|
|
|
|
|
|
by thelibrarian
4179 days ago
|
|
|
chroot (often referred to as a "chroot jail") limits a process to a certain subset of the filesystem - e.g. you could limit a httpd process so that it can only see /var/www, and it would not be able to see anything outside that, so if there was a security compromise of the web server, an attacker would not be able see anything outside that folder tree. A FreeBSD jail is a like a lightweight virtual machine, and is very similar to a Docker container in Linux (though it has been around for about a decade longer than Docker). It provides isolation for processes etc., but uses less resources than a full virtual machine. It is limited in that it has to be the same operating system as the host. |
|
|