Solaris Zones, Linux Chroot
How does Linux chroots compare to Solaris zones?
I've been told zones are better, but I haven't played with them yet. Does better mean that somethings can escape out of the chrooted environment?
What advantages does each one offer over the other?
I imagine the chroot command is already available to Solaris, so there must have been a reason why chroot was created.
chroot is only providing file system isolation and is limited to non root accounts. There have always been ways to escape chroot when you have root privileges.
zones are not only isolating file systems but also processes (a ps will show only the processes launched on the zone), network (each zone has its own IP address(es) including its own localhost. You can cap resource usage per zone (CPU, memory).
Finally, Solaris supports also branded zones which provide a different OS interface to applications (e.g. a Solaris 10 branded zone installed on Solaris 11).
Linux closer equivalents are OpenVZ and lxc.
|All times are GMT -5. The time now is 06:37 PM.|