32 lines
1.7 KiB
Text
32 lines
1.7 KiB
Text
Qjail [ q = quick ] is a 4th generation wrapper for the basic chroot jail
|
|
system that includes security and performance enhancements. Plus a new level
|
|
of "user friendliness" enhancements dealing with deploying just a few jails or
|
|
large jail environments consisting of 100's of jails.
|
|
|
|
This version of qjail has been converted from using the legacy rc.d-method as
|
|
used in all previous versions of qjail, to using the jail(8) jail.conf-method
|
|
available in RELEASE-9.1. This upgrade provides the ability to enable the
|
|
following new options on a per-jail basis. exec.fib, allow.raw_sockets,
|
|
allow.quotas, allow.mount.nullfs, allow.mount.zfs, cpuset.id, securelevel,
|
|
vnet.interface, and vnet. The vnet option gives a jail its own network stack
|
|
using the experimental vimage software. This qjail version is not functional
|
|
for RELEASES older than RELEASE-9.1. The vnet option has only been tested on
|
|
i386 and amd64 equipment.
|
|
|
|
Qjail requires no knowledge of the jail command usage. It uses "nullfs" for
|
|
read-only system executables, sharing one copy of them with all the jails.
|
|
|
|
Uses "mdconfig" to create sparse image jails. Sparse image jails provide a
|
|
method to limit the total disk space a jail can consume, while only occupying
|
|
the physical disk space of the sum size of the files in the image jail.
|
|
|
|
Ability to assign ip address with their network device name,
|
|
so aliases are auto created on jail start and auto removed on jail stop.
|
|
|
|
Ability to create "ZONE"s of identical qjail systems, each with their own
|
|
group of jails.
|
|
|
|
Ability to designate a portion of the jail name as a group prefix so the
|
|
command being executed will apply to only those jail names matching that prefix.
|
|
|
|
WWW: http://qjail.sourceforge.net/
|