From owner-freebsd-questions@FreeBSD.ORG Thu Aug 27 14:14:06 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 09C18106568E for ; Thu, 27 Aug 2009 14:14:06 +0000 (UTC) (envelope-from apseudoutopia@gmail.com) Received: from mail-bw0-f206.google.com (mail-bw0-f206.google.com [209.85.218.206]) by mx1.freebsd.org (Postfix) with ESMTP id 8AB248FC2F for ; Thu, 27 Aug 2009 14:14:05 +0000 (UTC) Received: by bwz2 with SMTP id 2so920159bwz.43 for ; Thu, 27 Aug 2009 07:14:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :from:date:message-id:subject:to:content-type :content-transfer-encoding; bh=SfQp/M81sYGzDP9fAfOCaVHumInFr39XhvMxrpNF6Ko=; b=vsDlOCGij3RMTEJrF95i0cp3dySotndJwR3slfHILWRvE3AmFMSbUaUMjwlV9/K4gS KUVas04BP0ZedGsMiF13MRsHhMaAAtUn1wD3LzlvwCISlbh+Gz9vxcjkiwGzCsbh+7qS yWHL7hmS5GUeVOJys+Jgwj93jMW2KExnBIzss= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type:content-transfer-encoding; b=sPPygUbIVds1H6ah13QhY7naQnQZsO/d+tj3uOZLa+mC+0t4XTd5/i1VXauHrhkS7x R4LK9GuPb7ugI6N6vBeTv7j0Ktsixb+epURtsIuqIUBRLdALQWsboyV50QjFF0Ev1Dqr QOa1waI7VxCfmsxrV6f6m087bpskUZZakL0tE= MIME-Version: 1.0 Received: by 10.204.160.86 with SMTP id m22mr4837882bkx.82.1251382444272; Thu, 27 Aug 2009 07:14:04 -0700 (PDT) In-Reply-To: <200908271135.13045.erich@apsara.com.sg> References: <27ade5280908261959q39aeab15ta300048b861a50f7@mail.gmail.com> <6201873e0908262010n1f554fa6p88895ee4641a5620@mail.gmail.com> <200908271135.13045.erich@apsara.com.sg> From: APseudoUtopia Date: Thu, 27 Aug 2009 10:13:44 -0400 Message-ID: <27ade5280908270713g5710797xadb07b5055158808@mail.gmail.com> To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: Re: Information on Setting up a Jailed Webserver X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Aug 2009 14:14:06 -0000 On Wed, Aug 26, 2009 at 11:35 PM, Erich Dollansky wrote: > Hi, > > On 27 August 2009 am 11:10:37 Adam Vande More wrote: >> On Wed, Aug 26, 2009 at 9:59 PM, APseudoUtopia > wrote: >> > >> > Also, how memory-intensive is a jail? >> >> Very light when compared to other virtualization methods. > > jails share the kernel but not the world. > > So, there will be only one kernel loaded but all libraries in use > will be loaded individually by each jail when needed. > > Jails need some more disk space as the world, all libraries needed > and all applications needed are installed individually in each > jail. > > This can be minimised with proper planning of what runs it what > jail. > > Erich > Thanks for the helpful replies. I have a couple of questions: When a jail is compromised, the only thing I have to do to recover the system is delete the jail and create a new one, correct? The host system is untouched even if a jail is compromised? And how does the upgrade process work? I know the userland must be the same for the host system and the jail. If I want to upgrade to, say, FreeBSD 8 when released, what is the process? I'd imagine it goes something like this, but I'm not sure: -Shut down jail -Upgrade host system -Install host binaries -Install jail binaries -Restart jail Or is there more to the process than what it seems? Thanks again.