Jails for NetBSD
5 hours ago
- #process-isolation
- #NetBSD
- #jail
- Demonstrates a minimal workflow using jailmgr, jailctl, and NetBSD base components.
- Steps include bootstrapping the host, creating a jail named 'web' with specific constraints, and ephemeral provisioning.
- Jails can be started with autostart settings, and processes are supervised by jailctl.
- Inside the jail, only processes belonging to that jail are visible, with no cross-jail visibility.
- Runtime statistics and resource accounting are maintained by the kernel and exposed via a control interface.
- Prometheus-compatible metrics can be emitted for monitoring, using base system facilities.
- Highlights include hard resource limits, supervised execution, and no container runtime or UID remapping.