What’s the difference between a Linux chroot jail and a FreeBSD jail? Are they synonyms in modern systems? Is one more secure than the other? Is one more flexible?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
What’s the difference between a Linux chroot jail and a FreeBSD jail? Are they synonyms in modern systems? Is one more secure than the other? Is one more flexible?
Actually, they have almost nothing in common.
A Linux “chroot environment” is just what
/resolves to for a single process. Anything the process can do with access to that tree, it can do. So in general it can (e.g.) enumerate other processes on the system, and if it is a “root” process, it can still take over the machine.A FreeBSD jail, on the other hand, is more like a virtual machine than a Linux chroot jail. It is a partition of the system with its own file system, user accounts, etc. The root user inside the jail only has administrative access to other objects in the jail; it cannot access anything outside of its jail.
I will not respond to the “more secure” or “more flexible” questions since those are weasel words. The mechanisms are just completely different by design, that’s all.