A more secure approach of jail establishment. It could be included in jail chapter of fbsd handbook
Edwin Groothuis
edwin at mavetju.org
Wed Feb 10 21:50:09 UTC 2010
On Wed, Feb 10, 2010 at 01:10:32PM +0000, Igor Mozolevsky wrote:
> I see people are still installing a full blown OS inside their jails?
> You do know that it is possible to have a jail with a single program
> inside and not much else, as if it were chroot()ed?
There are two different kind of purposes for jails:
First one is the isolation of single processes, the other one is
the isolation of environments.
For the first one you are right on the ball on, for the second one
you still need the whole userland.
Edwin
--
Edwin Groothuis Website: http://www.mavetju.org/
edwin at mavetju.org Weblog: http://www.mavetju.org/weblog/
More information about the freebsd-doc
mailing list