isolation of GO lang application (jail and chroot)
Aleksander Alekseev
afiskon at devzen.ru
Mon Aug 15 19:43:30 UTC 2016
Hello, Sergei
There is a good chapter about jails in a handbook:
https://www.freebsd.org/doc/handbook/jails.html
However in my opinion since your application is already "all in one"
executable which is written in safe high level language there is little
benefit of using jails in your case. Perhaps running it under a user
with appropriate permissions and quotas, plus setting up a firewall will
be good enough.
I believe jails are more for applications you don't really trust. For
instance if you are creating a shared web hosting or selling VDS'es.
For all this "running everything in a container and only one executable
per container" stupid rules we should be grateful to Docker and people
who sell it. Most of the time you don't need it since it's just doesn't
solve any problem.
--
Best regards,
Aleksander Alekseev
More information about the freebsd-questions
mailing list