Date: Tue, 25 Jun 2013 23:26:36 GMT From: Alex Weber <alexwebr@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: docs/179988: ThwackAFAQ - sandbox Message-ID: <201306252326.r5PNQadA090907@oldred.freebsd.org> Resent-Message-ID: <201306252330.r5PNU0rM046402@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 179988 >Category: docs >Synopsis: ThwackAFAQ - sandbox >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Tue Jun 25 23:30:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Alex Weber >Release: >Organization: >Environment: >Description: This is a (potential) fix for part of the ThwackAFAQ 'red' section on sandboxes. It adds a description of the jail feature in FreeBSD, but does not address the other issues. >How-To-Repeat: >Fix: Patch included with this PR. Patch attached with submission follows: Index: en_US.ISO8859-1/books/faq/book.xml =================================================================== --- en_US.ISO8859-1/books/faq/book.xml (revision 42051) +++ en_US.ISO8859-1/books/faq/book.xml (working copy) @@ -5889,6 +5889,21 @@ it serves to firewall the process off from processes owned by other users. The user ID is also used to firewall off on-disk data.</para> + + <para>In addition to process and userid sandboxes offered by + the &unix; operating system, &os; provides the &man.jail.8; + feature, a secure, fast implementation of <ulink + url="https://en.wikipedia.org/wiki/Operating_system-level_virtualization"> + operating system-level virtualization</ulink>. This + allows a single &os; computer to run one or more guest &os; + system images with their own users, IP addresses, and + processes. Unlike &man.chroot.8;-based sandboxing, + processes are permanently confined to the jail they were + started in (including those owned by the jail's root user), + and cannot affect processes in other jails or the host + system. While the &man.jail.8; feature is unique to &os;, it + is similar to Solaris Zones, AIX Workload Partitions, and + Linux Containers.</para> </answer> </qandaentry> >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201306252326.r5PNQadA090907>