首页 > 云安全 > FreeBSD Jails feature

FreeBSD Jails feature

2015年12月17日 baoz 阅读评论

窃以为docker是和freebsd jail很类似的东西,更详细的看 https://wiki.freebsd.org/Jails 和 https://www.freebsd.org/cgi/man.cgi?jail

Considered stable technology, since it is a feature inside FreeBSD since 4.0;
It takes the best of ZFS filesystem at the point where you could clone jails and create jail templates to easily deploy more jails. Some more ZFS madness;
Well documented, and evolving;
Hierarchical Jails allow you to create jails inside a jail (we need to go deeper!). Combine with allow.mount.zfs to achieve more power, and other variables like children.max do define max children jails.
rctl(8) will handle resource limits of jails (memory, CPU, disk, …);
FreeBSD jails handle Linux userspace;
Network isolation with vnet, allowing each jail to have its own network stack, interfaces, addressing and routing tables;
nullfs to help linking folders to ones that are located on the real server to inside a jail;
ezjail utility to help mass deployments and management of jails;
Lots of kernel tunables (sysctl). security.jail.allow.* parameters will limit the actions of the root user of that jail.
Maybe, FreeBSD jails will extend some of the VPS project features like live migration in a near future.
There is some effort of ZFS and Docker integration running. Still experimental.
Alternatives: FreeBSD VPS project

  1. 本文目前尚无任何评论.