NetBSD Multimedia Resources List
Links on this page refer to multimedia resources (podcast, vodcast,
audio recordings, video recordings, photos) related to NetBSD or
of interest for NetBSD users.
This list is available as chronological
overview, as a tag cloud and
via the sources.
This list is also available as RSS feed
If you know any resources not listed here, or notice any dead links,
please send details to
Edwin Groothuis so that
it can be included or updated.
Tag: process isolation
Kristaps Dzonsons - Process isolation for NetBSD and OpenBSD
Added: 24 May 2009
Tags: dcbsdcon, dcbsdcon2009, slides, openbsd, netbsd, process isolation, kristaps dzonsons
PDF (687 Kb, 27 pages)
In NetBSD and OpenBSD, user-land process and
process-context isolation is limited to credential
cross-checks, file-system chroot and explicit
systrace/kauth applications. I'll demonstrate a
working mechanism of isolated process trees in
branched OpenBSD-4.4 and NetBSD-5.0-beta kernels
where an isolated process is started by a system
call similar to fork; following that, the child
process and its descendants execute in a context
isolated from the caller. This system is the continued
work of "mult" -- first prototyped in a branched
NetBSD-3.1 kernel and isolating all system resources
-- pared down to a lightweight, auditable patch of
process-only separation for both OpenBSD and NetBSD.
I specifically address solutions to performance
issues and mechanism design with an eye toward more
resources being isolated in the future.