FreeBSD 15.0 BETA5 testing, NetBSD GSoC sandboxing via namespaces, and OCI v1.3 adds FreeBSD and more.

Releases

FreeBSD 15.0 BETA5 release available: The FreeBSD Project has announced the availability of the fifth BETA build for the FreeBSD 15.0 release cycle, dated November 7, 2025. This release includes ISO images for multiple architectures, which are available on most FreeBSD mirror sites. The BETA builds are part of the testing phase leading up to the final release, allowing users to evaluate new features and report issues.

BSDSec

No security announcements. As always, it’s worth following BSDSec. RSS feed available.

News

Valuable News – 2025/11/10: The Valuable News weekly roundup curates notable updates and articles primarily focused on UNIX, BSD, and Linux systems, alongside hardware and general tech developments. This edition highlights OpenBSD 7.7’s IPv6 router setup, FreeBSD 15.0-BETA5 improvements, and Chromium’s VA-API support on OpenBSD.

NetBSD GSoC 2025 implements Linux-like namespaces for sandboxing: A Google Summer of Code 2025 project introduced early-stage Linux-compatible namespace support in NetBSD to enable process isolation, focusing initially on UTS (hostname/domain) and mount namespaces. The implementation leverages NetBSD’s kauth and secmodel frameworks to manage namespace lifecycle and credential inheritance, with UTS namespace functionality completed and mount namespace work still in progress. Challenges included semantic differences between Linux and NetBSD (e.g., unmount behavior) and the need for deep VFS modifications, while future work targets PID and user namespaces for full process isolation. The project, originally scoped to compat_linux integration for tools like bubblewrap, expanded to native kernel support, with code available in a dedicated GitHub branch. Mentors and the NetBSD community provided guidance on design decisions and debugging, emphasizing the project’s role in building contributor confidence for open-source development.

FreeBSD added to OCI Runtime Specification v1.3: FreeBSD is now an officially supported platform in the Open Container Initiative (OCI) runtime specification version 1.3, released November 4, 2025, following years of community-driven development. This inclusion enables FreeBSD users to utilize standardized container tools and orchestration platforms, integrating the operating system more deeply into cloud-native workflows while leveraging its existing virtualization strengths like jails. Key milestones included the 2021 release of runj—the first OCI runtime for FreeBSD—followed by additions to Buildah, Podman, and official OCI image support in FreeBSD 14.2. The effort was led by volunteers such as Doug Rabson and Samuel Karp, with contributions from the broader OCI and FreeBSD communities. The achievement positions FreeBSD as a viable option for containerized deployments in cloud infrastructure, edge computing, and enterprise environments.

OpenBSD -current adds VA-API support to Chromium browsers: VA-API hardware-accelerated video decoding has been successfully integrated into OpenBSD’s Chromium and Ungoogled-Chromium ports after an earlier attempt was reverted. The change, committed by Robert Nagy, enables improved video playback performance for supported GPUs, though updated binary packages are not yet available. Intel GPU users will need additional driver ports like intel-media-driver or intel-vaapi-driver for functionality. The Iridium browser port is expected to receive similar support in its next update.

Tutorials

Running WINE Games in FreeBSD Jails with Bastille: This guide details how to configure a FreeBSD jail using BastilleBSD to run Windows games via WINE while maintaining system isolation. The process involves setting up a jail with custom devfs rules to grant access to graphics and audio devices, configuring X11 forwarding for display output, and installing WINE alongside 32-bit compatibility libraries. The Bastille template automates jail creation with necessary packages like wine-devel, mesa-dri, and winetricks, while nullfs mounts share host resources like .Xauthority and fonts. The guide also addresses limitations with Vulkan/dxvk support in WINE 10.x on FreeBSD and suggests workarounds. The approach leverages ZFS snapshots for easy rollback and emphasizes security through jail isolation, though it notes the temporary use of xhost + for X11 access.

GNOME installation guide for OpenBSD 7.8: This guide outlines the process of installing the GNOME desktop environment on OpenBSD 7.8, starting with package installation via pkg_add gnome gnome-extras and enabling required services like gdm and avahi_daemon. It includes post-installation steps such as disabling xenodm and adjusting display scaling for 4K monitors. Additional tweaks cover GNOME extension support via Chromium, requiring modifications to unveil.main for proper permissions. The article also briefly discusses challenges with GNOME’s future on OpenBSD due to the shift away from Xorg, suggesting alternatives like MATE may become necessary.

ZFS disaster recovery for virtualization with Sanoid and Syncoid: ZFS provides robust disaster recovery capabilities for virtualized environments through snapshots, replication, and automated tools like Sanoid and Syncoid. Sanoid automates snapshot creation, pruning, and replication, ensuring consistent backups of virtual machine (VM) images and configurations, while Syncoid orchestrates efficient incremental replication between storage pools. The system supports rapid VM restoration from local snapshots or offsite backups, minimizing downtime in case of failures like ransomware attacks or hardware loss. Monitoring features in Sanoid allow integration with tools like Nagios or healthchecks.io to verify backup integrity and snapshot freshness. The approach emphasizes separating production and backup systems, with considerations for geographic redundancy based on recovery needs, making it adaptable for both enterprise and personal use cases.

OpenBSD CWM configuration breakdown: The article details a user’s configuration for cwm, OpenBSD’s default floating window manager, emphasizing its simplicity and keyboard-driven workflow. Key elements include custom keybindings for window tiling (via window-vtile) and snapping, a minimalist status bar powered by lemonbar-xft displaying time, network, and battery stats, and group management mimicking workspaces. The setup integrates tools like picom for compositing, feh for wallpapers, and rofi for application launching, while leveraging OpenBSD’s base utilities (e.g., apm, ifconfig) for system monitoring. The author highlights cwm’s reliability, auditability as part of OpenBSD’s base system, and flexibility for manual tiling, contrasting it with occasional experiments in other environments like Xfce or Wayland. The configuration reflects a preference for predictability and minimalism, with aesthetic touches like gruvbox-inspired colors and Nerd Fonts.

Did we miss anything?

This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.

Do you have an OSS BSD-related project that you would like to showcase in BSD Weekly? Reply to sender and we can showcase you as a sponsor of an issue (for free).

Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.

Thanks for reading and see you next week! Stay safe!