ZFS is there. Great! Thanks Pawel!

Now I wait a lit­tle bit until the first bugs are ironed out, and then I move all my stuff to it. The nice part: when you have 2 machines and every­thing you use is jailed, you just can do this with­out an “inter­rup­tion of ser­vice” (or at least only with a very small one). Just move the jails to the other machine, replace the old FS with ZFS, and then move all jails back.

Yeah! Finally I got time to fin­ish my work to put a desk­top envi­ron­ment (in this case GNOME) into a jail. At least I have a proof of con­cept (I write this with fire­fox run­ning in my “desk­jail”). No, I don’t do this for addi­tional secu­rity (there’s more secu­rity than in a non-jailed setup, but less secu­rity than in an ordi­nary jail, as you have to allow access to a lot more devices than in an ordi­nary jail), I do this for addi­tional flex­i­bil­ity: Mov­ing my desk­top is now only the install of FreeBSD on a new machine and rsync­ing the jail over to it. As the machine will also be a host of sev­eral jails where I have some com­mon users with the same UID in each jail, I don’t pol­lute the jail-host with the desk­top stuff and I have every­thing nicely separated.

With­out a ker­nel patch and good devfs rules you will not get Xorg up and run­ning in a jail (at least I didn’t man­aged to let it rec­og­nize my graphic card with­out the ker­nel patch). Now I have to beef up the patch a lit­tle bit and ask for review (it weak­ens up the secu­rity a lit­tle bit like the sysctl security.jail.sysvipc_allowed=1 or security.jail.allow_raw_sockets=1).

But first I have to fin­ish the move of all my ser­vices I use at home to the jail-host now.

We got a lot of good pro­pos­als. Google is will­ing to give us a very nice amount of stu­dents. We didn’t expected this much. Thanks!

Now we need to rate the stu­dent appli­ca­tions and find suit­able men­tors… not that easy. It’s easy for the strongest pro­pos­als, but for the rest I expect that there will be some shuf­fling around until the very end.

The lin­ux­u­la­tor is synced on amd64 with i386 (since a while). This means TLS is work­ing now and we have the same (a lit­tle bit buggy) futexes.

Roman is slowly work­ing on the *at() com­mands. He also applied for the GSoC this year again. Kib is will­ing to men­tor (in case Roman gets a free seat in the SoC). I rejected the men­tor­ing posi­tion this time, as I don’t know if I will have enough time this sum­mer, but I hope I will be around.