Hi Ken, sure, thats the way to go for docker, kubernetes and [add buzzword here]. The _why_ is more about tinkering and getting deeper into the rabbit-hole.
Thomas On 24 May 2018 at 12:51, Ken M <k...@mack-z.com> wrote: > > I want to ask the question of why? And why this way? I think if you want docker > like functionality, just add docker to openbsd. The best way to do so is to add > a lightweight linux into vmm and connect to that docker daemon. Alpine or > Rancher are probably the best bet for that. > > I say nothing on the security of that. But at least you also get the critical > mass of pre-built images from the docker world. To me that is the real value of > docker anyway. As a containerization system I do not like it, but as a means to > make the OS less of a factor to an install, absolutely. > > Just my thoughts. > > On Thu, May 24, 2018 at 11:28:13AM +0200, Thomas Huber wrote: > > Hi Reyk, > > > > no it is not about chroot-ing switchd. > > What i have in mind is a kind of poor-mans kubernetes or docker-swarm which > > makes use of chroot(8), login.conf(5) and mount_vnd(8) to isolate, limit > > and encapsulate some processes. > > I´ll call this the "chroot-jail" and thought it is common wording after > > reading about this topic across the internet. > > Like in this (kind of outdated) tutorial: > > https://www.ibm.com/developerworks/community/blogs/karsten/entry/openbsd_chroot > > The chroot-jail is basically a extracted base##.tgz plus dev, some users > > and configs. > > What I have in mind now with switchd is, to attach this chroot-jails the > > same way like a virtual-machine. > > > > But also not sure if this makes sense anyway. > > It´s more I kind of learning project for myself to see how things work and > > if they play nicely together. > > And if this set-up works I´ld go on and use ansible to automate and to > > "orchestrate" this parts. > > > > Thomas > > > > > > > > On 24 May 2018 at 00:35, Reyk Floeter <r...@openbsd.org> wrote: > > > > > > switchd is already privsep‘ed with a chroot jail. > > > > > > But I don’t quite understand what you mean. > > > > > > > Am 23.05.2018 um 10:35 schrieb Thomas Huber <miracu...@gmail.com>: > > > > > > > > Hi all, > > > > > > > > I´m just tinkering a little bit and try to mimic some > > "containerization" on > > > > OpenBSD with chroot. Is it somehow possible to attach a chrooted > > > > envirionment to swtichd(8) ? > > > > > > > > Thanks > > > > Thomas >
