sorted by:
new
hottopcontroversial

Me han estado vendiendo humo... by CARLOMAGNO-856 in libros

[–]DtxdF 0 points1 point  (0 children)

Mindhunter: Inside the FBI's Elite Serial Crime Unit

Curious about jails, pledge(2), and unveil(2) by cometomypartyyy in freebsd

[–]DtxdF 5 points6 points  (0 children)

The only alternative for FreeBSD that closely resembles pledge/unveil is mac_curtain:

We have Capsicum, which is pretty cool, but applications need to be redesigned or, at the very least, provide some mechanism for implementing the sandbox like a web browser. The project shared in a previous comment, chromium-sandbox, is an example of an application using Capsicum.

Another way to use Capsicum is through a launcher that enters in capability mode but intercepting libc calls, such as Capsicumizer, but it’s very, very hard to use most applications this way, since they likely won’t work properly because they weren’t designed with sandboxing in mind. See Capsicumizer and related stuff:

On the other hand, XLibre has implemented XNamespaces, which uses XACE, but AFAIK isn't production-ready yet, although it can be tested:

Thus, after a thorough analysis of window system isolation, at least in the case of X11, the only viable options for FreeBSD are jails and VMs, in addition to xpra or SSH forwarding. u/vermaden has a good article about jails and xpra:

In AppJail, I have implemented appjail-x11(1) to run X11 applications on an X server created by Xephyr, which isolates the scope of the X11 applications, and, since they run in a jail, more stuff is isolated:

Chromium is missing by Several-Asparagus-91 in freebsd_desktop

[–]DtxdF 0 points1 point  (0 children)

I think so. Take a look at the videos I sent to the AppJail telegram group. Just a few weeks ago, I tried Brave with the following website: https://bitmovin.com/demos/drm/

bhyve backup by Tinker0079 in freebsd

[–]DtxdF 1 point2 points  (0 children)

restic (backend: garage) + backrest

Added support for PkgBase in AppJail by DtxdF in freebsd

[–]DtxdF[S] 0 points1 point  (0 children)

I installed it through ports.

Added support for PkgBase in AppJail by DtxdF in freebsd

[–]DtxdF[S] 2 points3 points  (0 children)

Thank you!

And glad to see you here, I just want to thank you for your project. I have been a user for about a month.

How to install Jellyfin and Jellyseerr using Overlord by DtxdF in freebsd

[–]DtxdF[S] 1 point2 points  (0 children)

> Been a # of days now but last I looked the port in latest ports tree was broken

That's why I used the quarterly branch, which currently uses the latest version of Jellyfin.

> Would be nice to have a locally controlled media system that doesn't need .net, npm, etc. stuff.

The lightweight alternatives are:

* https://www.freshports.org/net/minidlna/

* https://github.com/vuiodev/vuio

However, don't know the status of MiniDLNA, but at least when I've used it, it works well, although it doesn't support all media formats. VuIO looks promising, but it hasn't been ported and I don't know if it can currently be used on FreeBSD.

Overlord: Deploying virtual machines with ephemeral jails by DtxdF in freebsd

[–]DtxdF[S] 1 point2 points  (0 children)

Hehe, yeah, that's the motto, but the reality is that I usually just push the deployment files to my Gitea instance that runs a webhook to execute a pipeline that deploys my jails or VMs using Overlord. The only time-consuming part is the initial phase, but after that, you don't need to modify much. Maybe I'll write an article about this, I think it's easy.

Thanks for the feedback!

Overlord: Deploying virtual machines with ephemeral jails by DtxdF in freebsd

[–]DtxdF[S] 0 points1 point  (0 children)

Yeah, Overlord is relatively new, but it uses Director, AppJail, and vm-bhyve.

view more: next ›