Information on Setting up a Jailed Webserver

Adam Vande More amvandemore at gmail.com
Thu Aug 27 15:03:04 UTC 2009 

On Thu, Aug 27, 2009 at 9:13 AM, APseudoUtopia <apseudoutopia at gmail.com>wrote:

> On Wed, Aug 26, 2009 at 11:35 PM, Erich Dollansky<erich at apsara.com.sg>
> wrote:
> > Hi,
> >
> > On 27 August 2009 am 11:10:37 Adam Vande More wrote:
> >> On Wed, Aug 26, 2009 at 9:59 PM, APseudoUtopia
> > <apseudoutopia at gmail.com>wrote:
> >> >
> >> > Also, how memory-intensive is a jail?
> >>
> >> Very light when compared to other virtualization methods.
> >
> > jails share the kernel but not the world.
> >
> > So, there will be only one kernel loaded but all libraries in use
> > will be loaded individually by each jail when needed.
> >
> > Jails need some more disk space as the world, all libraries needed
> > and all applications needed are installed individually in each
> > jail.
> >
> > This can be minimised with proper planning of what runs it what
> > jail.
> >
> > Erich
> >
>
> Thanks for the helpful replies. I have a couple of questions:
>
> When a jail is compromised, the only thing I have to do to recover the
> system is delete the jail and create a new one, correct? The host
> system is untouched even if a jail is compromised?

Really depends on how you're using the jail, but under standard usage yes.

>
>
> And how does the upgrade process work? I know the userland must be the
> same for the host system and the jail. If I want to upgrade to, say,
> FreeBSD 8 when released, what is the process? I'd imagine it goes
> something like this, but I'm not sure:
> -Shut down jail
> -Upgrade host system
> -Install host binaries
> -Install jail binaries
> -Restart jail
>
> Or is there more to the process than what it seems?

That's the basic process, however as mentioned before checkout ezjail.  It
makes administering multiple jails much easier and can save you disk space.

>
>
> Thanks again.
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
>



-- 
Adam Vande More

More information about the freebsd-questions mailing list