Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What's the difference between a Linux chroot jail and a FreeBSD jail?

Tags:

linux

freebsd

jail

What's the difference between a Linux chroot jail and a FreeBSD jail? Are they synonyms in modern systems? Is one more secure than the other? Is one more flexible?

like image 931
Nektarios Avatar asked Jun 18 '11 00:06

Nektarios

People also ask

What is chroot jail Linux?

Chroot jail is used to create a limited sandbox for a process to run in. This means a process cannot maliciously change data outside the prescribed directory tree. Another use for chroot jails is as a substitute for virtual machines.

What are Linux jails?

What is a chroot Jail? A chroot on Unix operating systems is an operation that changes the apparent root directory for the current running process and its children. The programs that run in this modified environment cannot access the files outside the designated directory tree.

How do FreeBSD jails work?

Jails build upon the chroot(2) concept, which is used to change the root directory of a set of processes. This creates a safe environment, separate from the rest of the system. Processes created in the chrooted environment can not access files or resources outside of it.

Are FreeBSD jails secure?

Security. FreeBSD jails are an effective way to increase the security of a server because of the separation between the jailed environment and the rest of the system (the other jails and the base system).

1 Answers

Actually, they have almost nothing in common.

A Linux "chroot environment" is just what / resolves to for a single process. Anything the process can do with access to that tree, it can do. So in general it can (e.g.) enumerate other processes on the system, and if it is a "root" process, it can still take over the machine.

A FreeBSD jail, on the other hand, is more like a virtual machine than a Linux chroot jail. It is a partition of the system with its own file system, user accounts, etc. The root user inside the jail only has administrative access to other objects in the jail; it cannot access anything outside of its jail.

I will not respond to the "more secure" or "more flexible" questions since those are weasel words. The mechanisms are just completely different by design, that's all.

like image 81
Nemo Avatar answered Oct 06 '22 17:10

Nemo
Sign in to Comment

Related questions

Why is data written to a file opened with O_APPEND flag, always written at the end, even with `lseek`?
About the ambiguous description of sigwait()
Class hierarchy/dependency diagram generator for C++ in Linux
Is there any way to get 64-bit time_t in 32-bit programs in Linux?
Eclipse hangs on startup [duplicate]
How can I make the "du" command run without outputting all the directories, like quiet mode?
set -e and set -x in shell script
Running Pycharm as root from launcher
/etc/lsb-release vs /etc/os-release
How can I use rsync to backup files changed within a recent period?
How to make a symlink in Java when running in Linux?
Find files and print only their parent directories
Variable in Bash Script that keeps it value from the last time running
How would you implement tail efficiently?
How do I insert a tab character in Iterm?
How do I write and compile Objective-C code?
how to check if sshd runs on a remote machine [closed]
How to access Unix Domain Sockets from the command line?
How to return exit code 0 from a failed command
changing a process's parent

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!