Live Ruby on rails tutorial sites
Locked
12
12
Re: Live Ruby on rails tutorial sites
 
|
2012/1/28 Gastón Dall' Oglio <[hidden email]>
No. I have not booted a FreeBSD for years ..... Laurent
_______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Re: Live Ruby on rails tutorial sites
|
|
Ah ok, I never :) But I have curiosity for this tecnology of jails in FreeBSD for hosted seaside instances. Regards. 2012/1/28 laurent laffont <[hidden email]>
_______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Re: Live Ruby on rails tutorial sites
|
|
You need to define what you are willing to risk. Then you need to define your sandbox. Chroot and jail are similar and basically isolate just on the filesystem layer. Access to other resources is not easy possible because inside the jail there is no default access. But you give away control over the jailed environment. A malicious person can still bring his own binaries and abuse the network.
If you are looking for better isolation and you are not to eager to use freeBSD then have a look at linux containers LXC [1]. Anyway you give away access to resources like the network. If you need better isolation then you would need to get rid of the primitives in the vm. Probably it is not to hard to get rid of system accessing primitives after the image has been loaded and changes etc. are disabled. I think Igor proposed something with an irreversible primitive call that disables some primitives. my 2 cents, Norbert Am 31.01.2012 um 13:36 schrieb Gastón Dall' Oglio:
_______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Re: Live Ruby on rails tutorial sites
|
|
Hi Norbert. > You need to define what you are willing to risk. > Chroot and jail are similar and basically isolate just on the filesystem layer. 2012/1/31 Norbert Hartl <[hidden email]>
Yes right, I just have interesting about jails, but just now I do not have a real scenario, I'm the only user in my hosting.
As far I know, jail are more like a OS virtual machine, becouse it be able to control other resource not only file system, like your proccess and network configurations, see See: http://en.wikipedia.org/wiki/FreeBSD_jail.
But not controled the cpu and ram utilization, and then yes a user can be abusing of them and network. But for control the network usage i think that the best approach is a firewall external to the jails (and good switch :).
Thanks for the data, I check lxc that mu hosting is a Linux box.
Very advance for my, but sounds like the better solution.
Thanks. Gastón.
_______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
«
Return to Seaside General
|
1 view|%1 views
| Free forum by Nabble | Edit this page |