Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FreeBSD jail vs. User Mode Linux and Linux-vserver



miah:
> As far as FreeBSD Jail, I belive its similar to UML. You end up
> running a completely virtual system inside the host system, which means
> more stuff to maintain. Its cool if you lack the hardware, but I don't
> see it really gaining you anything. You still need to chroot everything
> inside the jail, and the jail does impose some restrictions, but so does
> linux + grsecurity and a properly configured grsecurity ACL. 
> 

The main difference (for my purposes) between UML and jail is that with 
UML, the virtual server's kernel process is separate from the host's 
kernel process; with a jail, there's one kernel running everything.  If 
people were paying me money for shell accounts in which they needed root 
access, I would sleep better using UML.  However, from what I've read of 
the documentation for both, jail would be easier for me to set up and 
administer.  (*BSD puts the kernel, libraries, and all the standard Unix 
utilities in one big source tree, so "make world DESTDIR=/path/to/jail" 
sets up almost everything I would need.)

I'm interested in learning more about mandatory access control systems 
(like they have in grsecurity), and I suspect that a well-configured MAC 
policy will do everything for security that the virtual servers will do. 
  However, I want to get virtual servers working first, because they 
seem harder for a non-wizard like me to screw up.

--sethg





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org