Date: Thu, 10 Feb 2022 10:54:05 +0000 From: Norman Gray <gray@nxg.name> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Jail, and specifically iocage, best practices -- summary Message-ID: <CC4ED236-756B-4C1E-90BE-F2AA66752599@nxg.name> In-Reply-To: <DFC3D35A-BDC4-4769-8DE3-54FEDD85042C@nxg.name> References: <DFC3D35A-BDC4-4769-8DE3-54FEDD85042C@nxg.name>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, all.
On 6 Feb 2022, at 12:58, Norman Gray wrote:
> Greetings.
>
> On the freebsd-questions list recently, there was a useful thread about=
freebsd-update and jails. This prompts a related question of mine.
>
> Is there anywhere a collection of recommended practices with respect to=
jails?
Thanks, everyone, for very useful comments on this.
I don't want to repeat everyone's suggestions, though I encourage people =
to look at the thread [1]. But the things that particularly stood out fo=
r me are:
* Several people mentioned that Lucas's Jails book [2] does cover iocag=
e! We have a copy of this book on the shelf, and now I can get my hands =
on it again, physically, I see 'iocage' all over the ToC, whereas I'd pre=
viously convinced myself it was jail(8)-only. I feel rather foolish abou=
t that...
* Peter Boosten said 'use a mix', suggesting that it's reasonable to us=
e a script to set up a jail, and then unscripted tools to manage it there=
after. That is, a script isn't (necessarily) locking you into a particul=
ar way of managing these, and it's reassuring to be reminded, in particul=
ar, that ezjail/iocage/... aren't adding any particular secret sauce to t=
he jail.
There was also a mention of iocell [3], as a fork of iocage. I'm always =
a bit nervous of forks, and note that the iocell documentation doesn't me=
ntion the circumstances of the fork (and I remember the ezjail/qjail unpl=
easantness of a few years ago). Is there a story here?
It sounds as if a one line summary of the thread (acknowledging that ther=
e isn't a universal consensus here) is:
You won't go far wrong with iocage; buy Lucas's Jails book.
Thanks again, everyone. Best wishes,
Norman
[1] https://lists.freebsd.org/archives/freebsd-questions/2022-February/00=
0622.html
[2] [FreeBSD Mastery: Jails](https://mwl.io/nonfiction/os#fmjail)
[3] https://iocell.readthedocs.io/en/latest/
-- =
Norman Gray : https://nxg.me.uk
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CC4ED236-756B-4C1E-90BE-F2AA66752599>