jails what files was missing between thin and thick jail in freebsd14.2 ?

fff2024g

fff2024g

Dear all:
i want to find thin and thick jail difference. so please let know.
thin jail : base.txz
thick jail ; base.txz
they all need base.txz . no file to miss . why difference ?

i think. thick jail = base.txz +kernel.txz . thin jail = base.txz +host's kernel ............right ?
please help me . thanks.
 
Jails don't need their own kernel. Jails, like Solaris zones and Linux containers, share the kernel with the base system (called global).

A thin jail installs an image of FreeBSD somewhere on disk (or uses the base system, not recommended but possible) and uses read-only nullfs as a base layer with nullfs and/or unionfs mounted on top for unique directories and files within the jail. The advantage is the base read-only nullfs can be used by a number of jails.

A thick jail is one which a complete FreeBSD system (minus the kernel) is installed for each jail.

The advantage of thin jails, as described above, is that one only needs to update image shared by all the jails. Whereas each thick jail must be updated.

The disadvantage of thin jails is they are significantly more complex to set up and use. And they pose a security hazard if not set up correctly. (Though thick jails can also constitute a different security hazard if not set up correctly.)

I use thin jails. They do take more planning and work to set up. But once set up they are easier to update. And adding new jails is easy since the harder work of planning and setting up has already been done (by you).

Anticipating your next question: No, there is no documentation I know of how to set up a thin jail. Most automated tools can't do this for you. One needs to know enough about FreeBSD, UNIX, filesystems, and the minutae of your application.
 
I don't fully agree with Cy's last comment.. but bear in mind: within the context of FreeBSD 14.2, and I realize that Cy is probably referring to howto's and the likes when talking about documentation.

My point though: jail(8) is also an excellent source of information here, and it fully describes how to set up a Jail userland. Sure, it uses make world and make distribution as examples, but it's easy to figure out that you can substitute those steps with the use of archives (now referring to base.txz and kernel.txz).

But there's more... the manualpage also gives us this gem:

jail(8) said:
Start a shell in the jail:

jail -c path=/data/jail/testjail mount.devfs \
host.hostname=testhostname ip4.addr=192.0.2.100 \
command=/bin/sh
Click to expand...
And while this isn't exactly a full HOWTO it still gives you all the required steps to set up a basic jail. Next: mount_nullfs(8) and after that you're practically half done. A good way to start could be to propagate an existing /usr/local inside this new jail.

Hope this can also help!
 
You must log in or register to reply here.
Back
Top