Why does OpenBSD not have jails, like FreeBSD?

Since this thread is about BSD, wasn't there an user that was looking for Henning Brauer's presentation about ISPs?

The rest of the BSDCan presentations are finally up on youtube:
youtube.com/watch?v=AOidjSS7Hsg&list=PLeF8ZihVdpFfoEV67dBSrKfA8ifpUr6qC
Playlist starts here.

That was me thanks for reminding me of that user.

Because OpenBSD doesn't ship shit.

When they do virtualization, it will be done correctly, your 'jails' will be instantly depreciated

It's that attitude that feeds the trolls that hang in here, you do know that, right?

Doesn't make my argument false.

If you really want to shill freebsd, there is Hacker News for that.

Because it has chroot, and unlike some OSes, it takes full advantage of it, and utilizes it extensively to accomplish the exact same things you'd want to use Jails for. No need to reinvent the wheel, or let a retarded dipshit like Poettering close enough to start trying to "fix" stuff, or anything like that.

Psst...if you're relying on Jails to secure your system, then you are doing it very wrong. You should ensure that you have a secured system, before you even think about implementing Jails. Jails are an additional measure, not your first line of defense. They won't do you a bit of good on an unsecured system, and I believe the FreeBSD handbook even explicitly tells you this. You have read the handbook haven't you? freebsd.org/doc/handbook/jails.html#jails-synopsis

>Jails are a powerful tool, but they are not a security panacea. While it is not possible for a jailed process to break out on its own, there are several ways in which an unprivileged user outside the jail can cooperate with a privileged user inside the jail to obtain elevated privileges in the host environment.

so when will we see virtualization in OpenBSD?

It's where you go for watching anime in Canada

Not sure, but I think -current already has it.

>utilizes it extensively to accomplish the exact same things you'd want to use Jails for

how? jails are much more capable and comprehensive than chroot

Oh, interestingly the VM tools are already there in the latest -release.

So is the daemon, so I guess it's there already but it can't boot anything but OpenBSD yet.

maple syrup and hockey make you hate japan

but I only use maple syrup and I'm a Penguins fan.

in two years it will support linux and maybe freebsd. it will almost be as useful as containers with selinux.

>before you even think about implementing Jails
so openbsd is not a secure system?

>retarded dipshit like Poettering
at least he's better than you, right? what have you accomplished?

Not him, but you two should rub dicks together.

>Not him, but
please

>ever thinking openbsd was about security
strlcpy is a buggy piece of shit. If a string is too long for the destination then it shouldn't just truncate it and silently continue. It should either signal an error or if it's on the heap, reallocate so that it fits. And if you really want strlcpy behavior it should use *((char *) mempcpy (dst, src, n)) = '\0' which is way faster than the shitty OpenBSD way of doing it, since when copying a string you should ALWAYS know the length anyways.
And they completely stole W^X from PaX

Jails won't protect you from the FBI backdoors

OpenBSD never claimed they invented all the security features it has.

>Sometimes these ideas have been used before in some random application written somewhere, but perhaps not taken to the degree that we do.
What they mean by this is that they're extremists and will enable those protections EVEN if it breaks the userland completely. They have done so many times before and will keep doing it in -current.

>strlcpy is a buggy piece of shit
it's worthless shit, but it's not buggy
>either signal an error
it does; the return value will be greater than the size argument
>or if it's on the heap, reallocate
it can't know that
>want strlcpy behavior it should use *((char *) mempcpy (dst, src, n)) = '\0'
no, that's silently truncating
>when copying a string you should ALWAYS know the length anyways
yes, BOTH lengths, of destination and source, and the proper way to copy is simply memcpy(dst, src, src_len + 1);
>stole W^X from PaX
b-but INNOVASHUN! :^)

they haven't innovated them yet! but soon...

>using the smiley with a carat nose

Because it uses the best security model ever invented: security by wishful thinking. If you think you're secure, no matter the reality, nothing can possibly touch you. Who needs defense in depth? Who needs jails? That's just bloat. Believe and be free!

no amount of jailing can save a stupid sysadmin

Any amount of jailing, even the bare minimum, CAN save a stupid sysadmin. The more security layers you add, the more secure an OS is, even from the most retarded sysadmin on the planet.

I'm a machinist. I work in the family shop, which I will one day own a piece of. I do most of the CNC work around there. I know, it's nothing as glamorous as being the "brains" behind the systemd, Pulse audio, and other such malware, but I'm not looking for glory. Just a really decent living, that allows me to pay the bills, and enjoy life a little bit. You?

