From owner-freebsd-questions@FreeBSD.ORG Thu Aug 27 15:03:04 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9EBCB10656A5 for ; Thu, 27 Aug 2009 15:03:04 +0000 (UTC) (envelope-from amvandemore@gmail.com) Received: from mail-yw0-f175.google.com (mail-yw0-f175.google.com [209.85.211.175]) by mx1.freebsd.org (Postfix) with ESMTP id 544048FC3D for ; Thu, 27 Aug 2009 15:03:04 +0000 (UTC) Received: by ywh5 with SMTP id 5so1489125ywh.13 for ; Thu, 27 Aug 2009 08:03:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=K+06Tw7GgX3o1Huoi4VJl6V4nmokgvHdwjWOmQYRQpE=; b=OEG1f1AWcB0QUj7x9HWwlOUB6WKp5MouzovJ3vegBLqx4a35XRy42DMYJqepc7KolX D7PdV82XrH3+CieLFJhB0DO79h4WnCQMTf5Biyq6ONjIDXpyQLTA1jqI66A6VJPEu5w6 q0tD7wh0Iw87SQ67TybZ+feimHVSXnIEi0lYI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=beXnTxslvWQTvvfgFbkoTfznklM1/AEIJDLryJONAPskw4pwIW6/rrybS8NdCIVZuf S44Y3sfQv7TMgb8FgM5Ktk50k1N5r+d34VEGwbWLTpXxwXG82Ec36fNNzCCmO3y/iJBM nccQqZx4usCWt3H88rq37ybeOAH/nUnwEpUbU= MIME-Version: 1.0 Received: by 10.150.113.3 with SMTP id l3mr14519117ybc.90.1251385383224; Thu, 27 Aug 2009 08:03:03 -0700 (PDT) In-Reply-To: <27ade5280908270713g5710797xadb07b5055158808@mail.gmail.com> References: <27ade5280908261959q39aeab15ta300048b861a50f7@mail.gmail.com> <6201873e0908262010n1f554fa6p88895ee4641a5620@mail.gmail.com> <200908271135.13045.erich@apsara.com.sg> <27ade5280908270713g5710797xadb07b5055158808@mail.gmail.com> Date: Thu, 27 Aug 2009 10:03:03 -0500 Message-ID: <6201873e0908270803k639b4742w1211d686607f7e9@mail.gmail.com> From: Adam Vande More To: APseudoUtopia Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: Information on Setting up a Jailed Webserver X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Aug 2009 15:03:04 -0000 On Thu, Aug 27, 2009 at 9:13 AM, APseudoUtopia wrote: > On Wed, Aug 26, 2009 at 11:35 PM, Erich Dollansky > wrote: > > Hi, > > > > On 27 August 2009 am 11:10:37 Adam Vande More wrote: > >> On Wed, Aug 26, 2009 at 9:59 PM, APseudoUtopia > > wrote: > >> > > >> > Also, how memory-intensive is a jail? > >> > >> Very light when compared to other virtualization methods. > > > > jails share the kernel but not the world. > > > > So, there will be only one kernel loaded but all libraries in use > > will be loaded individually by each jail when needed. > > > > Jails need some more disk space as the world, all libraries needed > > and all applications needed are installed individually in each > > jail. > > > > This can be minimised with proper planning of what runs it what > > jail. > > > > Erich > > > > Thanks for the helpful replies. I have a couple of questions: > > When a jail is compromised, the only thing I have to do to recover the > system is delete the jail and create a new one, correct? The host > system is untouched even if a jail is compromised? Really depends on how you're using the jail, but under standard usage yes. > > > And how does the upgrade process work? I know the userland must be the > same for the host system and the jail. If I want to upgrade to, say, > FreeBSD 8 when released, what is the process? I'd imagine it goes > something like this, but I'm not sure: > -Shut down jail > -Upgrade host system > -Install host binaries > -Install jail binaries > -Restart jail > > Or is there more to the process than what it seems? That's the basic process, however as mentioned before checkout ezjail. It makes administering multiple jails much easier and can save you disk space. > > > Thanks again. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > -- Adam Vande More