Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FreeBSD jail vs. User Mode Linux and Linux-vserver



Once the post-Christmas inventory clearance season is underway, I am 
planning to order myself a new server.  One thing I'd like to do with 
this machine is partition it into serveral virtual servers, so that even 
if, say, someone exploits a bug in a script running on my Web site, they 
won't be able to trash my email.

FreeBSD has a "jail" command which functions like "chroot", but is more 
restrictive, so that even if someone becomes root in the jail, they 
can't access or modify anything outside the jail (unless they find a 
security hole in the OS kernel itself, of course).  There's a 
"Linux-vserver" project which aims to provide similar features for 
Linux.  Also, there's "User Mode Linux", which can encapsulate a whole 
instance of Linux as a process running as a normal user inside another 
Linux machine.

Based on what I've read, I am leaning toward the FreeBSD version (and 
wishing that OpenBSD had the same thing), because Linux-vserver doesn't 
look like a very mature project, and I'm afraid that UML would have too 
much performance overhead.  On the other hand, if I ever have to pollute 
my home machines with Java again (it's bad enough that I have to use 
Java at work :-), I'd rather run it on Linux.

Does anyone out there have experience with any of these tools (or any 
other way of achieving the same goal)?

--sethg





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org