Home ] Up ]

Jail - Section 1
Jail - Section 2
Jail - Section 3
Jail - Section 4
Jail - Section 5
Jail - Section 6
Jail - Section 7
Jail - Section 8
Jail - Section 9
Jail - Footnotes



Jails: Confining the omnipotent root.

Poul-Henning Kamp <phk@FreeBSD.org>

Robert N. M. Watson <rwatson@FreeBSD.org>
The FreeBSD Project


The traditional UNIX security model is simple but inexpressive. Adding fine-grained access control improves the expressiveness, but often dramatically increases both the cost of system management and implementation complexity. In environments with a more complex management model, with delegation of some management functions to parties under varying degrees of trust, the base UNIX model and most natural extensions are inappropriate at best. Where multiple mutually un-trusting parties are introduced, ``inappropriate'' rapidly transitions to ``nightmarish'', especially with regards to data integrity and privacy protection.

The FreeBSD ``Jail'' facility provides the ability to partition the operating system environment, while maintaining the simplicity of the UNIX ``root'' model. In Jail, users with privilege find that the scope of their requests is limited to the jail, allowing system administrators to delegate management capabilities for each virtual machine environment. Creating virtual machines in this manner has many potential uses; the most popular thus far has been for providing virtual machine services in Internet Service Provider environments.

Table of Contents

  • 1. Introduction
  • 2. Traditional UNIX Security, or, ``God, root, what difference?" [UF].
  • 3. Other Solutions to the Root Problem
  • 4. The Jail Partitioning Solution
  • 5. Jail Implementation
  • 6. Implementation jail in the FreeBSD kernel.
    • 6.1. The jail(2) system call, allocation, refcounting and deallocation of struct prison.
    • 6.2. Fortification of the chroot(2) facility for filesystem name scoping.
    • 6.3. Restriction of process visibility and interaction.
    • 6.4. Restriction to one IP number.
    • 6.5. Adding jail awareness to selected device drivers.
    • 6.6. General restriction of super-users powers for jailed super-users.
    • 6.7. Implementation statistics
  • 7. Managing Jails and the Jail File System Environment
    • 7.1. Creating a Jail Environment
    • 7.2. Starting Jails
    • 7.3. Jail Management
  • 8. Future Directions
    • 8.1. Improved Virtualisation
    • 8.2. Improved Management
  • 9. Conclusion
  • Footnotes



My name is Michael Oliver, and I can be contacted by email here.
The current time is Monday, 19-Feb-2018 09:37:41 UTC.
This page was last modified on Friday, 11-Mar-2011 21:01:57 UTC.
This page has received 299 hits since April 01 2010.