I'm not sure if you're aware, but chroot(2) is not something that's only available on OpenBSD.. it is a standardized functionally that all POSIX/Unix-alikes support.
Unlike many other systems, OpenBSD makes use of this feature extensively.. most daemons additionally drop root privileges early on during initialization, reducing the blow to the rest of the system.
The ultimate security for hosting multiple sites is.. multiple servers, that's physical security.. if however you prefer to keep things centralized.. you must realize that compromises may happen eventually, having a good recovery policy in place is just good thinking, making things difficult for the said attacker is just icing on the cake.
You have already been told that OpenBSD does not support jails, this is because it's an extensive modification.. it touches practically every part of the system.. and nobody can guarantee that they are impenetrable or invulnerable to attack.
If you believe that jails are a requirement for your setup, then continue using FreeBSD.. but respect that privileged separation, chroot(2) and wise ass thinking is good enough for some people.
|