Martin "eto" Misuth wrote on 02/25/2016 16:14:
[...]
- not sure about Miroslav's problems with freebsd-update, but it seems to work
pretty well with -basedir /jail/tree parameter nowadays (there might be
corner cases)
Freebsd-update maintains patches for each file in each jail (if you use
full jails and not shared basejail) so this is IO / space / time consuming.
freebsd-update has some unhandled exceptions which can leave system in
an inconsistent state. (unbootable) It ended up with mixed files from
9.x and 10.x on host when updating host.
It was about 2 years ago and it may be fixed. I don't know.
- you can have older jail-base run on newest kernel (other way around is not
possible)
- you can kill many files in given jail to get bare minimal running setup
(this seems completely driven by gut, from what I gathered, as some things
might have un-obvious dependencies)
- you can mount many things into jail read-only (this makes them more rigid
and harder to "manage" "live")
- jails can have limits on number of procs living in them and can be
allowed to be nested(!) (jail-in-jail)
- with rctl you can cap resources per jail
Beware of RCTL. We are using it a lot but some of them don't work as one
can expect from their name and manpage description. Namely memory or
swapuse. Limiting of processor seems good.
Miroslav Lachman
_______________________________________________
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
