

[Perdurabo26]

There's actually a patch out for this that allows you to have multiple IPs for a single jail. There is also a few other scripts on that page which are kinda handy.

Re:One drawback to jails

[SillyNickName4me]

> Just to be clear... A single jail is limited to a single IP.

Unless you add unofficial (for now?) patches, true.

> So you need one unique IP for each Jail on a machine.

Not true. If you know what you are doing, 2 or more jails can share an IP. It is not advisable to do this because it gets very confusing very quickly, and since this is a security measure first of all, confusion for the admoin is really the last thing that you want.

That said, I currently use exactly such a setup (multiple jails sharign a single IP)

Death Row BSD

It is official; Netcraft confirms: *BSD is dying

One more crippling bombshell hit the already beleaguered *BSD community when IDC confirmed that *BSD market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming on the heels of a recent Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as fittingly exemplified by failing dead last in the recent Sys Admin comprehensive networking test.

You don't need to be a Kreskin to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood.

FreeBSD is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time FreeBSD developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: FreeBSD is dying.

Let's keep to the facts and look at the numbers.

OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.

Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.

All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS dilettante dabblers. *BSD continues to decay. Nothing short of a miracle could save *BSD at this point in time. For all practical purposes, *BSD is dead.

Fact: *BSD is dying

Re:Death Row BSD

Good News Everyone!
Turns out that *BSD is stronger than ever!
According to an Inernetnews article, Netcraft has confirmed that *BSD has "dramatically increased its market penetration over the last year."
There has been a steady increase in *BSD developers over the past decade.
There are currently 307 FreeBSD developers as of the 2004 core team election.
You can read more about FreeBSD here

If you would like to try out a BSD, you can download: FreeBSD, OpenBSD, NetBSD, or DragonflyBSD
Enjoy!

Zones

Solaris 10 zones are based on the same idea.

Re:Zones

[sysadmn]

Except, of course, that Solaris 10 zones are tied into the Resource Manager. In a zone, you can limit the percentage of CPU and Memory available. Way cool. Plus you can reboot a zone in seconds...

Re:Are BSD jails the only option? What about distr

[auzy]

distributed security is one thing I would like to see improved.. Currently I doubt any Unix OS has any system to secure over network, like distributed policies or something.. policies for openmosix or something similar.. I wonder how well jail systems would work over openmosix..

What We Can Learn From *BSD

What We Can Learn From BSD
By Chinese Karma Whore, Version 1.0

Everyone knows about BSD's failure and imminent demise. As we pore over the history of BSD, we'll uncover a story of fatal mistakes, poor priorities, and personal rivalry, and we'll learn what mistakes to avoid so as to save Linux from a similarly grisly fate.

Let's not be overly morbid and give BSD credit for its early successes. In the 1970s, Ken Thompson and Bill Joy both made significant contributions to the computing world on the BSD platform. In the 80s, DARPA saw BSD as the premiere open platform, and, after initial successes with the 4.1BSD product, gave the BSD company a 2 year contract.

These early triumphs would soon be forgotten in a series of internal conflicts that would mar BSD's progress. In 1992, AT&T filed suit against Berkeley Software, claiming that proprietary code agreements had been haphazardly violated. In the same year, BSD filed countersuit, reciprocating bad intentions and fueling internal rivalry. While AT&T and Berkeley Software lawyers battled in court, lead developers of various BSD distributions quarreled on Usenet. In 1995, Theo de Raadt, one of the founders of the NetBSD project, formed his own rival distribution, OpenBSD, as the result of a quarrel that he documents on his website. Mr. de Raadt's stubborn arrogance was later seen in his clash with Darren Reed, which resulted in the expulsion of IPF from the OpenBSD distribution.

As personal rivalries took precedence over a quality product, BSD's codebase became worse and worse. As we all know, incompatibilities between each BSD distribution make code sharing an arduous task. Research conducted at MIT found BSD's filesystem implementation to be "very poorly performing." Even BSD's acclaimed TCP/IP stack has lagged behind, according to this study.

Problems with BSD's codebase were compounded by fundamental flaws in the BSD design approach. As argued by Eric Raymond in his watershed essay, The Cathedral and the Bazaar, rapid, decentralized development models are inherently superior to slow, centralized ones in software development. BSD developers never heeded Mr. Raymond's lesson and insisted that centralized models lead to 'cleaner code.' Don't believe their hype - BSD's development model has significantly impaired its progress. Any achievements that BSD managed to make were nullified by the BSD license, which allows corporations and coders alike to reap profits without reciprocating the goodwill of open-source. Fortunately, Linux is not prone to this exploitation, as it is licensed under the GPL.

