[ale] Jails on Linux HOWTO.

[Michael H. Warfield]

On Thu, 2009-03-19 at 21:53 -0400, Michael B. Trausch wrote:
> On Thu, 19 Mar 2009 16:09:15 -0400
> Bob Toxen <transam at VerySecureLinux.com> wrote:

> > Don't forget that root can break out of a chroot jail easily,
> > especially if there is command (shell) access.

> That's one reason that a BSD-like jail facility would be very nice to
> have on a Linux system.

	It's there.  The equivalent of the BSD gaols/jails are the OpenVZ and
Linux Vserver projects which are both very active.  I've used both and I
can highly recommend OpenVZ, which is what I currently have in
production, but Linux Vservers is very good as well, just a little
different management.

> I really have to wonder why there doesn't appear to be such a thing in
> the mainline kernel (and with widespread userland support).  I rather
> like FreeBSD jails and would love to use something like them as a
> lightweight VM (even lighter than UML).

	It's getting there.  A lot of it is already in the mainline kernel as
"namespaces" in the 2.6.28 kernel.  This is being contributed to by both
the OpenVZ and Vserver projects and is ultimately going to take the form
of the Linux LXC containers, which are also usable now, but isn't as
polished and you have to patch the kernel:

LXC: Linux container tools
http://www.linuxtoday.com/news_story.php3?ltsn=2009-02-04-029-35-OS-SW-DV


> 	--- Mike

	Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20090319/93564243/attachment.bin