Hacker News new | past | comments | ask | show | jobs | submit login

So Jails support things like allowing the same process to be visible in multiple jails, or sharing a root filesystem, or sharing a network interface?



Jails (on FreeBSD) each get their own IP address(es) which may be associated with the same network interface.

With ZFS, one can use a common "template" filesystem for jails such that updates to the userland or the ports tree only need to be applied to the base file system once and become visible in all jails (as far as I understand ZFS, at least).

To my knowledge, it is not possible to have a process be visible in several jails at once. Each process has a jail ID associated with it, and it is visible only inside the corresponding jail (and the host system, of course).


FreeBSD jails can share IP with the host systems. Also multiple FreeBSD jails can share the same IP from the host system. Jails are IP level isolated in contrast with linux namespace containers which do interface level isolation.


Jails can get their own interfaces too (VNET/VIMAGE). This functionality has been buggy in the past, but in 11 it's ready to go.


Shared file systems, sure; sharing TCP/IP stack, sure; same process in multiple jails, no (except that processes are visible both in a jail plus its parent jail; jails can be nested).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: