1679277826 M * jrayhawk Is there any userspace virtualization technology doing kernel-versioned pseudo-filesystem namespace security nowadays? All I seem to find are harebrained unversioned AppArmor rulesets.
1679281532 M * jrayhawk openvz and vserver seemed like the only ones doing this the sane way
1679282087 M * jrayhawk ah, looks like the lxc project has a FUSE shim
1679286815 M * jrayhawk https://dl.acm.org/doi/pdf/10.1145/3381052.3381315 it's funny how much heavier weight the network stacks are than vserver because they don't patch the kernel; tun/tap/br are all awful if all you want is IP-to-network-namespace mapping
1679297496 J * Ghislain ~ghislain@adsl2.aqueos.com
1679311778 Q * Romster Ping timeout: 480 seconds
1679313009 J * Romster ~Romster@202.169.118.85
1679356009 Q * Ghislain Quit: Leaving.