PC-BSD Day 21: the bleeding edge of PBIs and what's the jail got to do with it?
I have discussed the PBIs a couple of times already, but there is one element that deserves some attention. The PC-BSD forum has a separate section for PBIs that are under development, let’s say the bleeding edge of PBIs. The list of available packages isn’t particularly large, but I found a few items that do prove some creative uses of the PBI system.
Getting Firefox and Flash 9
One of the problems I had was to use websites that require Flash 9 (see Day 17). Even the final release of PC-BSD 1.4 comes with Flash 7 support ‘only’. Going over the PBIs ready for test I found an integrated Firefox/Flash 9 package. What does it do? It installs Firefox under Wine with Flash 9 support. Excuse me?
Yep, the PBI uses a Windows version of Firefox and makes it run under PC-BSD with the help of Wine. That’s even a step further that the suggestion I got to use the Linux version of Firefox that is available in the ports collection. I don’t know about you, but I found this pretty ingenious thinking.
This install of Firefox doesn’t conflict with other versions of Firefox on your box. As the comments with the package show, the screen fonts do need some working (though I have seen far worse). The good thing is that it just works. The websites I used for testing Flash 9 support can be used in all their glory. I must say that FirefoxWine feels a bit sluggish, but this PBI is a very simple solution for a real life problem. Hopefully it is only a temporary solution until full Flash 9 support comes to PC-BSD.
Learning to know the inside of jails
The second package that drew my attention had the tantalizing forum title JAIL TEST- SQL-Ledger book-keeping web based software. The description is as follows:
Yesterday I made PC-BSD Push Button Installer (PBI) self-contained sql-ledger installation in jail with apache, perl, postgresql- just have to launch it with doublecklick and press next button- after less than minute you’ll have fully working web server with accounting system.
Whoow! Slow down there. SQL-Ledger is a serious accounting/ERP system. It’s not something an average end-user might play with, though if you are following a course in bookkeeping this is a very strong and complete sandbox to use. I also understood the last part about Apache/Perl/PostgreSQL. It’s a bit different from PAMP, but the general idea is there. It’s a webserver. But accounting and jail are two words people generally don’t want to mix, especially since it usually means your money has been send to some vague bank accounts in the Caribbean.
Fortunately the developer of the PBI package gave a brief explanation of what a jail is in the context of FreeBSD:
In case someone don’t know what FreeBSD Jail is:
1. Virtualization : Each jail is a virtual environment running on the host machine with its own files, processes, user and superuser accounts. From within a jailed process, the environment is (almost) indistinguishable from a real system.
2. Security : Each jail is sealed from the others thus providing an additional level of security.
3. Ease of delegation : Thanks to the limited scope of a jail, it allows administrators to painlessly delegate several tasks which require superuser access without handing out complete control over the system.
So, you can log into jail as user and su – to root (gain full admin privileges in jail). You can install/delete software in jail without touching host base system from where jail is started. Jail got it’s own base system and can see only it’s own processes- same restriction for host system- you can’t see what processes in running in jail without special tools.
The FreeBSD Handbook has a complete chapter about Jails and it’s part of the section that deals with security related tasks and functions. In short, jails are an improvement of the chroot environment. That’s a concept I am more familiar with since it is used to create custom Ubuntu DVD’s. With a chroot environment you still share resources with the host system. A jail further isolates the virtual system from the host system. As the book explains: a root in the jail can only perform critical operations in the jail, the virtual system, and not in the host system. The handbook then provides a step-by-step workshop that helps you to create your own jails and setting them up. You can create a jail with a complete FreeBSD environment or just with some limited services.
This article explains how a developer creates multiple jails for testing purposes. Some additional reading can be found here. I must say I haven’t tried it yet and I am still fiddling with the PBI package and it’s settings, but on a conceptual level I find it very interesting. It’s definitely something that I wish to try later this year after I got some more experience with FreeBSD based systems.