Lines 5889-5894
Link Here
|
5889 |
it serves to firewall the process off from processes owned |
5889 |
it serves to firewall the process off from processes owned |
5890 |
by other users. The user ID is also used to firewall |
5890 |
by other users. The user ID is also used to firewall |
5891 |
off on-disk data.</para> |
5891 |
off on-disk data.</para> |
|
|
5892 |
|
5893 |
<para>In addition to process and userid sandboxes offered by |
5894 |
the &unix; operating system, &os; provides the &man.jail.8; |
5895 |
feature, a secure, fast implementation of <ulink |
5896 |
url="https://en.wikipedia.org/wiki/Operating_system-level_virtualization"> |
5897 |
operating system-level virtualization</ulink>. This |
5898 |
allows a single &os; computer to run one or more guest &os; |
5899 |
system images with their own users, IP addresses, and |
5900 |
processes. Unlike &man.chroot.8;-based sandboxing, |
5901 |
processes are permanently confined to the jail they were |
5902 |
started in (including those owned by the jail's root user), |
5903 |
and cannot affect processes in other jails or the host |
5904 |
system. While the &man.jail.8; feature is unique to &os;, it |
5905 |
is similar to Solaris Zones, AIX Workload Partitions, and |
5906 |
Linux Containers.</para> |
5892 |
</answer> |
5907 |
</answer> |
5893 |
</qandaentry> |
5908 |
</qandaentry> |