Date: Mon, 15 Aug 2016 22:27:54 +0300 From: Aleksander Alekseev <afiskon@devzen.ru> To: Sergei G <sergeig.public@gmail.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: isolation of GO lang application (jail and chroot) Message-ID: <20160815222754.39c3da1d@e733> In-Reply-To: <CAFLLzCNm4uQS9gPeX32xaZqB%2BfEyhtF3tpf7hsyhm0%2B%2BY7yV5Q@mail.gmail.com> References: <CAFLLzCNm4uQS9gPeX32xaZqB%2BfEyhtF3tpf7hsyhm0%2B%2BY7yV5Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, Sergei There is a good chapter about jails in a handbook: https://www.freebsd.org/doc/handbook/jails.html However in my opinion since your application is already "all in one" executable which is written in safe high level language there is little benefit of using jails in your case. Perhaps running it under a user with appropriate permissions and quotas, plus setting up a firewall will be good enough. I believe jails are more for applications you don't really trust. For instance if you are creating a shared web hosting or selling VDS'es. For all this "running everything in a container and only one executable per container" stupid rules we should be grateful to Docker and people who sell it. Most of the time you don't need it since it's just doesn't solve any problem. -- Best regards, Aleksander Alekseev
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160815222754.39c3da1d>