FreeBSD Jails

Preface

References

1) http://www.iosn.net/Members/kaeru/articles/freebsd/freebsd-jails/index_html
2) http://www.freebsddiary.org/jail-5.php
3) http://www.freebsd.org/cgi/man.cgi?query=jail

Introduction

I more or less followed link 2 for the pre-network config, referencing 3 slightly where it specified to. However I couldn’t get all the networking to function properly with 2 (in order to download ports on the vm – you may just choose to copy files to the directory, I picked the ports so I could just let it do auto overnight – plus I’m sure the networking will come in handy later.) After getting one up I used the instructions in link 1 for copying it over, one thing worth noting is that there are some flags set, so if you forget something you want in your base jail and have already copied it over a half dozen times to other jails you may have some flags set disallowing files from being removed, I got around this with this as described in the part on removing jails below:

Creating a jail

Assuming your jail is going to be J01.CTDEV located in /var/vm/J01.CTDEV

For csh/tcsh:

setenv D /var/vm/J01.CTDEV

For sh/bash/ksh:

export D=/var/vm/J01.CTDEV

And then for >= 7.0:
cd /usr/src mkdir -p $D make world DESTDIR=$D cd etc make distribution DESTDIR=$D mount -t devfs devfs $D/dev cd $D ln -sf dev/null kernel

or for >= 5.0 && < 7.0:
cd /usr/src mkdir -p $D make world DESTDIR=$D cd etc make distribution DESTDIR=$D mount_devfs devfs $D/dev cd $D ln -sf dev/null kernel

or for 4.x:
cd /usr/src mkdir -p $D make world DESTDIR=$D cd etc make distribution DESTDIR=$D cd $D ln -sf dev/null kernel mkdir $D/stand cp /stand/sysinstall $D/stand

Installing a Jail

Assuming your host is D01.CTDEV(192.168.2.50) and your jails are J01.CTDEV(192.168.2.70), J02.CTDEV(192.168.2.71), and J03.CTDEV(192.168.2.72)

Ok, I lied, its not installing a jail, so much as installing 3. Why three? You may be asking. Well, why would you make one virtual machine, running at native speed, when you could have 3, hell, you could have dozens (and I probably will before long) but 3 is a nice not-so-round number that demonstrates multiple jails pretty well – and it’s my initial setup for dev + test.

/etc/rc.conf /etc/ssh/sshd_config /etc/hosts /etc/sysctl.conf

Host /etc/rc.conf (important areas highlighted)

Jail 1 /var/vm/J01.CTDEV/etc/rc.conf (important areas highlighted - path shown from host)

Jail 2 /var/vm/J02.CTDEV/etc/rc.conf (important areas highlighted - path shown from host)

Jail 3 /var/vm/J03.CTDEV/etc/rc.conf (important areas highlighted - path shown from host)
Host /etc/ssh/sshd_config (important areas highlighted)

Jail 1 /var/vm/J01.CTDEV/etc/ssh/sshd_config (important areas highlighted - path shown from host)

Jail 2 /var/vm/J02.CTDEV/etc/ssh/sshd_config (important areas highlighted - path shown from host)

Jail 3 /var/vm/J03.CTDEV/etc/ssh/sshd_config (important areas highlighted - path shown from host)
Host /etc/hosts (important areas highlighted)

Jail 1 /var/vm/J01.CTDEV/etc/hosts (important areas highlighted - path shown from host)

Jail 2 /var/vm/J02.CTDEV/etc/hosts (important areas highlighted - path shown from host)

Jail 3 /var/vm/J03.CTDEV/etc/hosts (important areas highlighted - path shown from host)
Host /etc/sysctl.conf (important areas highlighted)

Jail 1 /var/vm/J01.CTDEV/etc/sysctl.conf (important areas highlighted - path shown from host)

Jail 2 /var/vm/J02.CTDEV/etc/sysctl.conf (important areas highlighted - path shown from host)

Jail 3 /var/vm/J03.CTDEV/etc/sysctl.conf (important areas highlighted - path shown from host)

Basic Cconfiguration

%jail /var/vm/J01.CTDEV J01.CTDEV 192.168.2.70 /bin/csh J01# touch /etc/fstab J01# newaliases J01# passwd SET ROOT PASSWORD J01# adduser ADD USER ACCOUNTS J01# sysinstall SET TIMEZONE AND OTHER OPTIONS J01# exit %jail /var/vm/J02.CTDEV J01.CTDEV 192.168.2.71 /bin/csh J02# touch /etc/fstab J02# newaliases J02# passwd SET ROOT PASSWORD J02# adduser ADD USER ACCOUNTS J02# sysinstall SET TIMEZONE AND OTHER OPTIONS J02# exit %jail /var/vm/J03.CTDEV J01.CTDEV 192.168.2.72 /bin/csh J03# touch /etc/fstab J03# newaliases J03# passwd SET ROOT PASSWORD J03# adduser ADD USER ACCOUNTS J03# sysinstall SET TIMEZONE AND OTHER OPTIONS J03# exit

Jail Management

Copying a Jail

Assuming your base jail is currently in /var/vm/J01.CTDEV and your new copy is destined for /var/vm/J02.CTDEV

mkdir /var/vm/J02.CTDEV cd /var/vm/J01.CTDEV tar -cpf - . | tar -C /var/vm/J02.CTDEV -xpf -

Removing a Jail

Assuming the jail you are attempting to remove is located at /var/vm/J02.CTDEV and that the jail is already stopped.

You will first need to run rm -r on the directory containing the jail to be deleted, typing y or yes followed by enter at each question

rm -r /var/vm/J02.CTDEV

now the write protected files must be set writable to be deleted (you must do these as root, or su, if you care about that sort of thing):

chflags noschg /var/vm/J02.CTDEV/* chflags noschg /var/vm/J02.CTDEV/bin/* chflags noschg /var/vm/J02.CTDEV/lib/* chflags noschg /var/vm/J02.CTDEV/libexec/* chflags noschg /var/vm/J02.CTDEV/sbin/* chflags noschg /var/vm/J02.CTDEV/usr/* chflags noschg /var/vm/J02.CTDEV/var/*

and continuing in that fashion over all sub directories that failed an initial rm -r (that should be all of them, but if you installed some ports or custom apps in other areas of the jail there may be more, so unless its fresh its safer to do the rm -r first.) Once you do chflags on all the files that failed to delete you should then be able to successfully redo:

rm -r /var/vm/J02.CTDEV

Preface

References

Introduction

Creating a jail

Installing a Jail

Basic Cconfiguration

Jail Management

Copying a Jail

Removing a Jail

Recent Posts

Recent Comments

Archives

Categories

Meta