Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 27 Aug 2009 10:13:44 -0400
From:      APseudoUtopia <apseudoutopia@gmail.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: Information on Setting up a Jailed Webserver
Message-ID:  <27ade5280908270713g5710797xadb07b5055158808@mail.gmail.com>
In-Reply-To: <200908271135.13045.erich@apsara.com.sg>
References:  <27ade5280908261959q39aeab15ta300048b861a50f7@mail.gmail.com>  <6201873e0908262010n1f554fa6p88895ee4641a5620@mail.gmail.com>  <200908271135.13045.erich@apsara.com.sg>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Aug 26, 2009 at 11:35 PM, Erich Dollansky<erich@apsara.com.sg> wrote:
> Hi,
>
> On 27 August 2009 am 11:10:37 Adam Vande More wrote:
>> On Wed, Aug 26, 2009 at 9:59 PM, APseudoUtopia
> <apseudoutopia@gmail.com>wrote:
>> >
>> > Also, how memory-intensive is a jail?
>>
>> Very light when compared to other virtualization methods.
>
> jails share the kernel but not the world.
>
> So, there will be only one kernel loaded but all libraries in use
> will be loaded individually by each jail when needed.
>
> Jails need some more disk space as the world, all libraries needed
> and all applications needed are installed individually in each
> jail.
>
> This can be minimised with proper planning of what runs it what
> jail.
>
> Erich
>

Thanks for the helpful replies. I have a couple of questions:

When a jail is compromised, the only thing I have to do to recover the
system is delete the jail and create a new one, correct? The host
system is untouched even if a jail is compromised?

And how does the upgrade process work? I know the userland must be the
same for the host system and the jail. If I want to upgrade to, say,
FreeBSD 8 when released, what is the process? I'd imagine it goes
something like this, but I'm not sure:
-Shut down jail
-Upgrade host system
-Install host binaries
-Install jail binaries
-Restart jail

Or is there more to the process than what it seems?

Thanks again.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?27ade5280908270713g5710797xadb07b5055158808>