Date: Sun, 17 Jan 2010 14:05:47 +0100 From: Ruben de Groot <mail25@bzerk.org> To: Kirk Strauser <kirk@strauser.com> Cc: freebsd-questions@freebsd.org Subject: Re: To jail, or not to jail? Message-ID: <20100117130547.GA60117@ei.bzerk.org> In-Reply-To: <4B525827.1090309@strauser.com> References: <4B525827.1090309@strauser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jan 16, 2010 at 06:21:59PM -0600, Kirk Strauser typed: > I've been having fun playing with jails on my home server. There's one > for databases, one for a webserver, another for using as a play shell > server, etc. We use jails heavily at work for encapsulating services, > and I can make a pretty good argument there for doing so. In general, > though, do you see jails as particularly important or useful when not in > a hosting environment where you're giving root access to an untrusted > party? How far do you go toward segregating services? Theoretically, you > could have a jail per daemon, but it seems like down that path lies madness. Not long ago, I've setup some development servers with ezjail where different developers can each rapidly create standard jailed environments and do their dev and test work there, and discard them when they're finished. Next to hosting, I believe this is another environment where jailing is a great advantage. Ruben
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100117130547.GA60117>