Doug Rabson
Doug Rabson
I just pushed a small update which adds support for jail's `allow.mlock` capability. This has been requested by potential users and (I think) is required by postgresql.
> I started trying to migrate runj to this and immediately ran into challenges with [vnet interfaces](https://samuel.karp.dev/blog/2022/12/docker-style-networking-for-freebsd-jails-with-runj/). Are we expecting to require CNI in order to do networking? That seems...
> > Currently it seems to be Linux-specific > > Yes, but we have equivalent FreeBSD-specific capabilities provided by the jail interface in the kernel and we are defining the...
> I think I'm currently 👎 on this PR as-is. There are two known OCI jail implementations (well, they're not _currently_ OCI given the spec doesn't have FreeBSD support yet,...
> > I think I'm currently 👎 on this PR as-is. There are two known OCI jail implementations (well, they're not _currently_ OCI given the spec doesn't have FreeBSD support...
I updated the pull request to address to address @samuelkarp's concerns about container IP addresses and added an implementation to my ocijail development branch ([here](https://github.com/dfr/ocijail/tree/freebsd-oci-runtime)). I still need to implement...
> @dfr this needs a rebase I just updated the pull request, rebasing and addressing @samuelkarp's review comments.
> LGTM overall, left a couple of nits (and opened #1298 to fix a pre-existing issue). Since this PR moves FileMode from `defs-linux.json` to `defs.json`, I will pre-emptively copy the...
> Needs rebase I will take care of that today. I also have small changes to add `jail(8)`'s `interface` pseudo-parameter and to add a few fields to the interface schema...
Sorry, I am a little late to this part of the discussion and failed to reply before this was merged. I have been thinking a lot on the suggested structure...