From owner-freebsd-questions@FreeBSD.ORG  Tue Feb  2 04:19:13 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0DD921065670
	for <freebsd-questions@freebsd.org>;
	Tue,  2 Feb 2010 04:19:13 +0000 (UTC)
	(envelope-from erichfreebsdlist@ovitrap.com)
Received: from nomoremozzie.com (nomoremozzie.com [67.212.226.44])
	by mx1.freebsd.org (Postfix) with ESMTP id CFD668FC12
	for <freebsd-questions@freebsd.org>;
	Tue,  2 Feb 2010 04:19:12 +0000 (UTC)
Received: from [192.168.0.110] ([180.129.84.247]) (authenticated bits=0)
	by nomoremozzie.com (8.13.1/8.13.1) with ESMTP id o124J5Br014042;
	Mon, 1 Feb 2010 21:19:07 -0700
From: Erich Dollansky <erichfreebsdlist@ovitrap.com>
To: freebsd-questions@freebsd.org
Date: Tue, 2 Feb 2010 12:18:54 +0800
User-Agent: KMail/1.9.10
References: <20100201205427.T36480@fw.skeleton.org>
In-Reply-To: <20100201205427.T36480@fw.skeleton.org>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <201002021218.55772.erichfreebsdlist@ovitrap.com>
Cc: Jeff Mitchell <skeezix@skeleton.org>
Subject: Re: How far to go with jailing?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Feb 2010 04:19:13 -0000

Hi,

On 02 February 2010 am 09:57:13 Jeff Mitchell wrote:
> 
>  	Strikes me that setting up jails for bloody-well-every-other 
> service might be 'fun' ..
> 
it is just your work. As there is still only a single kernel running, there is no real difference.

But you must maintain every jail as every jail uses its own world.

I use jails once in a while. They give a good feeling and do not cost much to setup.

But - a big but - you must make sure that the data stays consistant over the jails. Jailing a webserver is not a problem. But putting file-servers for different protocols into different jails might be a problem. Letting different jails run accessing the same data, does not make sense for me.

Erich