- Define a root directory for the jail (e.g. /usr/jails/lighttpd);
mkdir -p /usr/jails/lighttpd
cd /usr/src
make buildworld (OPTIONAL)
make installworld DESTDIR=/usr/jails/lighttpd
make distribution DESTDIR=/usr/jails/lighttpd
mount -t devfs devfs /usr/jails/lighttpd/dev (OPTIONAL)
- Copy over the host's /etc/resolv.conf to the jail:
cp /etc/resolv.conf /usr/jails/lighttpd/etc/
- Start the jail for basic configuration (e.g. set root password). By exiting from the shell, the jail will be shut down:
jail -c path=/usr/jails/lighttpd command=bin/sh
- Edit /etc/freebsd-update.conf inside jail in order to avoid errors during FreeBSD update:
from
Components src world kernel
to
Components world kernel
Reason: there are no kernel or kernel sources inside the jail.
- Edit the host's /etc/rc.conf:
#Jails
jail_enable="YES"
jail_list="lighttpd" #(LIST SEPARATED BY SPACE)
ifconfig_vmx3f0_alias0="inet 192.168.0.150/24"
- Create an entry for the jail on the host's /etc/jail.conf:
lighttpd {
path = /usr/jails/lighttpd;
mount.devfs;
devfs_ruleset = 4;
host.hostname = lighttpd1.wb.lan;
ip4.addr = 192.168.0.150;
allow.chflags = 1;
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
}
path = /usr/jails/lighttpd;
mount.devfs;
devfs_ruleset = 4;
host.hostname = lighttpd1.wb.lan;
ip4.addr = 192.168.0.150;
allow.chflags = 1;
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
}
To list the active jails use:
jls
and to access the jail e.g. JID 1:
jexec 1 /bin/tcsh
References:
- https://www.freebsd.org/doc/handbook/jails-build.html
- https://www.freebsd.org/cgi/man.cgi?query=jail&sektion=8&manpath=freebsd-release-ports
- https://srobb.net/freebsdjail.html
- https://www.digitalocean.com/community/questions/freebsd-update-install-command-fails-on-freebsd-10-1-release
No comments:
Post a Comment