A desktop en­vir­on­ment in a jail.

Yeah! Fi­nally I got time to fin­ish my work to put a desktop en­vir­on­ment (in this case GNOME) in­to a jail. At least I have a proof of concept (I write this with fire­fox run­ning in my “deskjail”). No, I don’t do this for ad­di­tion­al se­cur­ity (there’s more se­cur­ity than in a non-​jailed setup, but less se­cur­ity than in an or­din­ary jail, as you have to al­low ac­cess to a lot more devices than in an or­din­ary jail), I do this for ad­di­tion­al flex­ib­il­ity: Mov­ing my desktop is now only the in­stall of FreeBSD on a new ma­chine and rsyncing the jail over to it. As the ma­chine will also be a host of sev­er­al jails where I have some com­mon users with the same UID in each jail, I don’t pol­lute the jail-​host with the desktop stuff and I have everything nicely sep­ar­ated.

Without a ker­nel patch and good devfs rules you will not get Xorg up and run­ning in a jail (at least I didn’t man­aged to let it re­cog­nize my graph­ic card without the ker­nel patch). Now I have to beef up the patch a little bit and ask for re­view (it weak­ens up the se­cur­ity a little bit like the sy­sctl security.jail.sysvipc_allowed=1 or security.jail.allow_raw_sockets=1).

But first I have to fin­ish the move of all my ser­vices I use at home to the jail-​host now.

6 thoughts on “A desktop en­vir­on­ment in a jail.”

  1. Hi, Al­ex­an­der I spoke with Dru Lav­igne about “Trans­lat­ors are vo­lun­teers who are in­ter­ested” I in­terests in that. He send a email about that.

    Best re­gards,

  2. Pingback: grUNIX » Blog Archiv » ZFS: FreeBSD mit ZFS im BASE
  3. You can at least run a head­less X listen­ing for XDM re­quests in a jail, I just tried it.

  4. Hi Al­ex­an­der,

    I’m cur­rently test­ing also a X desktop en­vir­on­ment in a jail (without tcp for­ward­ing).
    I’m fight­ing with devfs.rules.
    Have you a link for ker­nel patch ?

Leave a Reply

Your email address will not be published. Required fields are marked *