Updating packages in Jails

Matthew Seaman m.seaman at black-earth.co.uk
Tue Feb 9 07:56:07 UTC 2010

On 08/02/2010 22:13, Gary Gatten wrote:
> Hopefully this isn't considered a hijack, but what are the *main* diffs
> between jails and vm's?  I've never worked with jails but read about
> them several times.  Do they allow controlling of CPU cycles, Memory
> regions, etc. in the same manner as the file system(s) and network?
> Asked another way, what are some Usage cases where jails would be equal
> or more appropriate than full on vm's and vice-versa.  We use vm's quite
> extensively and I'm wondering of some of these can be done in jails
> instead.

The principal difference between Jails and full virtualisation is that
a the base system and all jails on a machine run inside a single kernel
instance.  Jails see some or all of the same hardware which is shared
with the base system and may be shared with other jails.  Thus all
jails have to run FreeBSD, and while you can install and run an older
user-land on a newer base fairly successfully, (eg. a 7.2 jail running
on an 8.0 base system) you can't do the converse.  Trying to run an
i386 jail on an amd64 base system is also not recommended.  VMs don't
have these limitations.

The big advantage of jails is that they are very light-weight.  You get
the management advantages of virtualisation with almost none of the
virtualisation overhead, other than disk usage.

The whole jail concept is an elaboration of the well-known Unix
chroot(2) system call.  Jailing adds to this dedicated IP addresses for
the jail -- but not a complete network stack just yet, so, for
instance, you can't run a firewall inside the jail.  Virtualisation of
the network stack is a work in progress: google for VNET and VIMAGE if

You can use standard limits(1) controls on resource usage in the jail,
and you can use cpuset(1) to tie jailed processes to specific CPU
cores.  Quotas tend not to work very well in jails: to control
filesystem usage, it's best to create a separate filesystem of the
appropriate size specifically for the jail.  This is a very good
situation for handling by ZFS.



Dr Matthew J Seaman MA, D.Phil.              7 Priory Courtyard, Flat 3
Black Earth Consulting                       Ramsgate
                                             Kent, CT11 9PW
Free and Open Source Solutions               Tel: +44 (0)1843 580647

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 267 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20100209/aeb28f53/signature.pgp

More information about the freebsd-questions mailing list