The failure of BSD culminated in the resignation of Jordan Hubbard and Michael Smith from the FreeBSD core team. They both believed that FreeBSD had long lost its earlier vitality. Like an empire in decline, BSD had become bureaucratic and stagnant. As Linux gains market share and as BSD sinks deeper into the mire of decay, their parting addresses will resound as fitting eulogies to BSD's demise.

Robert Watson

[cperciva]

The article is co-written by Robert Watson, a DARPA principal investigator in the Host Intrusion Protection (HIP) Research Group at McAfee Research ... and three-term FreeBSD core team member, guy mostly responsible for FreeBSD network stack locking right now, president of the FreeBSD Foundation, and otherwise generally cool guy.

Please learn how to make links.

Please learn how to make links.

<a href="http://www.golden-gryphon.com/blog/manoj/sof tware/misc/manoj.2004.07.27.html">blog post</a>

(without any spaces put there by Slashdot) yields: blog post

jail paper

[endx7]

The jail paper.

Jails?

Are those the places that BSDs are sent to before they're given the death penalty?

Recommendations for providers?

[willis]

Any recommendations for freebsd Jailed "virtual server providers"? I was thinking about going the linux route, but I'd prefer BSD... I'm hoping for something in the $20 range. Thanks!

Re:Recommendations for providers?

www.escapebox.net

Re:Recommendations for providers?

Check out www.HUB.org

I believe it's owned/maintained by one of the Postgresql maintainers, so you are indirectly supporting open source development by using them, and we all know That's a Good Thing (R)

Re:Recommendations for providers?

More than your requested $20 -- www.johncompanies.com

Re:Recommendations for providers?

I like jvds (www.jvds.com) ... had a server there for about a year. Very professional, prompt service, your own BSD jail'ed server ...

Lamentations for the dead, an insider perspective

The End of FreeBSD

[ed. note: in the following text, former FreeBSD developer Mike Smith gives his reasons for abandoning FreeBSD]

When I stood for election to the FreeBSD core team nearly two years ago, many of you will recall that it was after a long series of debates during which I maintained that too much organisation, too many rules and too much formality would be a bad thing for the project.

Today, as I read the latest discussions on the future of the FreeBSD project, I see the same problem; a few new faces and many of the old going over the same tired arguments and suggesting variations on the same worthless schemes. Frankly I'm sick of it.

FreeBSD used to be fun. It used to be about doing things the right way. It used to be something that you could sink your teeth into when the mundane chores of programming for a living got you down. It was something cool and exciting; a way to spend your spare time on an endeavour you loved that was at the same time wholesome and worthwhile.

It's not anymore. It's about bylaws and committees and reports and milestones, telling others what to do and doing what you're told. It's about who can rant the longest or shout the loudest or mislead the most people into a bloc in order to legitimise doing what they think is best. Individuals notwithstanding, the project as a whole has lost track of where it's going, and has instead become obsessed with process and mechanics.

So I'm leaving core. I don't want to feel like I should be "doing something" about a project that has lost interest in having something done for it. I don't have the energy to fight what has clearly become a losing battle; I have a life to live and a job to keep, and I won't achieve any of the goals I personally consider worthwhile if I remain obligated to care for the project.

Discussion

I'm sure that I've offended some people already; I'm sure that by the time I'm done here, I'll have offended more. If you feel a need to play to the crowd in your replies rather than make a sincere effort to address the problems I'm discussing here, please do us the courtesy of playing your politics openly.

From a technical perspective, the project faces a set of challenges that significantly outstrips our ability to deliver. Some of the resources that we need to address these challenges are tied up in the fruitless metadiscussions that have raged since we made the mistake of electing officers. Others have left in disgust, or been driven out by the culture of abuse and distraction that has grown up since then. More may well remain available to recruitment, but while the project is busy infighting our chances for successful outreach are sorely diminished.

There's no simple solution to this. For the project to move forward, one or the other of the warring philosophies must win out; either the project returns to its laid-back roots and gets on with the work, or it transforms into a super-organised engineering project and executes a brilliant plan to deliver what, ultimately, we all know we want.

Whatever path is chosen, whatever balance is struck, the choosing and the striking are the important parts. The current indecision and endless conflict are incompatible with any sort of progress.

Trying to dissect the above is far beyond the scope of any parting shot, no matter how distended. All I can really ask of you all is to let go of the minutiae for a moment and take a look at the big picture. What is the ultimate goal here? How can we get there with as little overhead as possible? How would you like to be treated by your fellow travellers?

Shouts

To the Slashdot "BSD is dying" crowd - big deal. Death is part of the cycle; take a look at your soft, pallid bodies and consider that right this very moment, parts of you are dying. See? It's not so bad.

To the bulk of the FreeBSD committerbase and the developer community at large - keep your eyes on the real goals. It's when

shilling Amazon referral-whore

Cool Stuff For Your House
Cool Stuff For Your House
Cool Stuff For Your House
Cool Stuff For Your House
Cool Stuff For Your House