pavement

Jail Facility

From FreeBSDwiki
(Difference between revisions)
Jump to: navigation, search
(Jail Facility: links; format)
 
Line 1: Line 1:
  
== Jail Facility ==
+
The '''jail facility''' is the creation of a special purpose [[jails|jail]] directory tree containing an entire FreeBSD distribution. Any processes run are confined to the jail directory tree, because the parent directory of the jail is chrooted.
 
+
The jail facility is the creation of a special purpose jail directory tree containing an entire FreeBSD distribution. Any processes run are confined to the jail directory tree, because the parent directory of the jail is chrooted.
+
  
 
The FreeBSD handbook describes the Manual method of creating Jails, but its hard to understand and very easy to make mistakes doing things by hand.   
 
The FreeBSD handbook describes the Manual method of creating Jails, but its hard to understand and very easy to make mistakes doing things by hand.   
  
 +
==qtjail==
 
The port qjail utility is used to deploy small or large numbers of jails quickly.
 
The port qjail utility is used to deploy small or large numbers of jails quickly.
 
   
 
   
 
 
Qjail [ q = quick ] is a 4th generation wrapper for the basic chroot jail system that includes security and performance enhancements. Plus a new level of "user friendliness" enhancements dealing with deploying just a few jails or large jail environments consisting of 100's of jails.  
 
Qjail [ q = quick ] is a 4th generation wrapper for the basic chroot jail system that includes security and performance enhancements. Plus a new level of "user friendliness" enhancements dealing with deploying just a few jails or large jail environments consisting of 100's of jails.  
  
Line 26: Line 24:
  
 
Qjail reduces the complexities of jail deployments to the novice level. Qjail has a fully documented manpage written for easy comprehension. Details are given to felicitate the use of qjail's capabilities to the fullest extent possible.
 
Qjail reduces the complexities of jail deployments to the novice level. Qjail has a fully documented manpage written for easy comprehension. Details are given to felicitate the use of qjail's capabilities to the fullest extent possible.
 
  
 
'''Full details can be found on the  
 
'''Full details can be found on the  
 
[http://qjail.sourceforge.net/ qjail project website].'''
 
[http://qjail.sourceforge.net/ qjail project website].'''
  
 +
==See also==
 +
* [[ezjail]]
  
 
[[Category:Securing FreeBSD]]
 
[[Category:Securing FreeBSD]]
 
[[Category:FreeBSD for Servers]]
 
[[Category:FreeBSD for Servers]]
 
[[Category:Configuring FreeBSD]]
 
[[Category:Configuring FreeBSD]]

Latest revision as of 20:17, 6 March 2015

The jail facility is the creation of a special purpose jail directory tree containing an entire FreeBSD distribution. Any processes run are confined to the jail directory tree, because the parent directory of the jail is chrooted.

The FreeBSD handbook describes the Manual method of creating Jails, but its hard to understand and very easy to make mistakes doing things by hand.

[edit] qtjail

The port qjail utility is used to deploy small or large numbers of jails quickly.

Qjail [ q = quick ] is a 4th generation wrapper for the basic chroot jail system that includes security and performance enhancements. Plus a new level of "user friendliness" enhancements dealing with deploying just a few jails or large jail environments consisting of 100's of jails.

Qjail eliminates all the jail rc.conf configuration statements normally required to define jails using the "jail" command. Qjail requires no knowledge of the jail command usage.

Qjail automatically populates each newly created jail with the host files necessary to gain network access from the jails first start.

It uses "nullfs" for read-only system binaries, sharing one copy of them with all the jails.

Uses "mdconfig" to create sparse image jails. Sparse image jails provide a method to limit the total disk space a jail can consume, while only occupying the physical disk space of the sum size of the files in the image jail.

Ability to assign IP address with their network device name, so aliases are auto created on jail start and auto removed on jail stop.

Ability to create "ZONE"s of identical qjail systems, each with their own group of jails.

Ability to designate a portion of the jail name as a group prefix so the command being executed will apply to only those jail names matching that prefix.

Qjail reduces the complexities of jail deployments to the novice level. Qjail has a fully documented manpage written for easy comprehension. Details are given to felicitate the use of qjail's capabilities to the fullest extent possible.

Full details can be found on the qjail project website.

[edit] See also

Personal tools