How can I implement true vps with FreeBSD as a host?

Adam Vande More amvandemore at
Sat Jan 1 02:52:55 UTC 2011

On Fri, Dec 31, 2010 at 8:27 PM, Martes G Wigglesworth <
mailinglistmember at> wrote:

> On 12/31/2010 08:04 PM, Da Rock wrote:
>> Depends on what you mean by 'fair'. I think you can now determine CPU
>> usage in jails, even allocate cores. I think the man pages can tell you more
>> about that, and the docs on You can unmask some devices
>> within the jail and allow only certain jails and users to access it. And
>> finally I think you can jail a jail now, so that might be useful- especially
>> in CPU allocation.
> I was thinking about possible DoS issues with memory management, however, I
> have not read far enough into the Jails docs to find out if there is
> anything new in this arena.  I was actually considering the security aspects
> of memory overflows, etc....

That's why you should read the link I posted which is what the current plan
of action to allow jail resource limiting. It's simply not possible
currently.  There were a couple of different patches for this functionality
for 7.x series but aren't supported officially(see wiki jails for more
info).  You also have to worry about IO and cpu starvation from runaway
processes/attacks as well.  Cpu issues can be mitigated with cpuset(1) and
jails but you have no way to control IO other than renice(8).  Xen gives
similar cpu ability plus IO bandwidth feature.  Virtualbox 4 has smp cpu
assignment feature and a new IO bandwidth limiter but is not in ports yet.

So as already said, if FreeBSD is your host Virtualbox is your only
choice(qemu doesn't count for performance reasons).  If Virtualbox does not
meet your needs, you'll have to find another OS as jails don't provide the
isolation you'll need.

Adam Vande More

More information about the freebsd-questions mailing list