Yeah! Finally I got time to finish my work to put a desktop environment (in this case GNOME) into a jail. At least I have a proof of concept (I write this with firefox running in my “deskjail”). No, I don’t do this for additional security (there’s more security than in a non-jailed setup, but less security than in an ordinary jail, as you have to allow access to a lot more devices than in an ordinary jail), I do this for additional flexibility: Moving my desktop is now only the install of FreeBSD on a new machine and rsyncing the jail over to it. As the machine will also be a host of several jails where I have some common users with the same UID in each jail, I don’t pollute the jail-host with the desktop stuff and I have everything nicely separated.
Without a kernel patch and good devfs rules you will not get Xorg up and running in a jail (at least I didn’t managed to let it recognize my graphic card without the kernel patch). Now I have to beef up the patch a little bit and ask for review (it weakens up the security a little bit like the sysctl security.jail.sysvipc_allowed=1 or security.jail.allow_raw_sockets=1).
But first I have to finish the move of all my services I use at home to the jail-host now.
Ariffs changes two months ago to reduce the latency in the soundsystem also prepared the way for multichannel support and Yuriy added multichannel recording to the emu10kx driver (there are some bugs ATM and it is only a proof of concept to play around with it until we get real multichannel support in the generic sound code). Ryan tries to get some time (let’s cross fingers!) to convert a driver (probably the emu10kx driver) to use the new mixer infrastructure before he has to concentrate on his studies again.
This looks like we could get some very nice stuff this year.
On of the major showstopper bugs in the linux 2.6 emulation is that acroread does not work. Now we have patches (proof of concept by Intron, refined patch by Kib) for it. I didn’t had time to test it yet (mind you, everyone else is not able to run acroread with 2.6, I’m able to run it at least with some files or no file at all), but I want to do an extensive test (I know several ways of killing it with 2.6).
If everything goes well and no other showstopper bug appears, we may be able to request more extensive testing of the 2.6 emulation, at least on i386. First this should be done by asking people to switch, and maybe after a week by switching the default emulation to 2.6 in -current (at least for a while).
This is specially important as the Fedora Legacy project announced that they will abandon support for FC4. FC5+ is not able to run on a 2.4 kernel.
And while I’m at it: I submitted the status report for the linuxulator. It contains some nice statistic about the number of fixed bugs (comparing 6.2 and ‑current). No, I will not tell you in advance, you have to wait some days until the report shows up. 😛