isolation of GO lang application (jail and chroot)

Sergei G sergeig.public at gmail.com
Mon Aug 15 18:58:46 UTC 2016


Hi,

I have a small web application (using GO language) that I wrote and need to
run as a daemon.  I would love to expose it to Internet in a safe and
secure way.

I know I can load a jail (I use qjail) and load application that way.  I
will then forward requests from nginx to the tail.  That's what I typically
do.  The jail is a mini copy of operating system with application running
inside of it.

I'd like to lighten the configuration effort.

chroot comes to mind, but I have not done that.  Do I have to code chroot
as a system call from inside my GO language application?  Or can I chroot
just like I do jails?

Can I jail just a single process without setting up a copy of operating
system?  That's what ideally I would like to do.

My application does open a TCP/IP socket for serving data and works with
local file system.

Do you have any recommendation?


Thank you


More information about the freebsd-questions mailing list