Chapter 16 Jails

Table of Contents
16.1 Synopsis
16.2 Terms Related to Jails
16.3 Introduction
16.4 Creating and Controlling Jails
16.5 Fine Tuning and Administration
16.6 Application of Jails
Contributed by Matteo Riondato.

16.1 Synopsis

This chapter will provide an explanation of what FreeBSD jails are and how to use them. Jails, sometimes referred to as an enhanced replacement of chroot environments, are a very powerful tool for system administrators, but their basic usage can also be useful for advanced users.

Important: Jails are a powerful tool, but they are not a security panacea. It is particularly important to note that while it is not possible for a jailed process to break out on its own, there are several ways in which an unprivileged user outside the jail can cooperate with a privileged user inside the jail and thereby obtain elevated privileges in the host environment.

Most of these attacks can be mitigated by ensuring that the jail root is not accessible to unprivileged users in the host environment. Regardless, as a general rule, untrusted users with privileged access to a jail should not be given access to the host environment.

After reading this chapter, you will know:

Other sources of useful information about jails are: