Skip to topic | Skip to bottom
Home
Freebsd
  • Technorati
Log in

Freebsd.JailEnvironmentr1.3 - 07 Jan 2003 - 15:12 - KirkStrausertopic end
Start of topic | Skip to actions

In FreeBSD, a JailEnvironment is similar to a ChRoot? restriction, except that it adds extra limits to the processes running under it:

  • All networking code is limited to listening to or connecting from the IP address specified when starting the jail.
  • Processes within the jail cannot "see" process that are not inside it.
  • Various syscalls, such as mknod, are disallowed

It's quite possible to establish many JailEnvironments within one running system. For example, you could have a webserver, a mailserver, and a NameServer operating within completely isolated environments. If one of those systems is compromised, the system administrator can shut down that environment without disturbing the others.

It's not terribly difficult to BuildAndUpdateJails once you've done it once or twice. There is a somewhat high-level administration tool, JailAdmin, to assist in the day-to-day operation and monitoring of a server's JailEnvironments.

-- KirkStrauser - 12 Sep 2002

End of topic
Skip to action links | Back to top

ClassForm
TopicClassification: SystemSecurity
OsVersion: 4.x, 5.x, CURRENT


Edit | Attach image or document | Printable version | Raw text | More topic actions
Revisions: | r1.3 | > | r1.2 | > | r1.1 | Total page history | Backlinks
Freebsd.JailEnvironment moved from Freebsd.JailEnvironments on 13 Sep 2002 - 01:47 by KirkStrauser - put it back
You are here: Freebsd > JailAdmin > JailEnvironment

to top

Copyright © 1999-2008 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Subwiki? Send feedback