Date: Thu, 27 Aug 2009 12:28:26 -0400 From: APseudoUtopia <apseudoutopia@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: Information on Setting up a Jailed Webserver Message-ID: <27ade5280908270928s256bed30s2cc75587b22577b1@mail.gmail.com> In-Reply-To: <6201873e0908270803k639b4742w1211d686607f7e9@mail.gmail.com> References: <27ade5280908261959q39aeab15ta300048b861a50f7@mail.gmail.com> <6201873e0908262010n1f554fa6p88895ee4641a5620@mail.gmail.com> <200908271135.13045.erich@apsara.com.sg> <27ade5280908270713g5710797xadb07b5055158808@mail.gmail.com> <6201873e0908270803k639b4742w1211d686607f7e9@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 27, 2009 at 11:03 AM, Adam Vande More<amvandemore@gmail.com> wr= ote: > On Thu, Aug 27, 2009 at 9:13 AM, APseudoUtopia <apseudoutopia@gmail.com> > wrote: >> >> On Wed, Aug 26, 2009 at 11:35 PM, Erich Dollansky<erich@apsara.com.sg> >> wrote: >> > Hi, >> > >> > On 27 August 2009 am 11:10:37 Adam Vande More wrote: >> >> On Wed, Aug 26, 2009 at 9:59 PM, APseudoUtopia >> > <apseudoutopia@gmail.com>wrote: >> >> > >> >> > Also, how memory-intensive is a jail? >> >> >> >> Very light when compared to other virtualization methods. >> > >> > jails share the kernel but not the world. >> > >> > So, there will be only one kernel loaded but all libraries in use >> > will be loaded individually by each jail when needed. >> > >> > Jails need some more disk space as the world, all libraries needed >> > and all applications needed are installed individually in each >> > jail. >> > >> > This can be minimised with proper planning of what runs it what >> > jail. >> > >> > Erich >> > >> >> Thanks for the helpful replies. I have a couple of questions: >> >> When a jail is compromised, the only thing I have to do to recover the >> system is delete the jail and create a new one, correct? The host >> system is untouched even if a jail is compromised? > > Really depends on how you're using the jail, but under standard usage yes= . >> >> >> And how does the upgrade process work? I know the userland must be the >> same for the host system and the jail. If I want to upgrade to, say, >> FreeBSD 8 when released, what is the process? I'd imagine it goes >> something like this, but I'm not sure: >> -Shut down jail >> -Upgrade host system >> -Install host binaries >> -Install jail binaries >> -Restart jail >> >> Or is there more to the process than what it seems? > > That's the basic process, however as mentioned before checkout ezjail.=C2= =A0 It > makes administering multiple jails much easier and can save you disk spac= e. >> >> >> Thanks again. Ok, thanks. Two more questions then I should be ready to go with my jail(s). In order to minimize the HDD space of the jail, can I add things in my src.conf such as WITHOUT_BOOT, WITHOUT_ACPI, WITHOUT_PF? I do use pf on the host system, but it isn't needed inside the jail as well, correct? Also, is it possible to compile a port (specifically nginx) inside the host, then simply cp it into the jail and run it? I'd like to do this to avoid installing a compiler into the jail itself. Thanks again for the help.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?27ade5280908270928s256bed30s2cc75587b22577b1>