[dev] Re: containers opinion

From: Kamil Cholewiński <harry666t_AT_gmail.com>
Date: Sat, 24 Sep 2016 16:44:19 +0200

On Sat, 24 Sep 2016, stephen Turner <stephen.n.turner_AT_gmail.com> wrote:
> What do you recommend for best knowledge of unsharing resources?

Start here:

OpenBSD: pledge(2), imsg_init(3)
Linux: unshare(2), prctl(2)

This is just some basic pointers to get you started. Nothing will ever
replace good architecture and careful design. See e.g. how OpenSMTPD
uses a "fork+reexec" technique to allow privsep'd subprocesses to each
have their own randomized address space:

https://www.poolp.org/tech/posts/2016/09/12/opensmtpd-6-0-0-released/

<3,K.
Received on Sat Sep 24 2016 - 16:44:19 CEST

This archive was generated by hypermail 2.3.0 : Sat Sep 24 2016 - 16:48:11 CEST