What is jail/chroot?
Practically, all applications works on the same file and folder space named
mounted file systems. For UNIX based platforms, the root point is named "/".
On Windows, we have many roots for every disk drive separately, but in all
cases there is common file system logical space.
The basic idea of chroot is use such
sub-tree (like C:/TEMP) as mutual root of the drive, but only for specific
For example, such application "Foo" uses many files on root of drive C:. In
chroot, it will continue to use logically these files; but physically all
files will be placed at C:\TEMP folder for example rather C:\.
What is WinJail?
WinJail is full implementation of chroot, with additional features like
"copy-on-write" mechanism applied to chroot'ed files, additional registry
based chroot, and more.
WinJail has templates that can be applied for all applications started from
specific folder, or for applications with exact name "Foo.exe", and so,
and these templates can be configured to apply it immediately as
appropriate program becomes to start, even without reconfiguration of
start point for that program.
Designed for effective host administration, WinJail provides the way to
manage Windows impersonation techniques in conjunction with templates;
each service or application now can be limited with a couple of credentials
defined in template. For example, all "Foo" programs might be placed to
specific chroot but only if user "John" started it.
In addition, WinJail announces technology named "copy on write".
To work with chroot'ed application, you need to copy all system content
into jails, including windows, if system drive alsio chroot'ed. But forget
about this with WinJail! When accessing such chroot'ed files for the first
time, it will be copied automatically into jail. To be sure the private
data will not be copied, WinJail provides ability to mark certain folders
as "private"; such folders will not be copied to jails.
program "Foo" needs to use such system files from Windows directory. So
in classical way you need to prepare chroot'ed environment for this case:
you need to copy these files manually. But with CoW technique with WinJail
it might be done automatically and only when it is needed.
- Spawn specific applications with jail
- Manage templates for applications
- Provide separation on per user/per group basis in templates
- Prepare jail environment with friendly interface
- With "copy on write" folders, make mangement of your
chroot environment fast and user friendly.