Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 12 Mar 2007 22:12:27 +0100
From:      =?ISO-8859-1?Q?Andras_G=F3t?= <andrej@antiszoc.hu>
To:        FreeBSD Stable List <freebsd-stable@freebsd.org>
Subject:   Re: Xen Dom0, are we making progress?
Message-ID:  <45F5C23B.8040303@antiszoc.hu>
In-Reply-To: <ef10de9a0703121334t3af7daecw977dc1916d86ba52@mail.gmail.com>
References:  <ef10de9a0703121216k1035481bwc7df222a92b44400@mail.gmail.com>	<op.to3c4aos8527sy@guido.klop.ws> <ef10de9a0703121334t3af7daecw977dc1916d86ba52@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Nikolas Britton wrote:
> On 3/12/07, Ronald Klop <ronald-freebsd8@klop.yi.org> wrote:
>> On Mon, 12 Mar 2007 20:16:32 +0100, Nikolas Britton
>> <nikolas.britton@gmail.com> wrote:
>>
>> > Is FreeBSD making any progress in Xen Dom0 / Intel VT support? I'd
>> > really like to consolidate some underutilized FreeBSD servers. Are
>> > their any alternative solutions that will enable me to do this kind of
>> > stuff with FreeBSD, or would it be better to go with Solaris Dom0 +
>> > FreeBSD DomU?
>>
>> http://docs.freebsd.org/44doc/papers/jail/jail.html
>> google: jail freebsd
>>
>
> Yes I'd like to know more about jails, is there a high level /
> executive summary type document that I can read somewhere? From what I
> remember jails are mostly designed to partition stuff... for security
> reasons.
>
> What I'd really love to do is split up each service (httpd, postgres,
> samba/nfs,  ldap/nis, asterisk, etc.) into discrete virtual machines.
> It's too much work trying to make them all play nice on one system,
> especially during upgrades. As it is right now I don't upgrade any
> services once a system is in production use.
> _______________________________________________
> freebsd-stable@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
>

Hi,

For first read man jail. :) Apache, bind, mysql and postfix run fine in 
a jail. For postgres you've to turn on the jail.ipc.
This is basicly not so bad, but definitely reduces security. For 
samba/nfs/ldap/nis and asterisk I don't have the experience, but if they 
not need ipc, they'll run fine out of the box. In jails I suggest that 
you mount your ports tree with some nullfs mount. With this you'll save 
some hd capacity. (The installed port list is in /var, not in 
/usr/ports.) In jails you can't do resource control, so keep that in mind.

Regards,
Andras





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45F5C23B.8040303>