Hi Reyk, no it is not about chroot-ing switchd. What i have in mind is a kind of poor-mans kubernetes or docker-swarm which makes use of chroot(8), login.conf(5) and mount_vnd(8) to isolate, limit and encapsulate some processes. I´ll call this the "chroot-jail" and thought it is common wording after reading about this topic across the internet. Like in this (kind of outdated) tutorial: https://www.ibm.com/developerworks/community/blogs/karsten/entry/openbsd_chroot The chroot-jail is basically a extracted base##.tgz plus dev, some users and configs. What I have in mind now with switchd is, to attach this chroot-jails the same way like a virtual-machine.
But also not sure if this makes sense anyway. It´s more I kind of learning project for myself to see how things work and if they play nicely together. And if this set-up works I´ld go on and use ansible to automate and to "orchestrate" this parts. Thomas On 24 May 2018 at 00:35, Reyk Floeter <r...@openbsd.org> wrote: > > switchd is already privsep‘ed with a chroot jail. > > But I don’t quite understand what you mean. > > > Am 23.05.2018 um 10:35 schrieb Thomas Huber <miracu...@gmail.com>: > > > > Hi all, > > > > I´m just tinkering a little bit and try to mimic some "containerization" on > > OpenBSD with chroot. Is it somehow possible to attach a chrooted > > envirionment to swtichd(8) ? > > > > Thanks > > Thomas
