OS Virtualization on FreeBSD vs. Linux

I was talking to somebody at OSCON last week and they made an off-hand comment about using FreeBSD jail to isolate software applications in a development environment.

Being a linux guy, it took a while to sink in that jail was a form of operating system virtualization.

On linux, there’s dozens of virtualization options these days in various states of development, reliability and licensing. There’s only 3 linux “OS virtualization” options, FreeVPS, OpenVZ and Linux V-Server.

Generally linux virtualization requires a custom kernel with the relevant patches, so installation requires installing the kernel, rebooting and testing the new kernel – usually a hassle.

FreeBSD has jail, and Solaris has zones.

What’s great about jail is that:

  • limits access to filesystem, process space and network
  • it’s been built-in since FreeBSD 4.0 – no-hassles, mature feature
  • a new jail can be created with one command
  • it’s fast – native, not emulated
  • it consumes almost no resources – only 6-10MB hard disk space per jail
  • it’s simple to use and requires no OS reinstallation or configuration – great for remote boxes
  • it’s free.

The downsides of jail are that you can’t run different versions of the OS than what was originally installed, there’s no way to limit RAM or CPU used in each jail, and demons should be configured to listen on the appropriate IP addresses instead of 0.0.0.0.

Originally adding jail support only required changing about 350 lines of kernel code and adding 400 more – not that intrusive.

Linux-VServer
wikipedia: FreeBSD jail
Virtualization with FreeBSD Jails
wikipedia: Comparison of virtual machines
ibm.com: Virtual Linux – An overview of virtualization methods, architectures, and implementations
Virtualization in Xen 3.0
Installing Linux-VServer
New virtualization option for Linux: KVM (and Linux virtualization summary)
KernelTrap: Abusing chroot
Related Projects to jail and vserver
ostatic.com: Considering FreeBSD Jails
FreeBSD 7.2 Review: Improved Virtualization
iocage – A FreeBSD jail manager HN Comments
FreeBSD Jails for Fun and Profit (2020) HN

This entry was posted in BSD, Linux, Tech. Bookmark the permalink.

8 Responses to OS Virtualization on FreeBSD vs. Linux

  1. Dan Langille says:

    “you can’t run different versions of the OS than what was originally installed”

    AFAIK, you can run older versions of FreeBSD in the jail. For example, if you’re running 6.2 in the host, you could run 6.1 in the jail.

  2. Vivek Khera says:

    Hi James, that must have been me you’re referring to… πŸ™‚

    Yeah, jails are cool for isolating services and for configuration testing and such. Since it is not really virtualization the way vmware or xen or such are, you have much less overhead. Everything is running on one kernel — the processes inside the jail are just processes that are in a chroot environment and have limited networking. One big thing that is not available is the ability to alter the network stack in any way per jail.

  3. One small correction – it’s been built in since FreeBSD 4.0, not 5.0.

    I’ve been using jails for heavily trafficked production servers for years, it’s an awesome solution.

  4. Jeremie Le Hen says:

    Hi,

    Actually a jailed daemon can listen on 0.0.0.0; the kernel will simply remap it to the jail’s IP address.

    One point which is worth mentioning as well is that the FreeBSD handbook provides a complete chapter about jails.

    Regards,
    — Jeremie

  5. Dave P says:

    It looks like you have a typo, the wikipedia page you linked to says jail was introduced back in FreeBSD 4.0 (backed up by the man page for jail at http://www.freebsd.org/cgi/man.cgi?query=jail)

  6. Wow, you FreeBSD users sure are vocal! I’ll have to post some more on BSD I guess.

    Thanks for the tips.

  7. dennyhalim says:

    can we run linux inside freebsd jail??? or different bsd like netbsd/openbsd/etc…???

    with openvz (similar, os level virtualization), we can run any other linux inside.

  8. Rokas says:

    I may think that FreeBSD is a great way for stability and performance regarding this it perfectly fits to servers market. In addition you can run a VirtualBox along if you need other OS than Linux (e.g. M$). It’s also interesting to learn more about those old days of BSD, how the system runs etc. I’m Arch Linux user since old good times and I don’t have any complains of any other Linux distributions I’ve used – most of systems worked fine.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.