July 1st, 2007
My first jail
Yesterday I got the time to build a partitioned FreeBSD installation into a sandbox that we call “Jail”. This logical partition in which a BSD system can run quite independently from other instances on the same physical host seems what Sun Microsystems calls “Solaris Containers”: all processes running in the jail are not allowed to interact with the programs of the outside world, neither access the file system of the host or the others jailed machines. With this type of operating system-level virtualization all guests rely on the kernel of the host OS to run at the physical machine speed. Obviously we cannot gain the same isolation that a fully virtualized guest can achieve with Virtual Server, Xen or VMWare, but the performance of the guest are amazing and if the jail’s level of isolation is enough for you, this solution is one of the most exciting in the world of BSD operating systems: once I’ve “build the world” for the first jailed system and I’ve made a compressed tarball of its file system (about 52 Mb), I became able to set up any number of new BSD servers in about 3 minutes for each!!
A good start point to learn about the Jail system is obviously in the Handbook, but you can find other useful information all around the Net (I’ll post new links as soon as I’ll find some interesting ones):
I’ve found some interesting articles by searching on the Windows Live Search engine.
You can also find some useful tools to manage jails in the sysutils section of the Ports Collection.