|
|
|
|
|
|
by yjftsjthsd-h
107 days ago
|
|
|
I'm a little surprised; I guess I would have assumed that if netbsd got jails they'd be an outgrowth of rump kernels with improved security properties. No big deal, just unexpected. > Jails share the host network stack by design. > This keeps routing, firewalling, and interface management simple on the host. > Listening ports can be reserved per jail. > Port ownership is enforced by the kernel, preventing accidental conflicts while preserving a straightforward host-centric network model. It's perfectly reasonable to have a different approach, but on Linux I'll say I really prefer that each container has its own view of ports; it is specifically useful that I can run multiple copies of the same app and they can all bind :8000 or whatever and that just works. |
|
|