MediaWiki:Welcome to the Howto page/FreeBSD/Jails
A FreeBSD jail can be thought of as an expanded chroot environment; in a sense it is as though a new instance of an operating system has been installed inside the "host" system which is virtually true up to a point. It can quite closely be compared to Solaris Zones with some major differences in that they have to be created manually or using a utility called ezjail which needs to be installed as an extra.
A jail comprises of 4 major components:
- A Directory Subtree
- A Hostname
- An IP Address
- A Command
The directory subtree is basically the root of the jail similar to the root of a chroot jail. The difference however is that it contains a basic operating system environment encapsulated in the BSD buildworld environment.
As an example:
Jail root: /usr/jail/myjail/
Directory subtree: /usr/jail/myjail/../...
The hostname is the hostname or FQDN of the jail which should be in the format of host.domain.com.
The IP address is the IPv4 or IPv6 of the host embedded inside the jail.
The command is essentially an executable that runs inside the jail, such as binary application or shell script. This is relative however to the root directory environment of the jail and also the type of the specific jail environment.
Creating a Jail
The basic procedure for creating a jail is as follows:
#setenv D /path/to/jail #mkdir -p $D #cd /usr/src #make buildworld #make installworld DESTDIR=$D #make distribution DESTDIR=$D #mount -t devfs devfs $D/dev
In order to get the buildworld environment to compile all sources must be selected upon installation of the Distribution set. See: Install for further details under the Configuration heading... simply select the [src] check box for all sources to be installed.
In order to enable the jail these settings must be put into /etc/rc.conf:
jail_enable="YES" jail_list="jail1 jail2 jail3" jail_jail1_rootdir="/path/to/jail1" jail_jail1_hostname="jail1.domain.com" jail_interface="em0" jail_jail1_ip="10.11.1.1" jail_jail1_devfs_enable="YES" [...] jail_jail3_rootdir="/path/to/jail3" jail_jail3_hostname="jail3.domain.com" jail_interface="em0" jail_jail3_ip="10.11.1.3" jail_jail3_devfs_enable="YES"
In order to view the jail use the: jls command from a root shell.
# jls JID IP Address Hostname Path 1 10.11.1.100 jail1.domain.com /var/jail/jail1 2 10.11.1.101 jail2.domain.com /var/jail/jail2 3 10.11.1.110 jail3.domain.com /var/jail/jail3 4 10.11.1.115 jail4.domain.com /var/jail/jail4 5 10.11.1.125 jail5.domain.com /var/jail/jail5 9 10.11.1.130 jail6.domain.com /mnt/zfs/jail/jail6 11 10.11.1.140 jail7.domain.com /mnt/zfs/jail/jail7
To control the jails, issue: /etc/rc.d/jail *start/stop/restart jail1
- where either start, stop, or restart will be issued
/etc/rc.d/jail start jail1
To then login to the jail issue the jls command to find out which number correlates to the particular jail of interest then use the jexec command to gain access followed by the JID and then the shell type:
jexec 1 tcsh