Goals
FreeBSD jails mainly aim at three goals:
- Virtualization: Each jail is a virtual environment running on the host machine with its own files, processes, user and superuser accounts. From within a jailed process, the environment is (almost) indistinguishable from a real system.
- Security: Each jail is sealed from the others, thus providing an additional level of security.
- Ease of delegation: The limited scope of a jail allows system administrators to delegate several tasks which require superuser access without handing out complete control over the system.
Unlike common chroot jail, which restricts processes to a particular view of the filesystem, the FreeBSD jail mechanism restrict what a process in a jail can do in relation to the rest of the system. In effect, jailed processes are sandboxed. They are bound to specific IP addresses, and a jailed process cannot access to divert or routing sockets. Raw sockets are also disabled by default, but may be enabled by setting the security.jail.allow_raw_sockets sysctl option. Additionally, interaction between processes that are not running in the same jail is restricted.
The jail(8) utility and jail(2) system call first appeared in FreeBSD 4.0. New utilities (for example jls(8) to list jails) and system calls (for example jail_attach(2) to attach a new process to a jail) that render jail management much easier were added in FreeBSD 5.1. The jail subsystem has been significantly updated for FreeBSD 7.2, including support for multiple IPv4 and IPv6 addresses per jail and support for binding jails to specific CPUs.
Read more about this topic: Free BSD Jail
Famous quotes containing the word goals:
“Our ego ideal is precious to us because it repairs a loss of our earlier childhood, the loss of our image of self as perfect and whole, the loss of a major portion of our infantile, limitless, ain’t-I-wonderful narcissism which we had to give up in the face of compelling reality. Modified and reshaped into ethical goals and moral standards and a vision of what at our finest we might be, our dream of perfection lives on—our lost narcissism lives on—in our ego ideal.”
—Judith Viorst (20th century)
“Whoever sincerely believes that elevated and distant goals are as little use to man as a cow, that “all of our problems” come from such goals, is left to eat, drink, sleep, or, when he gets sick of that, to run up to a chest and smash his forehead on its corner.”
—Anton Pavlovich Chekhov (1860–1904)
“We should stop looking to law to provide the final answer.... Law cannot save us from ourselves.... We have to go out and try to accomplish our goals and resolve disagreements by doing what we think is right. That energy and resourcefulness, not millions of legal cubicles, is what was great about America. Let judgment and personal conviction be important again.”
—Philip K. Howard, U.S. lawyer. The Death of Common Sense: How Law Is Suffocating America, pp. 186-87, Random House (1994)