We got ZFS!

ZFS is there. Great! Thanks Pawel!

Now I wait a lit­tle bit until the first bugs are ironed out, and then I move all my stuff to it. The nice part: when you have 2 machines and every­thing you use is jailed, you just can do this with­out an “inter­rup­tion of ser­vice” (or at least only with a very small one). Just move the jails to the oth­er machine, replace the old FS with ZFS, and then move all jails back.

Send to Kin­dle

A desk­top envi­ron­ment in a jail.

Yeah! Final­ly I got time to fin­ish my work to put a desk­top envi­ron­ment (in this case GNOME) into a jail. At least I have a proof of con­cept (I write this with fire­fox run­ning in my “desk­jail”). No, I don’t do this for addi­tion­al secu­ri­ty (there’s more secu­ri­ty than in a non-jailed set­up, but less secu­ri­ty than in an ordi­nary jail, as you have to allow access to a lot more devices than in an ordi­nary jail), I do this for addi­tion­al flex­i­bil­i­ty: Mov­ing my desk­top is now only the install of FreeB­SD on a new machine and rsync­ing the jail over to it. As the machine will also be a host of sev­er­al jails where I have some com­mon users with the same UID in each jail, I don’t pol­lute the jail-host with the desk­top stuff and I have every­thing nice­ly sep­a­rat­ed.

With­out a ker­nel patch and good devfs rules you will not get Xorg up and run­ning in a jail (at least I did­n’t man­aged to let it rec­og­nize my graph­ic card with­out the ker­nel patch). Now I have to beef up the patch a lit­tle bit and ask for review (it weak­ens up the secu­ri­ty a lit­tle bit like the sysctl security.jail.sysvipc_allowed=1 or security.jail.allow_raw_sockets=1).

But first I have to fin­ish the move of all my ser­vices I use at home to the jail-host now.

Send to Kin­dle

Catch­ing up… GSoC 2007

We got a lot of good pro­pos­als. Google is will­ing to give us a very nice amount of stu­dents. We did­n’t expect­ed this much. Thanks!

Now we need to rate the stu­dent appli­ca­tions and find suit­able men­tors… not that easy. It’s easy for the strongest pro­pos­als, but for the rest I expect that there will be some shuf­fling around until the very end.

Send to Kin­dle

Catch­ing up… lin­ux­u­la­tor.

The lin­ux­u­la­tor is synced on amd64 with i386 (since a while). This means TLS is work­ing now and we have the same (a lit­tle bit bug­gy) futex­es.

Roman is slow­ly work­ing on the *at() com­mands. He also applied for the GSoC this year again. Kib is will­ing to men­tor (in case Roman gets a free seat in the SoC). I reject­ed the men­tor­ing posi­tion this time, as I don’t know if I will have enough time this sum­mer, but I hope I will be around.

Send to Kin­dle