Re: jail & security

From: Alexey Zakirov (frank@agava.com)
Date: 08/23/01


Date: Thu, 23 Aug 2001 15:40:52 +0400 (MSD)
From: Alexey Zakirov <frank@agava.com>

On Thu, 23 Aug 2001, Igor Melnichuk wrote:

> + Is it nowdays jail is enough security enviroment for multiuser hosting ?

in the some aspects.

> + Is it possible to limit resources allocated by each VM (jail)?

no chances. It's a very pain jail feature (weakness). :(

> + Can I use disk-quota inside VM ?
yes. But you have to do it from the outside of a jail, because quotactl(2)
doesn't work inside jail.

jail(2) is a very helpful for creating a security environment but it
doesn't give 100% warranty.

*** WBR, Alexey Zakirov (frank@agava.com)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message