Date: Thu, 11 Feb 2010 08:30:58 +1100 From: Edwin Groothuis <edwin@mavetju.org> To: Igor Mozolevsky <igor@hybrid-lab.co.uk> Cc: freebsd-stable <freebsd-stable@freebsd.org>, freebsd-doc@freebsd.org Subject: Re: A more secure approach of jail establishment. It could be included in jail chapter of fbsd handbook Message-ID: <20100210213058.GA24555@mavetju.org> In-Reply-To: <a2b6592c1002100510h404268edyb0d270e05529084f@mail.gmail.com> References: <4B72A0DB.5010806@eng.auth.gr> <a2b6592c1002100510h404268edyb0d270e05529084f@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Feb 10, 2010 at 01:10:32PM +0000, Igor Mozolevsky wrote: > I see people are still installing a full blown OS inside their jails? > You do know that it is possible to have a jail with a single program > inside and not much else, as if it were chroot()ed? There are two different kind of purposes for jails: First one is the isolation of single processes, the other one is the isolation of environments. For the first one you are right on the ball on, for the second one you still need the whole userland. Edwin -- Edwin Groothuis Website: http://www.mavetju.org/ edwin@mavetju.org Weblog: http://www.mavetju.org/weblog/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100210213058.GA24555>