1
17.1 Legacy Series / Jails and privilege isolation
« on: December 12, 2016, 04:48:48 pm »
Hello everyone,
I'd like to know if the Opnsense community has discussed before the tradeoffs and potential security improvements of running as many of its services and daemons within https://wiki.freebsd.org/Jails.
In relation to this topic, I'd like to ask what's the rationale for running certain daemons as root when they don't need to. Notable examples are:
- lighttpd
- php-cgi
- suricata
- openvpn
Thank you
I'd like to know if the Opnsense community has discussed before the tradeoffs and potential security improvements of running as many of its services and daemons within https://wiki.freebsd.org/Jails.
In relation to this topic, I'd like to ask what's the rationale for running certain daemons as root when they don't need to. Notable examples are:
- lighttpd
- php-cgi
- suricata
- openvpn
Thank you