[nycbug-talk] FreeBSD jail docs/faqs (5.x)

Charles Sprickman spork
Wed Mar 23 21:02:10 EST 2005 

Hi all,

I finally got the last of the parts in for a new shell server, and one thing 
that's really integral to my planning of how we're going to divvy things up on 
that box is me getting up to speed on jails under FreeBSD.

In general, my Google skills have just been going downhill, and it really 
shows in this case.  I'm simply trying to find something that's a higher 
level overview of things, and something that goes into real-world 
experiences more than the manpages do.  And of course, something that is 
specific to 5.x - I found a good amount of stuff on 4.x.  So if you've got 
any favorite HOWTOs, FAQs, etc. forward them on.  If I get a good 
collection, perhaps I could submit a doc to the nycbug site that combines 
the best information from all of them.

You may be wondering "why jails on a shell server?" and that's surely a good 
question.   I've got big plans for this box.  We're putting a huge amount of 
storage on it and launching a number of new services.  It will provide shell 
access for customers that want that sort of thing, it will house member web 
pages, offer a simple to setup blog solution, and possibly offer backup 
services via AFP (we have many Mac customers) and Samba.  Ideally I'd like to 
have each major service in a jail.  I know it can be done without jails, and I 
know that jails are not perfect security, but I want to run with the "onion 
security" paradigm:  security is best when you have many layers, and jails 
would be one of those layers.  My biggest concern is sharing filesystems across 
jails.  There was recently some talk about "mount_union" and "nullfs" on 
-hackers that kind of indicated there's some issues there.  If anyone has some 
docs that outline what works and what doesn't as far as sharing filesystems 
safely and efficiently across jails, that's one of my major stumbling blocks.

Thanks,

Charles

___
Charles Sprickman
NetEng/SysAdmin
Bway.net - New York's Best Internet - www.bway.net
spork at bway.net - 212.655.9344

More information about the talk mailing list