mirror of
https://git.FreeBSD.org/ports.git
synced 2024-12-19 03:52:17 +00:00
35 lines
1.7 KiB
Plaintext
35 lines
1.7 KiB
Plaintext
This qjail version only supports RELEASE-11.0 and newer.
|
|
|
|
Qjail [ q = quick ] is a 4th generation wrapper for the basic chroot jail
|
|
system that includes security and performance enhancements. Plus a new level
|
|
of "user friendliness" enhancements dealing with deploying just a few jails or
|
|
large scale jail environments consisting of 100's of jails.
|
|
|
|
Qjail uses the jail(8) jail.conf method. This provides the ability to enable
|
|
the following options on a per-jail basis. exec.fib, securelevel, allow.sysvipc,
|
|
devfs_rulesets, allow.raw_sockets, allow.quotas, allow.mount.nullfs,
|
|
allow.mount.tmpfs, allow.mount.zfs, vnet.interface, and vnet. The vnet option
|
|
gives a jail its own network stack using the experimental vimage kernel module.
|
|
The vnet option has only been tested on i386 and amd64 equipment.
|
|
|
|
Qjail requires no knowledge of the jail command usage. It uses "nullfs" for
|
|
read-only system executables, sharing one copy of them with all the jails.
|
|
|
|
Uses "mdconfig" to create sparse image jails. Sparse image jails provide a
|
|
method to limit the total disk space a jail can consume, while only occupying
|
|
the physical disk space of the sum size of the files in the image jail.
|
|
|
|
Ability to assign ip address with their network device name,
|
|
so aliases are auto created on jail start and auto removed on jail stop.
|
|
|
|
Ability to create "ZONE"s of identical qjail systems, each with their own
|
|
group of jails.
|
|
|
|
Ability to designate a portion of the jail name as a group prefix so the
|
|
command being executed will apply to only those jail names matching that prefix.
|
|
|
|
Qjail has been incorporated into the Finch open source project,
|
|
see http://dreamcat4.github.io/finch/ for details.
|
|
|
|
WWW: http://qjail.sourceforge.net/
|