On Tue, Oct 16, 2012 at 1:12 AM, Uffe Jakobsen <u...@uffe.org> wrote: > > On 2012-10-15 23:02, Warner Losh wrote:
>> I've had excellent luck with FreeBSD jails in such setups. The overhead is >> << 1% >> > > +1 > > Same here FreeBSD with 10-20 jails effectively isolating services works > fine even on net5501 and the smaller (outdated) net4501 unit. I've been favorably impressed with jails also in my minor utilization of them, but then I was already most comfortable with FreeBSD generally. My first experience with them was several years ago and in the context of wishing to have good revision control of a number of NanoBSD variants (for Soekris work.) In fact it did not quite work, or not as nicely as I wished for this purpose, but I do not remember exactly why. It was something like not having full control of the MD system or something which the unmodified NanoBSD build process uses. I still made use of jails to maintain different port/package collections and kernel versions going back to the primary to bundle things as I recall (though I lost interest in the project before needing to maintain a lot of flash-based host on an ongoing basis.) I expect to use jails next time I set up a multi-function host with any security considerations no matter what the capabilities of the hardware since they are reasonably intuitive and generally seem to work well. Thanks, - Tom _______________________________________________ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
