Running common services on FreeBSD is simple. But sometimes you want to run several services on the same OS instance and have each service safely ‘contained’ away from one another. A web service isn’t a lot of use unless it’s presented to the internet, but that also opens up the possibility of a security compromise.| FreeBSD Foundation | A non-profit organization dedicated to supporting and bu...
Netgraph for the Rest of Us Netgraph for the Rest of Us Making FreeBSD’s powerful networking framework accessible to everyone who runs jail and VM guests By Daniel J. Bell A few years ago, I wrote about leveraging FreeBSD in datacenters as a performant and cost-effective alternative to cloud options using tools in the FreeBSD| FreeBSD Foundation
TOC Preamble Poudriere installation Removing unwanted dependencies More complex examples of deWaylandization Ports flavors Patching Makefile Results and thoughts Notes Preamble My everyday FreeBSD system has two good old components for graphics and sound — the X Server and the OSS. There are simple reasons to use these components — they are mature, they have tons of user documentation, use case examples, etc. I also like the way these things have been used in the FreeBSD world. Le...| Dragon’s notes
Using OpenBSD as a daily driver, I got used to having programs being restricted in their permissions. Especially Web Browsers from ports that are patched to implement pledge(2) and unveil(8). Long story short, this guarantees that Firefox, Chromium & friends will get killed if they try to access system resources that they were not allowed to access; be it a device or a file system space. FreeBSD 14.1, AFAIK, does not implement such feature. And getting a bit paranoid because of “Fish Linux...| www.tumfatig.net
Jails improve on the concept of the traditional chroot environment in several ways| FreeBSD Documentation Portal
Responding to RedHat’s latest rug-pull.| www.sacredheartsc.com
More about this in the article I wrote to accompany my talk at EuroBSDCon 2024.| IT Notes
