![[NetBSD Logo]](/tnf/resource/NetBSD-headerlogo.png)
Google Summer of Code 2025 Reports: Using bubblewrap to add sandboxing to NetBSD
This report was written by Vasyl Lanko as part of Google Summer of Code 2025.
As of the time of writing, there is no real sandboxing technique available to NetBSD. There is chroot, which can be considered a weak sandbox because it modifies the root directory of the process, effectively restricting the process' view of the file system, but it doesn't isolate anything else, so all networking, IPC, and mounts inside this restricted file system are the same as of the system, and are accessible.
There has already been some research on implementing kernel-level isolation in NetBSD with tools like gaols, mult and netbsd-sandbox, but they haven't been merged to NetBSD. Other operating systems have their own ways to isolate programs, FreeBSD has jails, and Linux has namespaces.
The goal of this project is to bring a new way of sandboxing to NetBSD. More specifically, we want to implement a mechanism like Linux namespaces. These namespaces allow the isolation of parts of the system from a namespace, or, as the user sees it, from an application.
NetBSD has compat_linux to run Linux binaries on NetBSD systems, and the implementation of namespaces can also be utilized to emulate namespace-related functionality of Linux binaries.
A simple example to visualize our intended result is to consider an application running under an isolated UTS namespace that modifies the hostname. From the system's view, the hostname remains the same old hostname, but from the application's view it sees the modified hostname.
[Read More] [0 comments]
Google Summer of Code 2025 Mentor Summit in Munich, Germany: travel notes
I just came back home from Google Summer of Code 2025 Mentor Summit. We were 185 mentors from 133 organizations and it was amazing!
After nearly a decade being part of GSoC for The NetBSD Foundation, first as student and then as mentor and org admin, I finally attended my first GSoC Mentor Summit! That was a fantastic, very intense and fun experience! I met with a lot of new folks and learned about a lot of other cool open source projects.
Let's share my travel notes!
[Read More] [0 comments]
Google Summer of Code 2025 Reports: Enhancing Support for NAT64 Protocol Translation in NetBSD, part 2
This report was written by Dennis Onyeka as part of Google Summer of Code 2025.
This is the 2nd blog post about his work. If you have missed the first blog post please read Google Summer of Code 2025 Reports: Enhancing Support for NAT64 Protocol Translation in NetBSD.
This report will dig on how the npf.conf(5) syntax will looks like and details of its implementation.
Google Summer of Code 2025 Reports: Enhancing Support for NAT64 Protocol Translation in NetBSD
This report was written by Dennis Onyeka as part of Google Summer of Code 2025.
The goal of the NAT64 project is to implement IPv6-to-IPv4 translation inside NPF (NetBSD Packet Filter). NAT64 enables IPv6-only clients to communicate with IPv4-only servers by embedding/extracting IPv4 addresses in IPv6 addresses as per RFC 6052 and RFC 6145. We are using a 1:1 mapping for now, to implement NAT64 translation.
[Read More] [0 comments]
Google Summer of Code 2025 Reports: Asynchronous I/O Framework
This report was written by Ethan Miller as part of Google Summer of Code 2025.
The goal is to improve the capabilities of asynchronous IO within NetBSD. Originally the project espoused a model that pinned a single worker thread to each process. That thread would iterate over pending jobs and complete blocking IO. From this, the logical next step was to support an arbitrary number of worker threads. Each process now has a pool of workers recycled from a freelist, and jobs are grouped per-file so that we do not thrash multiple threads on the same vnode which would inevitably lock. This grouping also opens the door for future optimisations in concurrency. The guiding principle is to keep submission cheap, coalesce work sensibly, and only spawn threads when the kernel would otherwise block.
[Read More] [1 comment]
NetBSD 11.0 release process underway
The first NetBSD 11.0_BETA builds are now available
We optimistically hope to have a release candidate late in September (for EuroBSDCon)
[Read More] [7 comments]
New build cluster speeds up daily autobuilds
The new build cluster now in action is able to build a full set of NetBSD-current release binaries in slightly more than three hours.
This is one of the more obvious changes, but a few more things changed behind the scenes — would you like a quick tour?
[Read More] [3 comments]
The NetBSD Foundation 2025 Annual General Meeting summary and logs
On May 17, 21:00 UTC we had The NetBSD Foundation Annual General Meeting on #netbsd-agm IRC channel on Libera.Chat.
We had presentations from:
- board (billc)
- secteam (billc)
- releng (martin)
- core (riastradh)
- finance-exec (riastradh)
- membership-exec (martin, christos)
- pkgsrc-pmc (wiz)
- pkgsrc-security (tm, leot)
- gnats (dh)
At the end we also had a Q&A session open to anyone.
If you have missed it you can find the IRC logs here.
[0 comments]
Welcome to Google Summer of Code 2025 contributors!
We are happy to announce that The NetBSD Foundation will participate in Google Summer of Code 2025 with 3 projects!
Here the list of the projects and contributors:
- Enhancing Support for NAT64 Protocol Translation in NetBSD - Dennis O.I
- Asynchronous I/O Framework - Ethan Miller
- Using bubblewrap to add sandboxing to NetBSD - Vasyl Lanko
For the next 3 weeks mentors and contributors will get in touch for the community bonding period. Mentors will help contributors to get started with the project, introduce them to the community and get more familiar with the codebase and adjusting deliverables for the the project.
Welcome Dennis, Ethan and Vasyl!
[0 comments]
The NetBSD Foundation will participate in Google Summer of Code 2025!
We are happy to announce that The NetBSD Foundation will participate in Google Summer of Code 2025!
Would you like to contribute to NetBSD and/or pkgsrc in the next months? Google Summer of Code is a great chance for that!
You can find a list of possible projects at Google Summer of Code project page. Of course, you can also propose your own!
Please reach us via #netbsd-code IRC channel on Libera.Chat and/or via mailing lists.
If you are more interested about Google Summer of Code please also check official homepage at g.co/gsoc.
Looking forward to a great Summer!
[0 comments]
Google Summer of Code 2024 Reports: Test root device and root file system selection
This report was written by Diviyam Pat as part of Google Summer of Code 2024.
This summer I worked on NetBSD's kernel test framework to cover root device discovery and root file system selection. This area of the kernel is not very well documented and program flow has to be determined by reading the code.
I would also like to tell you about my early interactions with the project, let me start with project findings.
[Read More] [0 comments]
NetBSD 10.1 available!
The NetBSD project is pleased to announce the first update of the NetBSD 10 release branch
NetBSD 10.1!
See the release announcement for details.