I read on misc@ :
"Jail really is nice, but you can accomplish the same thing when using
chroot + systrace if you just want a single running service per
virtual jail. You can make it even tighter then a jail. But ok, it is
a lot of work, jails make it easy to implement virtual servers. It is
a nice feature, but I don't miss it on OpenBSD."
The reason for jails is to run multiple domains on one machine and each jail would be a separate domain, such as, example.org; example.com; example.net. If I need to make changes or remove a domain it's simple.
I understand how chroot works, but I am using Perl and MySQL for my sites and it is a little work to get that in chroot.
According to the above statement chroot+systrace is tighter than jails, but is there an example somewhere of how to use chroot and systrace to make it that way for a specific domain.
Also, could I chroot multiple domains, such as /var/www/example.org; /var/www/example.com; /var/www/example.net ?
Thanks!
|