Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 16 Jan 2010 20:40:28 -0700
From:      "Peter" <>
To:        "Kirk Strauser" <>
Subject:   Re: To jail, or not to jail?
Message-ID:  <>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
> I've been having fun playing with jails on my home server. There's one
> for databases, one for a webserver, another for using as a play shell
> server, etc. We use jails heavily at work for encapsulating services,
> and I can make a pretty good argument there for doing so. In general,
> though, do you see jails as particularly important or useful when not in
> a hosting environment where you're giving root access to an untrusted
> party? How far do you go toward segregating services? Theoretically, you
> could have a jail per daemon, but it seems like down that path lies
> madness.
> --
> Kirk Strauser

For home machine, I don't use any jails.  All services run on host system.

Not in a "hosting" environment with zero "untrusted" users, I still use
'jail'. I can always build 'newjail' duplicate services on it, test, and
very quick switch from 'oldjail' to 'newjail' when all tests come back
clean.  Gives me a lot more room to play around/break things without
effecting running services.
  Try not to have any services on the host system to keep it completely
clean, easy upgrade as I can wipe the OS out [or move HD to new server],
reinstall, mount the jails/zfs and have a running system in minutes.


Want to link to this message? Use this URL: <>