ezjail vs. manually jails

yueliu_32214 · Mar 12, 2010

Hi,
I am currently think of building jails on freebsd, either manually, or use the ezjail framework. I have a concern is that as I can see,
all the ezjail's jails share some directories, through base jail, like /lib, /libexec. Whether that means, if for some reason, I modified/added something
in /libexec for jail A, then all the other jails will be affected by that. If that is the case, I guess building jails manually so that each jail is totally on its own is better?

Thanks for any help

danger@ · Mar 12, 2010

Modify things in /usr/local. However if you really need to modify things in base, you have to use each jail on its own, or modify a way the ezjail is working. You may as well have a look at http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails-application.html

wonslung · Mar 14, 2010

ezjails only shares the base system. The great thing about ezjails is, well, it's easy.

And the base is mounted read only (which i would guess is more secure)

of course there is a doc in the handbook i think which covers doing the same sort of thing in a manual way. And also, with ZFS you can use clones which is quite nice.

yueliu_32214 · Mar 14, 2010

Ok. I guess using ezjail doesn't really have any disadvantage over manually creating jails.

wonslung · Mar 15, 2010

yueliu_32214 said:
Ok. I guess using ezjail doesn't really have any disadvantage over manually creating jails.

it doesn't if you want to use the bigger "full os" type of jail.

if you wanted to use the really thin "only what you need" jail then it might....

i love ezjails though

z662 · Mar 18, 2010

wonslung said:
it doesn't if you want to use the bigger "full os" type of jail.

if you wanted to use the really thin "only what you need" jail then it might....

i love ezjails though

Said it best

ezjail vs. manually jails

yueliu_32214

danger@

Administrator

wonslung

yueliu_32214

wonslung

z662