From owner-freebsd-doc@FreeBSD.ORG Wed Feb 10 21:50:09 2010 Return-Path: Delivered-To: freebsd-doc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 237F7106566B; Wed, 10 Feb 2010 21:50:09 +0000 (UTC) (envelope-from edwin@mavetju.org) Received: from k7.mavetju.org (ppp113-58.static.internode.on.net [150.101.113.58]) by mx1.freebsd.org (Postfix) with ESMTP id C7B858FC0A; Wed, 10 Feb 2010 21:50:08 +0000 (UTC) Received: by k7.mavetju.org (Postfix, from userid 1001) id 1E66B45186; Thu, 11 Feb 2010 08:30:58 +1100 (EST) Date: Thu, 11 Feb 2010 08:30:58 +1100 From: Edwin Groothuis To: Igor Mozolevsky Message-ID: <20100210213058.GA24555@mavetju.org> References: <4B72A0DB.5010806@eng.auth.gr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.3i Cc: freebsd-stable , freebsd-doc@freebsd.org Subject: Re: A more secure approach of jail establishment. It could be included in jail chapter of fbsd handbook X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Feb 2010 21:50:09 -0000 On Wed, Feb 10, 2010 at 01:10:32PM +0000, Igor Mozolevsky wrote: > I see people are still installing a full blown OS inside their jails? > You do know that it is possible to have a jail with a single program > inside and not much else, as if it were chroot()ed? There are two different kind of purposes for jails: First one is the isolation of single processes, the other one is the isolation of environments. For the first one you are right on the ball on, for the second one you still need the whole userland. Edwin -- Edwin Groothuis Website: http://www.mavetju.org/ edwin@mavetju.org Weblog: http://www.mavetju.org/weblog/