To jail, or not to jail?
kirk at strauser.com
Sun Jan 17 00:22:01 UTC 2010
I've been having fun playing with jails on my home server. There's one
for databases, one for a webserver, another for using as a play shell
server, etc. We use jails heavily at work for encapsulating services,
and I can make a pretty good argument there for doing so. In general,
though, do you see jails as particularly important or useful when not in
a hosting environment where you're giving root access to an untrusted
party? How far do you go toward segregating services? Theoretically, you
could have a jail per daemon, but it seems like down that path lies madness.
More information about the freebsd-questions