Virtualization and Linux--A Primer (Part 2) - page 4
Don't laugh, these still have a place in your sandboxing schemes. Every Linux (and BSD and Unix) have chroots (change root) built-in, just waiting to be put to work. Chroots isolate applications from the root filesystem and from each other, so you can do dangerous things without endangering the whole system. Like run several Internet-facing servers on the same box, or test and develop software. BIND, Apache, and Postfix are examples of servers that are commonly run in chroot jails for added security, even when they're not sharing the box with other services.
Chroots are also used to run 32-bit applications on 64-bit systems when 64-bit versions don't exist. The most famous example is the Flash browser plugin, and various other closed-source plugins and multimedia codecs.
Chroots are not perfect protection, and it seems there is always one more important file that you forgot to put inside the jail. But there is no performance hit like there is with User-Mode Linux, and they're easy to set up. They're great for smaller networks where you have just a few servers to ride herd on, and don't feel like getting sucked into the virtualization vortex.
- 1Linux Top 3: Fedora 24, Peppermint 7 and Solus 1.2
- 2Linux Top 3: Alpine Linux 3.4, deepin 15.2 and Linux Lite 3.0
- 3Linux 4.7 Set to Boost Live Patching, Security and Power Management
- 4Linux 4.6 Charred Weasel adds USB 3.1 Support
- 5Linux Top 3: OpenIndiana 2016.04, Ubuntu 16.04 and Debian's New Leader