Can I use OpenBSD as an ultra-secure host for virtual machines?

>If you don't want to use OpenBSD, then don't use it
I can't use it even if I wanted to because nodrivers.

fun fact:
the only firewalls the german government is used for outside facing ports do run on openBSD.
Despite their really shitty interface they are actually pretty good though

Yet more rubbish, i don't even know where this meme comes from. OpenBSD driver support is on par with GNU/Linux or at least very close.

>pledge
do I need to edit the source code of the program I want to use it on?

why would you run untrusted and buggy code?

its a server os. it does not need drivers for gaming devices.

literally anything not in the base system could be malicious or buggy
doesn't matter how small the chances are

>the same post every single time

Pledge is primarily a tools for developers so making generic sandbox is not what it shines in. It's possible inject wrapper around program with LD_PRELOAD without ever touching or seeing source code of that program.

What does the base system include then?
Does it have a firewall, dns, web server, dhcp, etc, vpn, infiniband routing, etc?

>chroot
>vm
are you kidding me?
>pledge
lmao are you fucing kidding me

everything in the base system supposedly is heavily audited
the same can't be said for the ports tree

>the same non answers and answers providing non solutions or too complicated solutions every thime

>OpenBSD gives you no way to contain or restrict the execution of untrusted or buggy code.
Everything you need is already there. You won't run untrusted or buggy code if you don't install any other programs. The world has not changed since 1983. Obey the bsd gods.

yes on all except infiniband routing
also load balancer (relayd)
modified Xorg (xenocara) and basic environement (xterm, tmux, wm)
OpenSSH obviously
network redundancy with CARP
VPN with IPSec and IKED
ntpd, smtpd
better list might be this: openbsd.org/innovations.html

what's so bad about chroot?

chroot is insecure by design github.com/earthquake/chw00t

>chroot
insecure, not a solution
>vm running ramdisk
too much overhead for something as simple as restricting access for every single 3d party program
>pledge
sorry, I'm not gonna waste my time editing the source code of every application I use and figuring out which system calls it does or does not need

Use VmWare ESXi. Or SmartOS.

at least grsec on linux has some fixes for it

ok I'm curious, what system do you run and how do you restrict media player, browser, libreoffice or similar, and anything at all?

>what system do you run
arch linux
>how do you restrict media player, browser, libreoffice or similar, and anything at all
firejail, apparmor

Why BSD? Solaris(SmartOs) is much better choice for VM host.

No. It's not secure and the hypervisor is terrible.

Are there any reasons to use OpenBSD, besides "security"?
Should I just use FreeBSD if I want a BSD to dick around with?

>Are there any reasons to use OpenBSD, besides "security"?

only you can really answer this question. they're not trying to sell you anything so you you have to evaluate your own situation.