We are announcing the beta release of Per-Site CageFS Isolation, a new feature designed to enhance security within multi-site accounts. Available at no additional cost to existing CloudLinux customers, this release marks the first phase of our comprehensive Website Isolation project.
What is Website Isolation?
Currently, CloudLinux provides user-level isolation through CageFS, ensuring that users on a server cannot access each other's files. With Website Isolation, we're taking this a step further by enabling isolation between websites within the same user account.
Ideal Use Cases
Website Isolation is valuable for any environment where customers run multiple sites under a single account. This includes:
- Shared hosting: Standard shared hosting accounts where a user hosts a primary domain alongside several addon domains.
- VPS hosting: Single-tenant VPS environments where an end customer or agency manages multiple websites under one account.
- Staging: Scenarios where a user needs to test updates or changes on a staging subdomain without risking the stability or security of the production site.
Value for End Customers
This new feature delivers direct value to end customers:
- Enhanced security: If one website is compromised, the attacker cannot access files belonging to other websites on the same account. The damage is contained within the single isolated environment.
- Safe development: Users can treat staging sites as fully isolated entities, ensuring production environments remain protected during development and testing.
How Hosting Providers Benefit
In addition to enhancing the customer experience, hosting providers also benefit through:
- Reduced support load: By preventing cross-site contamination within user accounts, this feature reduces the spread of malware. This minimizes the complexity and effort required for cleanups, saving valuable support time.
- Improved server stability: Isolating websites helps prevent a single vulnerable site from affecting the integrity of other sites hosted by the same customer, leading to a more stable overall platform.
What's Included in This Release
This beta release delivers the following capabilities:
- File system isolation per site: Each website operates in its own isolated environment and cannot see or access files from other websites belonging to the same user.
- Administrator-controlled activation: Server administrators can enable isolation for specific domains via CLI.
Compatible PHP Handlers
| Handler | Status |
| LSAPI | ✅ Supported (Recommended) |
| CGI | ✅ Supported |
| FPM | 🔜 Coming in future releases |
| FCGI | 🔜 Coming in future releases |
Quick Start
Installation
Install the beta version from the testing repository:
yum install cagefs --enablerepo=cloudlinux-updates-testing
Minimum Package Versions
| Package | Minimum Version |
| cagefs | 7.6.29-1 |
| lve (liblve) | 2.2-1 |
| lve-wrappers | 0.7.13-1 |
| alt-python27-cllib | 3.4.33-1 |
Enable Website Isolation
1. Enable the feature server-wide (administrator only, one-time setup):cagefsctl --site-isolation-allow
cagefsctl --site-isolation-enable example.com3. Verify isolation is active:
cagefsctl --site-isolation-list
To disable isolation for a domain:
cagefsctl --site-isolation-disable example.com
For more details, please read the documentation.
Project Roadmap
We'll roll out Website Isolation in three phases:
- CageFS per site: current beta release
- PHP Selector per site: ability to set different PHP versions for each isolated website
- LVE per site: individual resource limits for each website
The next phases are planned for release in the current and following quarters.
Get Started Today
The beta is available now for deployment in your environments. We invite you to start testing and share your feedback, helping us refine this new feature. If you run into any technical issues, please open a ticket with our support team.
Stay tuned for updates!
