Wednesday, March 9, 2016

FreeBSD: Jails (2)

Here is another way to create a jail:

- Define a root directory for the jail (e.g. /usr/jails/nginx);

mkdir -p /usr/jails/nginx

- Mount the FreeBSD installation disk. In case the CD-ROM drive is used then:

mount -t cd9660 /dev/cd0 /mnt/cdrom (adjust underlined if necessary)

In case the ISO file is used and it is located in the host, then:

mount -t cd9660 /dev/`mdconfig -f cdimage.iso` /mnt/cdrom (adjust underlined if necessary)

- Extract the binaries from the tarballs on the install media into the declared destination. Minimally, only the base set needs to be extracted, but a complete install can be performed when preferred:

tar -xf /mnt/cdrom/usr/freebsd-dist/base.txz -C /usr/jails/nginx

Updated 27/03/2016
- Instead of mounting the ISO file, the tarballs with the binaries can be downloaded as below:

fetch -o /tmp/base.txz
tar -xvf /tmp/base.txz -C /usr/jails/nginx

- Copy over the host's /etc/resolv.conf to the jail:

cp /etc/resolv.conf /usr/jails/nginx/etc/

- Start the jail for basic configuration (e.g. set root password). By exiting from the shell, the jail will be shut down:

jail -c path=/usr/jails/nginx command=bin/sh

- Edit /etc/freebsd-update.conf inside jail in order to avoid errors during FreeBSD update:

Components src world kernel
Components world kernel

Reason: there are no kernel or kernel sources inside the jail.

- Edit the host's /etc/rc.conf:

jail_list="lighttpd nginx" #(LIST SEPARATED BY SPACE)


- Create an entry for the jail on the host's /etc/jail.conf:

nginx {
  path = /usr/jails/nginx;
  devfs_ruleset = 4;
  host.hostname = nginx1.wb.lan;
  ip4.addr =;
  allow.chflags = 1;
  exec.start = "/bin/sh /etc/rc";
  exec.stop = "/bin/sh /etc/rc.shutdown";

At last, restart the the host. The jail will be started automatically in the next boot.
To list the active jails use:


and to access the jail e.g. JID 2:

jexec 2 /bin/tcsh


No comments:

Post a Comment