BSD Jails

FreeBSD Jails



Preface

References

1) http://www.iosn.net/Members/kaeru/articles/freebsd/freebsd-jails/index_html
2) http://www.freebsddiary.org/jail-5.php
3) http://www.freebsd.org/cgi/man.cgi?query=jail

Introduction

I more or less followed link 2 for the pre-network config, referencing 3 slightly where it specified to. However I couldn’t get all the networking to function properly with 2 (in order to download ports on the vm – you may just choose to copy files to the directory, I picked the ports so I could just let it do auto overnight – plus I’m sure the networking will come in handy later.) After getting one up I used the instructions in link 1 for copying it over, one thing worth noting is that there are some flags set, so if you forget something you want in your base jail and have already copied it over a half dozen times to other jails you may have some flags set disallowing files from being removed, I got around this with this as described in the part on removing jails below:

Creating a jail

Assuming your jail is going to be J01.CTDEV located in /var/vm/J01.CTDEV

For csh/tcsh:

setenv D /var/vm/J01.CTDEV

For sh/bash/ksh:

export D=/var/vm/J01.CTDEV

And then for >= 7.0:

cd /usr/src
mkdir -p $D
make world DESTDIR=$D
cd etc
make distribution DESTDIR=$D
mount -t devfs devfs $D/dev
cd $D
ln -sf dev/null kernel

or for >= 5.0 && < 7.0:
cd /usr/src
mkdir -p $D
make world DESTDIR=$D
cd etc
make distribution DESTDIR=$D
mount_devfs devfs $D/dev
cd $D
ln -sf dev/null kernel

or for 4.x:

cd /usr/src
mkdir -p $D
make world DESTDIR=$D
cd etc
make distribution DESTDIR=$D
cd $D
ln -sf dev/null kernel
mkdir $D/stand
cp /stand/sysinstall $D/stand

Installing a Jail

Assuming your host is D01.CTDEV(192.168.2.50) and your jails are J01.CTDEV(192.168.2.70), J02.CTDEV(192.168.2.71), and J03.CTDEV(192.168.2.72)

Ok, I lied, its not installing a jail, so much as installing 3. Why three? You may be asking. Well, why would you make one virtual machine, running at native speed, when you could have 3, hell, you could have dozens (and I probably will before long) but 3 is a nice not-so-round number that demonstrates multiple jails pretty well – and it’s my initial setup for dev + test.

/etc/rc.conf
/etc/ssh/sshd_config
/etc/hosts
/etc/sysctl.conf
 

Basic Cconfiguration


%jail /var/vm/J01.CTDEV J01.CTDEV 192.168.2.70 /bin/csh
J01# touch /etc/fstab
J01# newaliases
J01# passwd SET ROOT PASSWORD
J01# adduser ADD USER ACCOUNTS
J01# sysinstall SET TIMEZONE AND OTHER OPTIONS
J01# exit
%jail /var/vm/J02.CTDEV J01.CTDEV 192.168.2.71 /bin/csh
J02# touch /etc/fstab
J02# newaliases
J02# passwd SET ROOT PASSWORD
J02# adduser ADD USER ACCOUNTS
J02# sysinstall SET TIMEZONE AND OTHER OPTIONS
J02# exit
%jail /var/vm/J03.CTDEV J01.CTDEV 192.168.2.72 /bin/csh
J03# touch /etc/fstab
J03# newaliases
J03# passwd SET ROOT PASSWORD
J03# adduser ADD USER ACCOUNTS
J03# sysinstall SET TIMEZONE AND OTHER OPTIONS
J03# exit

Jail Management

Copying a Jail

Assuming your base jail is currently in /var/vm/J01.CTDEV and your new copy is destined for /var/vm/J02.CTDEV

mkdir /var/vm/J02.CTDEV
cd /var/vm/J01.CTDEV
tar -cpf - . | tar -C /var/vm/J02.CTDEV -xpf -

Removing a Jail

Assuming the jail you are attempting to remove is located at /var/vm/J02.CTDEV and that the jail is already stopped.

You will first need to run rm -r on the directory containing the jail to be deleted, typing y or yes followed by enter at each question

rm -r /var/vm/J02.CTDEV

now the write protected files must be set writable to be deleted (you must do these as root, or su, if you care about that sort of thing):

chflags noschg /var/vm/J02.CTDEV/*
chflags noschg /var/vm/J02.CTDEV/bin/*
chflags noschg /var/vm/J02.CTDEV/lib/*
chflags noschg /var/vm/J02.CTDEV/libexec/*
chflags noschg /var/vm/J02.CTDEV/sbin/*
chflags noschg /var/vm/J02.CTDEV/usr/*
chflags noschg /var/vm/J02.CTDEV/var/*

and continuing in that fashion over all sub directories that failed an initial rm -r (that should be all of them, but if you installed some ports or custom apps in other areas of the jail there may be more, so unless its fresh its safer to do the rm -r first.) Once you do chflags on all the files that failed to delete you should then be able to successfully redo:

rm -r /var/vm/J02.CTDEV

About the Author