started playing with jails

Bill Moran wmoran at
Wed Mar 21 16:10:33 UTC 2007

In response to "Jonathan Horne" <freebsd at>:
> 4) what about kernel and system updates?  i would assume that i would have to
> manually update these jails when i buildworld and kernel for other systems as
> well (ie, that updating the host would not also update the jails)?

Yes, except this is another place where the ezjail port makes life a breeze.
ezjail pretty much automates upgrading all your jails at once (except ports).

> 5) how about memory?  is it basically one giant shared pool of physical memory
> between the host and guests?  is there any sort of memory "target" that i should
> try to meet in order to have my jails run the best the can (or a ratio of memory
> to host/jails)?

There's no hard and fast rule that I know of.  The more stuff you run in
each jail, the more each of those will require.  If you run relatively
lightweight jails, you don't need as much.

I've documented some of the stuff I learned here:

It only describes creating a lightweight jail for sshd, but you can
follow a similar process for httpd, or an email server, or whatever.
Saves a LOT of memory and process space.

Also, ezjail saves a LOT of disk space as you create more and more
jails as it uses nullfs mounts to duplicate the base install instead
of copying it.

> finally, i suppose the best configuration might be to have my host just a
> minimal install (avoiding anything that i dont need to function), and have my
> jails set up as my service-providing hosts?  and are there any services that
> just dont work well in a jail (i think i can see NFS being one).

Mostly.  We run hardware-related stuff on the host system (i.e. snmpd) as
well as some universal services (A DNS cache, sendmail).

I've had trouble getting programs that use shared memory (such as Postgres)
to run inside a jail, but it's been a while since I've tried.

Bill Moran

More information about the freebsd-questions mailing list