Isolating websites on a single machine from each other the underlying OS (i.e. without using a bare-metal hypervisor such as ESX) can be achieved using “container” technologies, such as:
- chroot
- OpenVZ
- KVM
- Xen
- FreeBSD jails
- Solaris zones
- LXC (Linux containers)
- (… more here …)
What are the pros, cons and other important details of each?
Answer
chroot
Pros:
- Traditionally used as isolation container
- Same OS so no virtualisation overhead
- Lots of documentation exists, e.g. chroot for apache
Cons:
- Requires copies of all system binaries
- Not what it was designed for – if a user can become root they can break out
Attribution
Source : Link , Question Author : Community , Answer Author :
Andrew
