isolation of GO lang application (jail and chroot)
Sergei G
sergeig.public at gmail.com
Mon Aug 15 18:58:46 UTC 2016
Hi,
I have a small web application (using GO language) that I wrote and need to
run as a daemon. I would love to expose it to Internet in a safe and
secure way.
I know I can load a jail (I use qjail) and load application that way. I
will then forward requests from nginx to the tail. That's what I typically
do. The jail is a mini copy of operating system with application running
inside of it.
I'd like to lighten the configuration effort.
chroot comes to mind, but I have not done that. Do I have to code chroot
as a system call from inside my GO language application? Or can I chroot
just like I do jails?
Can I jail just a single process without setting up a copy of operating
system? That's what ideally I would like to do.
My application does open a TCP/IP socket for serving data and works with
local file system.
Do you have any recommendation?
Thank you
More information about the freebsd-questions
mailing list