To jail, or not to jail?

Ruben de Groot mail25 at bzerk.org
Sun Jan 17 13:05:52 UTC 2010


On Sat, Jan 16, 2010 at 06:21:59PM -0600, Kirk Strauser typed:
> I've been having fun playing with jails on my home server. There's one 
> for databases, one for a webserver, another for using as a play shell 
> server, etc. We use jails heavily at work for encapsulating services, 
> and I can make a pretty good argument there for doing so. In general, 
> though, do you see jails as particularly important or useful when not in 
> a hosting environment where you're giving root access to an untrusted 
> party? How far do you go toward segregating services? Theoretically, you 
> could have a jail per daemon, but it seems like down that path lies madness.

Not long ago, I've setup some development servers with ezjail where different
developers can each rapidly create standard jailed environments and do their
dev and test work there, and discard them when they're finished.
Next to hosting, I believe this is another environment where jailing is a great
advantage.

Ruben



More information about the freebsd-questions mailing list