Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 15 Mar 2016 10:40:18 +0100
From:      Miroslav Lachman <000.fbsd@quip.cz>
To:        "Martin \"eto\" Misuth" <eto.freebsd@ethome.sk>, freebsd-jail@freebsd.org
Subject:   Re: Jail management
Message-ID:  <56E7D882.8060400@quip.cz>
In-Reply-To: <20160225161413.25f17811@eto-mona.office.smartweb.sk>
References:  <ff8307f6-1264-30ec-1ef8-ed3b0a18dd84@ish.com.au> <DFFE2BFC-1D53-457D-A4C3-633418D3690D@erdgeist.org> <0f5cae7e-7de3-2617-fcf6-3423d4caf13a@ish.com.au> <56CAE974.4050508@quip.cz> <0eaf61d4-43e6-265a-f773-820244fc8931@ish.com.au> <20160225161413.25f17811@eto-mona.office.smartweb.sk>
next in thread | previous in thread | raw e-mail | index | archive | help 
Martin "eto" Misuth wrote on 02/25/2016 16:14:
[...]

>   - not sure about Miroslav's problems with freebsd-update, but it seems to work
>     pretty well with -basedir /jail/tree parameter nowadays (there might be
>     corner cases)

Freebsd-update maintains patches for each file in each jail (if you use 
full jails and not shared basejail) so this is IO / space / time consuming.

freebsd-update has some unhandled exceptions which can leave system in 
an inconsistent state. (unbootable) It ended up with mixed files from 
9.x and 10.x on host when updating host.

It was about 2 years ago and it may be fixed. I don't know.

>   - you can have older jail-base run on newest kernel (other way around is not
>     possible)
>   - you can kill many files in given jail to get bare minimal running setup
>     (this seems completely driven by gut, from what I gathered, as some things
>     might have un-obvious dependencies)
>   - you can mount many things into jail read-only (this makes them more rigid
>     and harder to "manage" "live")
>   - jails can have limits on number of procs living in them and can be
>     allowed to be nested(!) (jail-in-jail)
>   - with rctl you can cap resources per jail

Beware of RCTL. We are using it a lot but some of them don't work as one 
can expect from their name and manpage description. Namely memory or 
swapuse. Limiting of processor seems good.

Miroslav Lachman

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56E7D882.8060400>