jails and zones

fluca1978 · Mar 16, 2011

Hi all,
I'm quite new to FreeBSD and I'd like to know what are advantages/drawbacks and other important differences (if any) between jails and solaris zones. If I get it right, jails cannot be branded (i.e. they are running always a freebsd installation) while zones can run other kernels, is it the only difference?

Thanks

Alt · Mar 16, 2011

Dunno about solaris, but in FreeBSD currently jails are served with same kernel as host system, so jail user cannot switch kernel or install own version or anything. But each jail have own world, so user can mess with it

SirDice · Mar 16, 2011

fluca1978 said:
If I get it right, jails cannot be branded (i.e. they are running always a freebsd installation) while zones can run other kernels

No, they cannot.

http://hub.opensolaris.org/bin/view.../faq#HQCaneachzonerunadifferentSolarisversion

Biggest difference is that jails cannot have resource limits. Yet, at least, it is being worked on.

fluca1978 · Mar 16, 2011

SirDice said:
No, they cannot.

http://hub.opensolaris.org/bin/view.../faq#HQCaneachzonerunadifferentSolarisversion

Sorry, I was not meaning a different Solaris kernel, I was referring to branded zones, so you can have a solaris zone running a linux kernel (so a different kernel).

SirDice · Mar 16, 2011

fluca1978 said:
Sorry, I was not meaning a different Solaris kernel, I was referring to branded zones, so you can have a solaris zone running a linux kernel (so a different kernel).

Wrong again.

A zone is an emulation layer, more akin to Wine perhaps, but at a more fundamental level. This, for example, means that an lx branded zone does not contain its own Linux kernel; rather, the kernel calls are redirected by the zone's emulation layer to the underlying Solaris kernel.

http://www.linuxjournal.com/magazine/solaris-zones-linux-it-marbles-get-new-bag
(emphasis mine)

Zhwazi · Mar 20, 2011

You can use FreeBSD's Linux ABI compatibility and jails to make something resembling an lx zone.

http://wiki.freebsd.org/Image/Linux/CentOS55

It's not very polished but it proves the concept is possible.

osman · Mar 21, 2011

I had some fun playing with zones

.

Zones were introduced in solaris 10. One advantage people can gain is that they can run older versions of solaris, like 8/9, in a zone inside solaris 10 (but only in case of sparc, not intel).

One interesting advantage of zones I have seen is that some big corps/banks who buy enterprise class sparc hardware and their software licenses can not meet the requirements of that hardware (normally CPU limit) then they create a zone with number of CPUs they are authorized to use and install apps in that.

Zones also have some advantages when used with ZFS, like quota etc (solaris soft partitions can be also used to implement quota on zone). not sure how FreeBSD jails are this area.

You can also export a raw device inside a zone. which I guess is not possible in case of a jail.

I think Jail will improve with time and it will beat solaris zones, because it's very doubtful that oracle will invest in all previous sun projects, specially sparc related.

FreeBSD rocks.

Fred · Mar 28, 2011

Zones were introduced in solaris 10. One advantage people can gain is that they can run older versions of solaris, like 8/9, in a zone inside solaris 10 (but only in case of sparc, not intel).

You can always install an old world inside a jail. I've never tried, but I don't see where it would break. If you need a jail with an old kernel, you're out of luck.

One interesting advantage of zones I have seen is that some big corps/banks who buy enterprise class sparc hardware and their software licenses can not meet the requirements of that hardware (normally CPU limit) then they create a zone with number of CPUs they are authorized to use and install apps in that.

You can use cpuset -j for that. sysutils/ezjail has code for automating this.

You can also export a raw device inside a zone. which I guess is not possible in case of a jail.

A device is just a file, if you mount /dev inside your jail, it will have access to this device. The default FreeBSD ruleset for devfs inside a jail is rather restrictive, you can loosen that.

Zones also have some advantages when used with ZFS, like quota etc (solaris soft partitions can be also used to implement quota on zone). not sure how FreeBSD jails are this area.

If you're talking about disk quota, then you can use jails on ZFS and reap the same advantages. CPU or network quotas are something else, unfortunately...

Galactic_Dominator · Mar 29, 2011

Fred said:
If you're talking about disk quota, then you can use jails on ZFS and reap the same advantages. CPU or network quotas are something else, unfortunately...

Standard UFS quotas also work in FreeBSD 8 (previous versions work with a simple patch) across jails assuming you've sync'd UID/GID across host/jails and have matching /etc/fstab. Net quotas can be achieved with fib's running through ipfw (maybe PF too).

jails and zones

fluca1978

Alt

SirDice

Administrator

fluca1978

SirDice

Administrator

Zhwazi

osman

Fred

Galactic_Dominator