We got ZFS!

ZFS is there. Great! Thanks Pawel!

Now I wait a little bit un­til the first bugs are ironed out, and then I move all my stuff to it. The nice part: when you have 2 ma­chines and everything you use is jailed, you just can do this without an “in­ter­rup­tion of ser­vice” (or at least only with a very small one). Just move the jails to the oth­er ma­chine, re­place the old FS with ZFS, and then move all jails back.

A desktop en­vir­on­ment in a jail.

Yeah! Fi­nally I got time to fin­ish my work to put a desktop en­vir­on­ment (in this case GNOME) in­to a jail. At least I have a proof of con­cept (I write this with fire­fox run­ning in my “deskjail”). No, I don’t do this for ad­di­tion­al se­cur­ity (there’s more se­cur­ity than in a non-​jailed setup, but less se­cur­ity than in an or­din­ary jail, as you have to al­low ac­cess to a lot more devices than in an or­din­ary jail), I do this for ad­di­tion­al flex­ib­il­ity: Mov­ing my desktop is now only the in­stall of FreeBSD on a new ma­chine and rsyncing the jail over to it. As the ma­chine will also be a host of sev­er­al jails where I have some com­mon users with the same UID in each jail, I don’t pol­lute the jail-​host with the desktop stuff and I have everything nicely sep­ar­ated.

Without a ker­nel patch and good devfs rules you will not get Xorg up and run­ning in a jail (at least I didn’t man­aged to let it re­cog­nize my graph­ic card without the ker­nel patch). Now I have to beef up the patch a little bit and ask for re­view (it weak­ens up the se­cur­ity a little bit like the sy­sctl security.jail.sysvipc_allowed=1 or security.jail.allow_raw_sockets=1).

But first I have to fin­ish the move of all my ser­vices I use at home to the jail-​host now.

Catch­ing up… GSoC 2007

We got a lot of good pro­pos­als. Google is will­ing to give us a very nice amount of stu­dents. We didn’t ex­pec­ted this much. Thanks!

Now we need to rate the stu­dent ap­plic­a­tions and find suit­able ment­ors… not that easy. It’s easy for the strongest pro­pos­als, but for the rest I ex­pect that there will be some shuff­ling around un­til the very end.

Catch­ing up… linuxu­lat­or.

The linuxu­lat­or is synced on amd64 with i386 (since a while). This means TLS is work­ing now and we have the same (a little bit buggy) fu­texes.

Ro­man is slowly work­ing on the *at() com­mands. He also ap­plied for the GSoC this year again. Kib is will­ing to ment­or (in case Ro­man gets a free seat in the SoC). I re­jec­ted the ment­or­ing po­s­i­tion this time, as I don’t know if I will have enough time this sum­mer, but I hope I will be around.