One of the proposals selected for funding earlier this year was for jail based virtualization. Bjoern Zeeb, the developer being funded, recently provided an update on the progress of this project:
Bjoern A. Zeeb has been awarded a grant to improve FreeBSD's jail based virtualization infrastructure and to continue to work on the virtual network stack. His employer, CK Software GmbH is matching the Foundation's funding with hours.
FreeBSD has been well known for its jail based virtualization during the last decade. With the import of the virtual network stack, FreeBSD's operating system level virtualization has reached a new level.
This project includes cleanup of two years of import work and development and, more notably, brings the infrastructure for a network stack teardown. Cleanly shutting down a network stack in FreeBSD will be the major challenge in the virtualization area to get the new feature to production ready quality for the 9.x release
lifecycle.
Further, the project includes generalization of the virtual network stack framework, factoring out common code. This will provide an infrastructure and will ease virtualization of further subsystems like SYSV/Posix IPC with minimal overhead. All further virtualized subsystems will immediately benefit from shared debugging facilities, an essential feature for early adopters of the new technology.
Improved jail based virtualization support, that continues to be very lightweight and as easily manageable as classic jails, will be a killer feature for the next few years. It will allow people to partition their FreeBSD server, run simulations
without racks of hardware, or provide thousands of virtual instances in hosting environments fairly easy and efficiently. While this follows the trend of green computing, it also adds to FreeBSD's virtualization portfolio with Xen or other more heavyweight hypervisor support, which can be mixed with jails as needed.
While work in this area will have to continue, the funding for this project will end mid-July 2010.
Throw in Capsicum into the mix as well:
ReplyDeletehttp://www.trustedbsd.org/2010usenix-security-capsicum-website.pdf
http://www.cl.cam.ac.uk/research/security/capsicum/
It looks like a winner!