Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

FreeBSD Jails are conceptually just based on chroot. Their actual design and implementation are a few orders of magnitude more secure.


A few order of magnitudes? Can you be more specific? I'm genuinely wondering what you could be referring to that I've missed.


chroot more or less isn't secure at all. All they're really saying is that Jails aren't built on top of chroot, but rather are a ground-up reimplementation motivated by improving chroot.


Ah! For some reason I thought jails were built on something similar to chroot at the kernel level, meaning that it also came with the same security caveats.

(to be more accurate, I knew that it was not "on top" in the same way as Linux containers are built on top of chroot. )


https://en.wikipedia.org/wiki/Operating_system-level_virtual...

or

https://en.wikipedia.org/wiki/Freebsd_jail


Also the SANE paper:

http://therbelot.free.fr/Install_FreeBSD/jail/jail.pdf


Thanks, I'll check out the specifics.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: