СloudLinux Blog

Per-Site CageFS Isolation Now Available in Beta for CloudLinux Customers

Written by Ivan Zhmud | Jan 26, 2026 10:14:25 AM

Updated February 26, 2026: This article has been updated to reflect changes introduced in Phase 2 of Website Isolation. Key changes: --site-isolation-allow command has been renamed to --site-isolation-allow-all; end users can now enable isolation for their own domains (previously admin-only). See the Phase 2 announcement for full details.

Update on Feb 5, 2026: Added details about partial PHP-FPM support.

We are announcing the beta release of Per-Site CageFS Isolation, a new feature designed to enhance security within multi-site accounts. Available at no additional cost to existing CloudLinux customers, this release marks the first phase of our comprehensive Website Isolation project.

What is Website Isolation?

Currently, CloudLinux provides user-level isolation through CageFS, ensuring that users on a server cannot access each other's files. With Website Isolation, we're taking this a step further by enabling isolation between websites within the same user account.

i

Per-Site PHP Selector is now available as part of Phase 2, allowing each isolated website to run its own PHP version and extensions. The final phase will introduce per-site LVE resource limits for complete independence between sites under a single account.

Ideal Use Cases

Website Isolation is valuable for any environment where customers run multiple sites under a single account. This includes:

  • Shared hosting: Standard shared hosting accounts where a user hosts a primary domain alongside several addon domains.
  • VPS hosting: Single-tenant VPS environments where an end customer or agency manages multiple websites under one account.
  • Staging: Scenarios where a user needs to test updates or changes on a staging subdomain without risking the stability or security of the production site.

Value for End Customers

This new feature delivers direct value to end customers:

  • Enhanced security: If one website is compromised, the attacker cannot access files belonging to other websites on the same account. The damage is contained within the single isolated environment.
  • Safe development: Users can treat staging sites as fully isolated entities, ensuring production environments remain protected during development and testing.

How Hosting Providers Benefit

In addition to enhancing the customer experience, hosting providers also benefit through:

  • Reduced support load: By preventing cross-site contamination within user accounts, this feature reduces the spread of malware. This minimizes the complexity and effort required for cleanups, saving valuable support time.
  • Improved server stability: Isolating websites helps prevent a single vulnerable site from affecting the integrity of other sites hosted by the same customer, leading to a more stable overall platform.

What's Included in This Release

This beta release delivers the following capabilities:

  • File system isolation per site: Each website operates in its own isolated environment and cannot see or access files from other websites belonging to the same user.
  • Flexible activation: Server administrators can enable isolation for specific domains via CLI, or allow end users to manage isolation for their own domains
Current Limitations
  • This release supports cPanel environments only (support for additional control panels is planned for future releases)
  • Activation and configuration are CLI-only in this release. Control panel UI integration will be added in future releases.

Compatible PHP Handlers

Handler Status
LSAPI ✅ Supported (Recommended)
CGI ✅ Supported
FPM ⚠️ Partially Supported - see Compatible PHP Versions below
FCGI 🔜 Coming in future releases

Compatible PHP Versions

Website Isolation provides partial FPM handler support for ea-php (cPanel). The following ea-php versions are compatible:

Package Minimum Version
ea-php56-php 5.6.40-25.cloudlinux.3
ea-php70-php 7.0.33-29.cloudlinux.3
ea-php71-php 7.1.33-20.cloudlinux.3
ea-php72-php 7.2.34-12.cloudlinux.3
ea-php73-php 7.3.33-15.cloudlinux.3
ea-php74-php 7.4.33-16.cloudlinux.1
ea-php80-php 8.0.30-9.cloudlinux.1
ea-php81-php 8.1.33-2.cloudlinux.3
ea-php82-php 8.2.29-2.cloudlinux.3
ea-php83-php 8.3.30-1.cloudlinux.1
ea-php84-php 8.4.17-1.cloudlinux.2
ea-php85-php 8.5.2-1.cloudlinux.1

 

i

The installation command for ea-php fpm:
yum install ea-php??-php-fpm --enablerepo=cl-ea4-testing

 

i

alt-php support is coming soon.

 

Quick Start

Installation

Install the beta version from the testing repository:

yum install cagefs --enablerepo=cloudlinux-updates-testing

Minimum Package Versions

Package Minimum Version
cagefs 7.6.30-1
lve (liblve) 2.2-1
lve-wrappers 0.7.13-1
alt-python27-cllib 3.4.33-1

 

Enable Website Isolation

1. Enable the feature server-wide (administrator, one-time setup):cagefsctl --site-isolation-allow-all

2. Enable isolation for a specific domain:
cagefsctl --site-isolation-enable example.com

3. Verify isolation is active:

cagefsctl --site-isolation-list

To disable isolation for a domain:

cagefsctl --site-isolation-disable example.com

For more details, please read the documentation.

Project Roadmap

We'll roll out Website Isolation in three phases:

  1. CageFS per site: current beta release
  2. PHP Selector per site: ability to set different PHP versions for each isolated website
  3. LVE per site: individual resource limits for each website

The next phases are planned for release in the current and following quarters.

Get Started Today

The beta is available now for deployment in your environments. We invite you to start testing and share your feedback, helping us refine this new feature. If you run into any technical issues, please open a ticket with our support team.

Stay tuned for updates!
View full post