Date: Mon, 15 Aug 2016 11:58:44 -0700 From: Sergei G <sergeig.public@gmail.com> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: isolation of GO lang application (jail and chroot) Message-ID: <CAFLLzCNm4uQS9gPeX32xaZqB%2BfEyhtF3tpf7hsyhm0%2B%2BY7yV5Q@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi, I have a small web application (using GO language) that I wrote and need to run as a daemon. I would love to expose it to Internet in a safe and secure way. I know I can load a jail (I use qjail) and load application that way. I will then forward requests from nginx to the tail. That's what I typically do. The jail is a mini copy of operating system with application running inside of it. I'd like to lighten the configuration effort. chroot comes to mind, but I have not done that. Do I have to code chroot as a system call from inside my GO language application? Or can I chroot just like I do jails? Can I jail just a single process without setting up a copy of operating system? That's what ideally I would like to do. My application does open a TCP/IP socket for serving data and works with local file system. Do you have any recommendation? Thank you
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFLLzCNm4uQS9gPeX32xaZqB%2BfEyhtF3tpf7hsyhm0%2B%2BY7yV5Q>