|
Lines 5889-5894
Link Here
|
| 5889 |
it serves to firewall the process off from processes owned |
5889 |
it serves to firewall the process off from processes owned |
| 5890 |
by other users. The user ID is also used to firewall |
5890 |
by other users. The user ID is also used to firewall |
| 5891 |
off on-disk data.</para> |
5891 |
off on-disk data.</para> |
|
|
5892 |
|
| 5893 |
<para>In addition to process and userid sandboxes offered by |
| 5894 |
the &unix; operating system, &os; provides the &man.jail.8; |
| 5895 |
feature, a secure, fast implementation of <ulink |
| 5896 |
url="https://en.wikipedia.org/wiki/Operating_system-level_virtualization"> |
| 5897 |
operating system-level virtualization</ulink>. This |
| 5898 |
allows a single &os; computer to run one or more guest &os; |
| 5899 |
system images with their own users, IP addresses, and |
| 5900 |
processes. Unlike &man.chroot.8;-based sandboxing, |
| 5901 |
processes are permanently confined to the jail they were |
| 5902 |
started in (including those owned by the jail's root user), |
| 5903 |
and cannot affect processes in other jails or the host |
| 5904 |
system. While the &man.jail.8; feature is unique to &os;, it |
| 5905 |
is similar to Solaris Zones, AIX Workload Partitions, and |
| 5906 |
Linux Containers.</para> |
| 5892 |
</answer> |
5907 |
</answer> |
| 5893 |
</qandaentry> |
5908 |
</qandaentry> |