On Thu, Aug 27, 2009 at 11:03 AM, Adam Vande More<[email protected]> wrote: > On Thu, Aug 27, 2009 at 9:13 AM, APseudoUtopia <[email protected]> > wrote: >> >> On Wed, Aug 26, 2009 at 11:35 PM, Erich Dollansky<[email protected]> >> wrote: >> > Hi, >> > >> > On 27 August 2009 am 11:10:37 Adam Vande More wrote: >> >> On Wed, Aug 26, 2009 at 9:59 PM, APseudoUtopia >> > <[email protected]>wrote: >> >> > >> >> > Also, how memory-intensive is a jail? >> >> >> >> Very light when compared to other virtualization methods. >> > >> > jails share the kernel but not the world. >> > >> > So, there will be only one kernel loaded but all libraries in use >> > will be loaded individually by each jail when needed. >> > >> > Jails need some more disk space as the world, all libraries needed >> > and all applications needed are installed individually in each >> > jail. >> > >> > This can be minimised with proper planning of what runs it what >> > jail. >> > >> > Erich >> > >> >> Thanks for the helpful replies. I have a couple of questions: >> >> When a jail is compromised, the only thing I have to do to recover the >> system is delete the jail and create a new one, correct? The host >> system is untouched even if a jail is compromised? > > Really depends on how you're using the jail, but under standard usage yes. >> >> >> And how does the upgrade process work? I know the userland must be the >> same for the host system and the jail. If I want to upgrade to, say, >> FreeBSD 8 when released, what is the process? I'd imagine it goes >> something like this, but I'm not sure: >> -Shut down jail >> -Upgrade host system >> -Install host binaries >> -Install jail binaries >> -Restart jail >> >> Or is there more to the process than what it seems? > > That's the basic process, however as mentioned before checkout ezjail. It > makes administering multiple jails much easier and can save you disk space. >> >> >> Thanks again.
Ok, thanks. Two more questions then I should be ready to go with my jail(s). In order to minimize the HDD space of the jail, can I add things in my src.conf such as WITHOUT_BOOT, WITHOUT_ACPI, WITHOUT_PF? I do use pf on the host system, but it isn't needed inside the jail as well, correct? Also, is it possible to compile a port (specifically nginx) inside the host, then simply cp it into the jail and run it? I'd like to do this to avoid installing a compiler into the jail itself. Thanks again for the help. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[email protected]"
