David Chisnall

> > if a future version of FreeBSD changes the names of the resources or actions, the format can be stable > > Is this likely? Have the resources or...

Ideally, a Linux container would be a Linux container with the associated Linux-specific metadata and so the FreeBSD port of containerd / runj would contain the logic for setting these...

> Revert the commit I linked above and see if that fixes it. If so, we'll need to figure out what I screwed up (and the other steps will still...

I'm not 100% sure that the cause is the new code or if it's a race condition that is triggered more of the time in the new code. I had...

It doesn't look as if `jexec` does anything with the TTY, it just inherits whatever the caller had. It does take care to propagate the `TERM` environment variable, even if...

Thanks for the excellent write-up. I am *really* nervous about anything involving nested jails because you need to be very careful to avoid jail escapes when you use nested jails....

Thinking about this a bit more, it feels like Docker is a much better fit for the non-VNET model. The jails I used to manage had a very simple networking...

> That won't work afaik, because Docker containers assume localhost to be 127.0.0.1, and assume it to be non shared. > Afaik vnet is needed to give a jail its...

I agree with @nwf's comments, with one proviso: The requirement for zeroing in revocation is that everything in a reusable region is zeroed and not userspace writeable *at the start...

[ Writing up some discussion offline with @nwf ] It would be good (on pre-Milan x86, where there's no broadcast TLB invalidate) if we could defer that so that: 1....