Créer un compteSe connecter

Recherches récentes

Aucune recherche récente

Options de recherche

Disponible uniquement lorsque vous êtes connecté.
mastouille.fr est l'un des nombreux serveurs Mastodon indépendants que vous pouvez utiliser pour participer au fédiverse.
Mastouille est une instance Mastodon durable, ouverte, et hébergée en France.

Administré par :

Statistiques du serveur :

671
comptes actifs

mastouille.fr: À proposAnnuaire des profilsPolitique de confidentialité

Mastodon: À proposTélécharger l’applicationRaccourcis clavierVoir le code sourcev4.3.4

#jails

2 messages2 participants0 message aujourd’hui
Public
dch :flantifa: :flan_hacker:

#EuroBSDcon speakers needed!

My ever popular #jails tutorial needs a presenter!

Love #FreeBSD? Jails? Like talking all day to a captive and yet adoring audience? ***

I’ll be otherwise occupied this year but if you want to pick up the mantle just let me know and I’ll help you get up to speed.

It’s had the OCI container and network segments added and extended, it’s all open source.

*** actual audience may vary, caveat speaker

Public
Larvitz :fedora: :redhat:

After some days of troubleshooting FreeBSD networking and pf firewalling (and learning a lot in the process!), I finally made an article about FreeBSD VNet jails behind a dedicated firewall jail, that works with both IPv4 AND IPv6:

Internet <-> firewall-jail <-> application jail

I hope, someone might find that helpful. The detailed article is here in my Codeberg gists:

codeberg.org/Larvitz/gists/src

My next step is trying to get IPv6 address support into the marvelous tool jmore from @vermaden and sending him a pull-request for that :)

#bsd#freebsd#jails
Suite du fil
Public
Larvitz :fedora: :redhat:

I use Jails with Ansible to automate their creation, their lifecycle management and automation of the jailed applications and I highly enjoy, how comfortable and easy it is.

No immutable images, no “Dockerfiles”, no weird volume mounts or image registries and no constant re-creation of images and new deployments just to update something. Just some simple, well isolated operating systems to run my applications in 🙂

I don’t say that Linux containers are bad. There’s for sure situations, where they shine. Just for my personal use-case, they are more effort in comparison to BSD jails and I’m a fan of “using the right tool for a task”

And the idempotent nature of Ansible automation makes it easy to describe them in a declarative way and manage them at scale.

#linux#container#freebsd
Public
Larvitz :fedora: :redhat:

Linux containers (OCI Containers) are ephemeral by design, except the volumes, you mount into them. In large scale environments, that can be useful (cattle vs pets argument). But that also introduces new challenges and makes it more complex to manage them.

For my personal environments, I like the approach of FreeBSD jails more. They are just a directory (or ZFS Dataset) with their own, persistent copy of the OS, easy to manage and the networking capabilities are flexible (bridged, vnet, they can be routed, firewalled, etc).

Jails are well aged, are around since FreeBSD 4 back in 2000, the non-ephemeral approach (and the absence of overlay file systems etc) makes them more feel like individual virtual servers than modern Linux containers but with extreme levels of flexibility.

Tools like jmore(8) (by @vermaden) and Bastille (Jails “Templates”) makes them even easier to manage.

#linux#container#freebsd
Suite du fil
Public
Nonilex

#NYC has held onto its control of #RikersIsland w/white knuckles — struggling to show progress & reaching the brink of losing #oversight of the #jails as critics of the system called for an outside authority. Conditions have not improved, acc/to lawyers for the plaintiffs & the federal monitor.

NYC has spent >$500k per inmate annually in recent years, acc/to city data, well beyond what other large cities have spent, & yet detainees still sometimes go without food or proper medical care.

#law
Suite du fil
Public
Nonilex

The official, called a remediation manager, will work with the #NYC correction commissioner, but be “empowered to take all actions necessary” to turn around the city’s #jails, Judge Swain wrote.

“While the necessary changes will take some time, the court expects to see continual progress toward these goals,” she wrote.

#law#PrisonReform#RikersIsland
Public
Nonilex

A federal judge overseeing #NYC’s #jails took #RikersIsland out of the city’s control on Tues, ordering that an outside official be appointed to make major decisions regarding the troubled & violent #jail complex.

The judge, Laura Taylor Swain, said in a 77-page ruling that the official would report directly to her & would not be a city employee, turning aside Mayor #EricAdams’ efforts to maintain control of the lockups.

#law #PrisonReform
nytimes.com/2025/05/13/nyregio

The New York Times · Judge Appoints Outside Official to Take Over Deadly Rikers Island JailPar Hurubie Meko
ExplorerFlux en direct
À propos