Creating a jail is a defense in depth strategy that aims at isolating a program from the rest of the file system. It is only applicable to programs that do not need to continually maintain superuser status. The central idea is to create a jail so that entities that the program does not need to access under normal operation are made invisible. This makes it much harder to abuse a potential flaw that could otherwise lead to unconstrained system compromise. A jail may consist of world viewable programs that require fewer resources to execute than those that possibly exist on that system. Jails are only useful when there is no way to elevate privileges in the event of program failure.
...