СloudLinux Blog

Per-Site CageFS Isolation Now Available in Beta for CloudLinux Customers

Written by Ivan Zhmud | Jan 26, 2026 10:14:25 AM

We are announcing the beta release of Per-Site CageFS Isolation, a new feature designed to enhance security within multi-site accounts. Available at no additional cost to existing CloudLinux customers, this release marks the first phase of our comprehensive Website Isolation project.

What is Website Isolation?

Currently, CloudLinux provides user-level isolation through CageFS, ensuring that users on a server cannot access each other's files. With Website Isolation, we're taking this a step further by enabling isolation between websites within the same user account.

i

Future phases of this project will introduce per-site PHP version selection and per-site LVE resource limits, allowing for complete independence between sites under a single account.

Ideal Use Cases

Website Isolation is valuable for any environment where customers run multiple sites under a single account. This includes:

  • Shared hosting: Standard shared hosting accounts where a user hosts a primary domain alongside several addon domains.
  • VPS hosting: Single-tenant VPS environments where an end customer or agency manages multiple websites under one account.
  • Staging: Scenarios where a user needs to test updates or changes on a staging subdomain without risking the stability or security of the production site.

Value for End Customers

This new feature delivers direct value to end customers:

  • Enhanced security: If one website is compromised, the attacker cannot access files belonging to other websites on the same account. The damage is contained within the single isolated environment.
  • Safe development: Users can treat staging sites as fully isolated entities, ensuring production environments remain protected during development and testing.

How Hosting Providers Benefit

In addition to enhancing the customer experience, hosting providers also benefit through:

  • Reduced support load: By preventing cross-site contamination within user accounts, this feature reduces the spread of malware. This minimizes the complexity and effort required for cleanups, saving valuable support time.
  • Improved server stability: Isolating websites helps prevent a single vulnerable site from affecting the integrity of other sites hosted by the same customer, leading to a more stable overall platform.

What's Included in This Release

This beta release delivers the following capabilities:

  • File system isolation per site: Each website operates in its own isolated environment and cannot see or access files from other websites belonging to the same user.
  • Administrator-controlled activation: Server administrators can enable isolation for specific domains via CLI.
Current Limitations
  • This release supports cPanel environments only (support for additional control panels is planned for future releases)
  • Isolation activation is currently available at the administrator level only (user-level activation will be added in upcoming releases)

Compatible PHP Handlers

Handler Status
LSAPI ✅ Supported (Recommended)
CGI ✅ Supported
FPM 🔜 Coming in future releases
FCGI 🔜 Coming in future releases

 

Quick Start

Installation

Install the beta version from the testing repository:

yum install cagefs --enablerepo=cloudlinux-updates-testing

Minimum Package Versions

Package Minimum Version
cagefs 7.6.29-1
lve (liblve) 2.2-1
lve-wrappers 0.7.13-1
alt-python27-cllib 3.4.33-1

 

Enable Website Isolation

1. Enable the feature server-wide (administrator only, one-time setup):cagefsctl --site-isolation-allow

2. Enable isolation for a specific domain:
cagefsctl --site-isolation-enable example.com

3. Verify isolation is active:

cagefsctl --site-isolation-list

To disable isolation for a domain:

cagefsctl --site-isolation-disable example.com

For more details, please read the documentation.

Project Roadmap

We'll roll out Website Isolation in three phases:

  1. CageFS per site: current beta release
  2. PHP Selector per site: ability to set different PHP versions for each isolated website
  3. LVE per site: individual resource limits for each website

The next phases are planned for release in the current and following quarters.

Get Started Today

The beta is available now for deployment in your environments. We invite you to start testing and share your feedback, helping us refine this new feature. If you run into any technical issues, please open a ticket with our support team.

Stay tuned for updates!
View full post