The next talk to be announced is of particularly interest to me.  I remember when I first heard about sysjail a couple years ago, and enjoyed Kristaps Džonsons’ talk about it at NYCBSDCon 2006.  Unfortunately for fans of sysjail, systrace (the mechanism it is based on) was found to have vulnerabilities that neutralized much of its usefulness.

Kristaps is obviously a dedicated individual that doesn’t give up easy.  He’s been busy working on a new process isolation mechanism called mult.

In NetBSD and OpenBSD, user-land process and process-context isolation is limited to credential cross-checks, file-system chroot and explicit systrace/kauth applications.  I’ll demonstrate a working mechanism of isolated process trees in branched OpenBSD-4.4 and NetBSD-5.0-beta kernels where an isolated process is started by a system call similar to fork; following that, the child process and its descendants execute in a context isolated from the caller.  This system is the continued work of “mult” — first prototyped in a branched NetBSD-3.1 kernel and isolating all system resources — pared down to a lightweight, auditable patch of process-only separation for both OpenBSD and NetBSD.  I specifically address solutions to performance issues and mechanism design with an eye toward more resources being isolated in the future.

This sounds pretty cool, but most of it went over my head.  I went back to Kristaps, asking him to pretend I’m a Linux user.

mult allows the creation of isolated instances, similar to jails on FreeBSD, but considerably more robust, feature-rich, safe and scalable.

An instance contains a process and all of its descendant processes.  Once started, an instance’s processes are invisible to the caller; similarly, the caller is invisible to the instance.

Ok, that makes more sense.  How far along are you with mult?  Is it usable today for the average BSD administrator?

In the current version of mult, which is a lightweight re-write of the NetBSD-3.1 prototype, only pids, pgids and file descriptors are isolated.  Thus, a process can’t stat other instances’ processes, even if of the same pid.  However, users are still unisolated, so using setpriority on a user will affect all instances.  New stuff can be easily appropriated, but my intent is to (re-)start small and clean.

% instproc — /usr/sbin/sshd -df /var/jail/etc/ssh/sshd_config

This starts a process, sshd, where a connecting user will only “see” (e.g., via ps ax) the sshd process and its descendants.  Similarly, the caller will not see the started sshd.

Good stuff.  I’m really anxious to hear Kristaps talk about this project and how useful it will be in the near future.  If I had a crystal ball, I bet I’d see quite a few ShmooCon attendees sneaking into this talk.  Don’t let them steal your seat… register now and get your barcode!

News kernel, Kristaps Džonsons, mult, NetBSD, OpenBSD, process, security, sysjail, systrace

Now I understand why speaking and attending at conferences is so much fun.  Because I’ve never had to organize one.  Some of the drudgery of the daily organization is rewarded when the Call for Papers ends and you get to start voting on the speakers and talks that will comprise the conference agenda.  It’s not entirely dissimilar from choosing your best lineup for a fantasy sports league.

If I take the creator of FFS that leaves me weak at RAID Drivers and IPv6!  Can I trade down for more picks?

Thankfully we had a wealth of great submissions to choose from.  As a BSD user and advocate, I’m geeked out about the final lineup we have to offer.  I think you’ll be really pleased with the speakers and talks we’ll be presenting in February.  But it wouldn’t be any fun if I just announced the entire schedule Tout de suite, now would it?

We’re going to reveal a new speaker every few days, starting this Thursday.  Check back here for the formal announcement which will appear shortly thereafter on the official website.  If you haven’t already, take advantage of the RSS feed so you’ll be always be up-to-date on the latest conference tidbits.

We’ve had a lot of folks ask about the event registration.  This will be opening up very soon.  Please be patient while we iron out a few more details.  As always, it will be published here first.

I’m really looking forward to DCBSDCon 2009, and by the response we’ve been getting, a lot of you are too.  Don’t forget to register for ShmooCon if you’re planning to attend both (uber geek).  See you in February!

News BSD, DragonFlyBSD, FreeBSD, NetBSD, OpenBSD, ShmooCon

Despite my inability to form a coherent thought, Will Backman saw fit to invite me on BSDTalk to discuss DCBSDCon 2009 (mp3, ogg). We covered the usual points, but this also gave us a chance to announce two of our confirmed speakers.

Dr. Marshall Kirk McKusick is a pioneer in the BSD movement. He designed the original Fast File System (and UFS2… and softupdates… you get the point) and is one of the authors of the Design and Implementation series of books.

Henning Brauer is an OpenBSD developer and one of the major forces behind PF, OpenBSD’s packet filter subsystem. He is also the creator of OpenNTPD and OpenBGPD.

We also touched on the SysAdmin Challenge. I think that participants will really have a fun time with this event. If you have suggestions for any of the challenge goals, please add them as a comment below.

Oh yeah, and registration will be open very soon. Don’t blink or you might miss it.

News BSD, bsdtalk, DragonFlyBSD, FreeBSD, Henning Brauer, Kirk McKusick, NetBSD, OpenBSD, security

Welcome to the official blog for DCBSDCon, the shiniest BSD conference in North America. We’re looking forward to our inaugural event and hope you can attend. We’ve got an incredible lineup of speakers for a first-year conference. Details about the speakers and their talks will be revealed in the coming weeks. Consider this blog your bendie-straw for slurping in the BSD conference goodness.

Besides all the brilliant talks you’ll find at DCBSDCon 2009, the BSD Certification Group will be in attendance to hold a pair of exams. The BSDA has made tremendous strides in putting together a professional certification that covers all of the major BSD projects. You can find more details at their FAQ or brush up on the exam criteria on the study page.

The 2009 Call for Papers ended this week with a flurry of last-minute submissions. We’ve already started stirring them up to see which topics rise to the top. Many of these are brand new talks from established developers, but we should have some fresh BSD talent to showcase as well. Keep an eye on this blog as we unveil the speakers and their topics.

If you’ve been to Washington D.C. before, you know what an exciting place it is. If you haven’t been, this is your chance to experience our nation’s capital city and BSD at the same time! On top of everything else, we’re kicking off a fun week that culminates in the annual ShmooCon hacker convention. Bruce Potter, founder of the Shmoo Group, is a big BSD fan and has offered up one of his own ShmooLabs team for sacrifice at the DCBSDCon altar! Attendees will be treated to an overview of the ShmooCon architecture and how BSD plays a critical role in their network infrastructure.

Oops, guess I just announced our first speaker!

Registration for DCBSDCon will open up very soon. We’re announcing it in a few very public places. If you’re a BSD fan it should be very hard to miss. But rest assured we’ll mention it here too. Mark it on your schedule now, see you all in February 2009!

News BSD, BSDA, FreeBSD, NetBSD, networks, OpenBSD, security, ShmooCon, sysadmin, unix