Virtualization and Linux--A Primer (Part 2) - page 4
Don't laugh, these still have a place in your sandboxing schemes. Every Linux (and BSD and Unix) have chroots (change root) built-in, just waiting to be put to work. Chroots isolate applications from the root filesystem and from each other, so you can do dangerous things without endangering the whole system. Like run several Internet-facing servers on the same box, or test and develop software. BIND, Apache, and Postfix are examples of servers that are commonly run in chroot jails for added security, even when they're not sharing the box with other services.
Chroots are also used to run 32-bit applications on 64-bit systems when 64-bit versions don't exist. The most famous example is the Flash browser plugin, and various other closed-source plugins and multimedia codecs.
Chroots are not perfect protection, and it seems there is always one more important file that you forgot to put inside the jail. But there is no performance hit like there is with User-Mode Linux, and they're easy to set up. They're great for smaller networks where you have just a few servers to ride herd on, and don't feel like getting sucked into the virtualization vortex.
Solid state disks (SSDs) made a splash in consumer technology, and now the technology has its eyes on the enterprise storage market. Download this eBook to see what SSDs can do for your infrastructure and review the pros and cons of this potentially game-changing storage technology.
- 1Linux Top 3: CoreOS, Oracle Enterprise Linux 7 and Ubuntu 14.10
- 2Linux Top 3: Raspberry Pi B+, CentOS 7 and RHEL 5.11
- 3Linux Top 3: CoreOS Goes Stable, Oracle Clones RHEL 7 and Tails Updates
- 4Linux Top 3: Slackware Turns 21, Debian Squeezes and Linux 3.16 Nears
- 5Linux Top 3: Distrowatch, Deepin 2014 and the NSA