>marc.info/?l=openbsd-misc&m=119318909016582
> Virtualization seems to have a lot of security benefits.

You've been smoking something really mind altering, and I think you
should share it.

x86 virtualization is about basically placing another nearly full
kernel, full of new bugs, on top of a nasty x86 architecture which
barely has correct page protection. Then running your operating
system on the other side of this brand new pile of shit.

You are absolutely deluded, if not stupid, if you think that a
worldwide collection of software engineers who can't write operating
systems or applications without security holes, can then turn around
and suddenly write virtualization layers without security holes.

You've seen something on the shelf, and it has all sorts of pretty
colours, and you've bought it.

That's all x86 virtualization is.

>there are people who take openbullshitdund seriously when things like these are all over the mailing lists

he's right, you know

>pulseaudio
>systemd

All a person needs to do is not be bad/criminal. Then they are better than potter. Maybe not more accomplished, but a better human bean.

FLYERS
L
Y
E
R
S

How do jails compare against linux cgroups+namespacing? (e.g. via systemd's machinectl)

>better human bean
yes you are

poorly

>he's bad because he devotes his time to write software to benefit other people
Sounds like you're shit.

Can you be specific? Examples? Pros and cons? Difference list?

I don't want some "muh systemd is bad" meme-tier shilling, I want to know what the actual facts are

gaols*

get it right u fucken new fags

>benefit
arguable

>benefit

Motherfucker, are you for real? When Windowsfags install Ubuntu and ditch it because the sound doesn't work, it's usually PulseAudio causing the problem.

systemd will eventually become the same way. He's already gone ahead and made it clear that he doesn't give a shit and that he won't bend for compatibility that he needs to provide because he's a lazy fuck.

Poettering firmly believes that Linux is "primitive", and for it to be "modern", it has to implement all of the shittiest, most obtuse aspects of other systems.

> stole W^X from PaX
> stole

kill yourself retard (and just before you do, read how th GPL and BSD licences work)

kek! enlightening

>underrated post
very

Hey user-kun, why not just suggest this change on the CVS tree if you think you know better? If you're right than I'm sure Theo will make the changes.

>Windowsfags install Ubuntu and ditch it
I'm ok with that.
>he won't bend for compatibility
Perfect! Shit from the 70s needs to die already.
>Poettering firmly believes that Linux is "primitive"
He's right.

>I'm sure Theo will make the changes
bwahahahahahaha, the """innovashun""" theo? the """we don't need MAC, but we'll implement the half assed tame/pledge""" theo? the """we don't need VMs... hey guise, we innovated vmm""" theo? yeah, he's a reasonable guy! BWAHAHAHAHAHAHA!

This. Theo the rat is plain demented, and people who believe in him are outright mental midgets.

do you really think anyone will take you seriously if you write like this

oh noes, the deluded theo fans won't take me seriously? what am I gonna do? bwahahahahaha

Autism. The silent killer.

>bwahahahahaha
could you be any more of an obnoxious faggot

i almost want to put that in my filter

There is no way you're not underage

we broke him, finally

we did it reddit

how else could he be spending days here posting retarded shit like this

>obnoxious
uuuuu, your mental illness can't handle the truth? poor babby! hurry, run to theo and give him a quick suck!

>it's true and you rekt our asses but we didn't like the way you said it
bwahahahahahahaha, stay cucked! :^)

Y-yeah! The Theo that changed Nginx for Httpd because it was actually better than Nginx? The Theo that agreed we needed to clean the OpenSSL code base and make LibreSSL? The theo that realized SMTP servers were needlessly complex and took in OpenSMTPd? OpenBSD developers have done a lot of great things in the past... Don't see why they can't do anything great again...

>Y-yeah
bwahahahahahaha

>openplacebofags are literally this retarded
Toppest kek buddy boy.

don't project your homosexuality on others

>we're not homosexuals
>we're just grateful and we choose to please him with our mouths
bwahahahahahahahaha

you dont even know how happy i am right now that you're posting like this

you're just making yourself look like a child lmao

>cuck license
No thanks.

>how happy i am right now
>look like a child
pedo too? I guess it's a requirement to be severely mentally damaged to be part of openbsd! bwahahahahaha

never stop

>I got told
REKT
E
K
T

Soon user... Soon

yeah, but virtualization bugs are much more rare than kernel bugs due to code size and hardware limitations.

Yeah but I think Theo's response was more of an embellished "fuck off and do it yourself".

I guess if someone does it on their own and they do it right, he'll accept it.

Because its made by a fat neet in his basement.

>I have no clue what we're discussing so I'll just post some total bullshit
Spotted the twelve year old