Hi Tech, After reading about FreeBSD jails I naturally wondered whether OpenBSD had a similar feature. Well, I ran across sysjail. Based on my reading of the wikipedia article, it's my understanding that sysjail was discontinued due to an inherent flaw involving race conditions. If I understand correctly, sysjail used user-space wrappers to system calls to enforce security policy, while FreeBSD jails are an in-kernel sandboxing mechanism. Assuming I'm not totally misunderstanding both sysjail and FreeBSD jails (and admittedly I have much more research to do), I'm curious as to whether the OpenBSD project has ever considered implementing a full operating system-level virtualization technology like FreeBSD jails. I'd also be interested to hear any arguments for or against implementing such jails in OpenBSD. I have not conducted a search of the mailing list archives beyond looking for discussion of sysjail, so I apologize if this has already been thoroughly discussed in another thread. Thanks for your time and I really appreciate the work you guys do in making a very high-quality and secure operating system freely available.
-- -Dustin
