From owner-freebsd-questions@freebsd.org  Fri Dec 25 00:04:33 2020
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 81DE94D61FC
 for <freebsd-questions@mailman.nyi.freebsd.org>;
 Fri, 25 Dec 2020 00:04:33 +0000 (UTC) (envelope-from johnl@iecc.com)
Received: from gal.iecc.com (gal.iecc.com
 [IPv6:2001:470:1f07:1126:0:43:6f73:7461])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "gal.iecc.com", Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4D26cw5BVqz3ld7
 for <freebsd-questions@freebsd.org>; Fri, 25 Dec 2020 00:04:32 +0000 (UTC)
 (envelope-from johnl@iecc.com)
Received: (qmail 53966 invoked from network); 25 Dec 2020 00:04:26 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com;
 h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness;
 s=d2ca.5fe52c8a.k2012; bh=PdvdDIjQJ//rfJ25MyJ+Up/eoakBWjFVSQDQdsEjlTo=;
 b=Jasm1pqHS67+hkhBssTEXNOWvMddIYXd028S6iFJYf7mRG3FQO/OOX04zhriB/B0dq8n1QkbJ3Z9qkDGrJ9zW4anzoqODYrV6Fc1ADC17vRt/Cft2H5u+YTPKOqQ/iwY9W4nTOv1/WY+UWy6qLXrh1RAwjLw5A4tPqEHqvpJBLg6KI3/nl1ATgBiyo15B3g64oKBJaMfErCH7ia+OBbmR1TOKpAlS7aOd6GbR3ibEjnwABIfbP3pO59himJ7sl3IQcibo18igmmrZeNMYqtQAjiuWGzRbNQm9XoUiQPIJQiP8h3X3JZzwBR5Vqia+kLbExcc080k1yah33WPPPvQ9w==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170])
 by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170])
 with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6;
 25 Dec 2020 00:04:26 -0000
Received: by ary.qy (Postfix, from userid 501)
 id C2C212B59629; Thu, 24 Dec 2020 19:04:25 -0500 (EST)
Date: 24 Dec 2020 19:04:25 -0500
Message-Id: <20201225000425.C2C212B59629@ary.qy>
From: "John Levine" <johnl@iecc.com>
To: freebsd-questions@freebsd.org
Cc: steve@sohara.org
Subject: Re: Network namespaces in FreeBSD
In-Reply-To: <20201224225743.5fbea1299f1d76c4af877668@sohara.org>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
X-Rspamd-Queue-Id: 4D26cw5BVqz3ld7
X-Spamd-Bar: ---
Authentication-Results: mx1.freebsd.org;
 dkim=none (invalid DKIM record) header.d=iecc.com header.s=d2ca.5fe52c8a.k2012
 header.b=Jasm1pqH; 
 dmarc=pass (policy=none) header.from=iecc.com;
 spf=pass (mx1.freebsd.org: domain of johnl@iecc.com designates
 2001:470:1f07:1126:0:43:6f73:7461 as permitted sender)
 smtp.mailfrom=johnl@iecc.com
X-Spamd-Result: default: False [-3.24 / 15.00]; RCVD_TLS_ALL(0.00)[];
 ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000];
 FROM_HAS_DN(0.00)[]; MV_CASE(0.50)[];
 R_SPF_ALLOW(-0.20)[+ip6:2001:470:1f07:1126::/64];
 MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[];
 NEURAL_HAM_LONG(-1.00)[-1.000]; HAS_ORG_HEADER(0.00)[];
 SPAMHAUS_ZRD(0.00)[2001:470:1f07:1126:0:43:6f73:7461:from:127.0.2.255];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[iecc.com:~];
 RCPT_COUNT_TWO(0.00)[2];
 DMARC_POLICY_ALLOW(-0.50)[iecc.com,none];
 NEURAL_HAM_SHORT(-0.94)[-0.944];
 R_DKIM_PERMFAIL(0.00)[iecc.com:s=d2ca.5fe52c8a.k2012];
 FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+];
 RBL_DBL_DONT_QUERY_IPS(0.00)[2001:470:1f07:1126:0:43:6f73:7461:from];
 RCVD_COUNT_TWO(0.00)[2];
 ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US];
 MAILMAN_DEST(0.00)[freebsd-questions]
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Dec 2020 00:04:33 -0000

In article <20201224225743.5fbea1299f1d76c4af877668@sohara.org> you write:
>On Thu, 24 Dec 2020 13:32:10 -0800
>Ihor Antonov <ihor@antonovs.family> wrote:
>
>> On 12/24/20 12:19 PM, Steve O'Hara-Smith wrote:
>
>> > pkg jail nginx --jail webserver-3 --ip4addr ...

>	Not quite - AIUI those are manually constructed docker images, what
>I was thinking of was an extension to pkg to *automatically* create that
>minimal environment possibly with the aid of hints (as few as possible).

That is a great idea but getting the dependencies right would be
daunting.  Ports are allowed to use anything in the base system,
even though most of them only use a small fraction of it.

It would also be nice if it were easier to set up jails to share the
read-only parts of the base system since that would make your dependencies
the same as the port's.

R's,
John