Shout-out to FreeBSDKit:

FreeBSDKit provides idiomatic Swift, C and C++ interfaces to FreeBSD’s unique system features including Capsicum sandboxing, jails, process descriptors, kqueue-based signal handling, and inter-process communication with descriptor passing. The framework embraces move-only semantics (~Copyable) to model resource ownership explicitly in the type system.

“FreeBSD” hooked me, “move-only semantics” got me interested, “jail” made me read the README.

I only know about FreeBSD’s features from Oliver Epper, but everytime he talk about it, I want to play with the OS. These features sound generally useful to run applications in relative isolation without the Docker overhead. Having a genuinely attractive Swift package for this makes the urge to experiment even stronger!

FreeBSD Jails as an OS-level virtualization option in particular got me interested for NAS/home server work. Code snippet for jail management:

import Jails
import Descriptors

// Build jail parameters
var iov = JailIOVector()
iov.add(key: "name", value: "myjail")
iov.add(key: "path", value: "/jail/myjail")
iov.add(key: "host.hostname", value: "jailed.local")
iov.add(key: "persist", value: true)

// Create jail and get descriptor
let flags: JailSetFlags = [.create, .getDesc, .ownDesc]
var jailDesc = try SystemJailDescriptor.set(iov: &iov, flags: flags)

// Attach current process to jail
try jailDesc.attach()

// Remove jail (requires owning descriptor)
try jailDesc.remove()