Free BSD Jail - Goals

Goals

FreeBSD jails mainly aim at three goals:

  1. Virtualization: Each jail is a virtual environment running on the host machine with its own files, processes, user and superuser accounts. From within a jailed process, the environment is (almost) indistinguishable from a real system.
  2. Security: Each jail is sealed from the others, thus providing an additional level of security.
  3. Ease of delegation: The limited scope of a jail allows system administrators to delegate several tasks which require superuser access without handing out complete control over the system.

Unlike common chroot jail, which restricts processes to a particular view of the filesystem, the FreeBSD jail mechanism restrict what a process in a jail can do in relation to the rest of the system. In effect, jailed processes are sandboxed. They are bound to specific IP addresses, and a jailed process cannot access to divert or routing sockets. Raw sockets are also disabled by default, but may be enabled by setting the security.jail.allow_raw_sockets sysctl option. Additionally, interaction between processes that are not running in the same jail is restricted.

The jail(8) utility and jail(2) system call first appeared in FreeBSD 4.0. New utilities (for example jls(8) to list jails) and system calls (for example jail_attach(2) to attach a new process to a jail) that render jail management much easier were added in FreeBSD 5.1. The jail subsystem has been significantly updated for FreeBSD 7.2, including support for multiple IPv4 and IPv6 addresses per jail and support for binding jails to specific CPUs.

Read more about this topic:  Free BSD Jail

Famous quotes containing the word goals:

    Let us beware of saying there are laws in nature. There are only necessities: there is no one to command, no one to obey, no one to transgress. When you realize there are no goals or objectives, then you realize, too, that there is no chance: for only in a world of objectives does the word “chance” have any meaning.
    Friedrich Nietzsche (1844–1900)

    Whoever sincerely believes that elevated and distant goals are as little use to man as a cow, that “all of our problems” come from such goals, is left to eat, drink, sleep, or, when he gets sick of that, to run up to a chest and smash his forehead on its corner.
    Anton Pavlovich Chekhov (1860–1904)

    If you really think about it, everything is wonderful in this world, everything except for our thoughts and deeds when we forget about the loftier goals of existence, about our human dignity.
    Anton Pavlovich Chekhov (1860–1904)