Wednesday, March 9, 2016

FreeBSD: Jails (1)

Here is the simplest way that I found to create a jail:

- Define a root directory for the jail (e.g. /usr/jails/lighttpd);

mkdir -p /usr/jails/lighttpd
cd /usr/src
make buildworld (OPTIONAL)
make installworld DESTDIR=/usr/jails/lighttpd
make distribution DESTDIR=/usr/jails/lighttpd
mount -t devfs devfs /usr/jails/lighttpd/dev (OPTIONAL)

Note that if the userland has already been rebuilt using make buildworld, then skip this step and install the existing userland into the new jail.

- Copy over the host's /etc/resolv.conf to the jail:

cp /etc/resolv.conf /usr/jails/lighttpd/etc/

- Start the jail for basic configuration (e.g. set root password). By exiting from the shell, the jail will be shut down:

jail -c path=/usr/jails/lighttpd command=bin/sh

- Edit /etc/freebsd-update.conf inside jail in order to avoid errors during FreeBSD update:

Components src world kernel
Components world kernel

Reason: there are no kernel or kernel sources inside the jail.

- Edit the host's /etc/rc.conf:

jail_list="lighttpd" #(LIST SEPARATED BY SPACE)

- Create an entry for the jail on the host's /etc/jail.conf:

lighttpd {
  path = /usr/jails/lighttpd;
  devfs_ruleset = 4;
  host.hostname = lighttpd1.wb.lan;
  ip4.addr =;
  allow.chflags = 1;
  exec.start = "/bin/sh /etc/rc";
  exec.stop = "/bin/sh /etc/rc.shutdown";

At last, restart the the host. The jail will be started automatically in the next boot.
To list the active jails use:


and to access the jail e.g. JID 1:

jexec 1 /bin/tcsh


No comments:

Post a Comment