How to configure and use jailed processes in FreeBSD

Safely Behind Bars


The jail solution on FreeBSD is not only a security concept, it also provides a small virtualization solution. It gives data center administrators a powerful tool and allows Internet service providers to offer a root shell to their customers. The model's design ensures full security.

Jails also offer administrators on home networks a significant security advantage, for example, by locking up the DNS service and a web browser in a jail. These features all demonstrate that jails on FreeBSD can provide a genuine benefit with versatile applications.


  1. FreeBSD Handbook:
  2. Nemeth, Evi, et al. Unix and Linux System Administration Handbook , 4th Edition. Prentice Hall. 2010.
  3. Sarmiento, Evan. "The Jail Subsystem," Chapter 4, in FreeBSD Architecture Handbook:
  4. Kamp, Poul-Henning, and Robert N.M. Watson, "Jails: Confining the omnipotent root":
  5. McKusick, Marshall Kirk, and George V. Neville-Neil. The Design and Implementation of the FreeBSD Operating System , Chapter 4: The Jail Facility in FreeBSD 5.2. Addison-Wesley. 2004.
  6. Man pages: jail(8), jexec(8), jls(8), killall(1), ipfw(8), ezjail-admin(1), mount_nullfs(8)
  7. ISC DHCP daemon:
  8. Postfix MTA:
  9. FreeBSD Forums:
  10. PF packet filter manual:

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus