jail performance questions
Uwe Doering
gemini at geminix.org
Fri Jul 11 00:57:36 PDT 2003
V. Jones wrote:
> I'm thinking of using jails to improve security on a server
> I am setting up. Specifically, I would like to put Apache/PHP
> in a jail, but I might like to set up 2-3 different jails for
> different purposes.
>
> I've found several examples showing how to set the jails up.
> My questions involve system requirements. Assuming plenty of
> disk space, 1GB ram and a dual processor PIII 1.13Ghz system,
> how many jails can I run? Would I notice a significant
> performance hit if, for example, I run three jails?
Running processes in a jail just marks them as belonging to the
respective jail, so they are restricted in what they can do to resources
outside the scope of that jail. If you have 100 jails with one process
each it is basically the same as if you had 100 processes running in a
non-jail environment.
There is, of course, the slight overhead of the jail(2) system call, but
if you don't start new jails all the time you won't notice that at all.
So, as to server performance, it all depends on how much processes you
have, and how much work they have to do. For the server there is no
difference between jailed and non-jailed environments in this regard.
The load will be the same.
Uwe
--
Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers
gemini at geminix.org | http://www.escapebox.net
More information about the freebsd-security
mailing list