FreeBSD Jails: Difference between revisions

From DWIKI
mNo edit summary
 
(8 intermediate revisions by the same user not shown)
Line 1: Line 1:
==Documentation==
=HOWTO=
 
 
Host IP: 10.0.0.15, Jail IP: 10.0.0.16


  JAIL=/jails/jail1
  JAIL=/jails/jail1
  mkdir $JAIL
  mkdir $JAIL
  cd /usr/src
  cd /usr/src
  DESTDIR=$JAIL make installworld
  make installworld DESTDIR=$JAIL  
  DESTDIR=$JAIL make distribution
  make distribution DESTDIR=$JAIL  


Set up /etc/fstab to mount ports in your jail:
Set up /etc/fstab to mount ports in your jail:


  /usr/ports      /jails/jail1/usr/ports      nullfs  ro,auto 0      0
  /usr/ports      /jails/jail1/usr/ports      nullfs  ro,auto 0      0
 
devfs          /jails/jail1/dev            devfs  rw      0      0




Line 18: Line 21:
  DISTDIR=/var/distfiles
  DISTDIR=/var/distfiles


Set up /jails/jail1/etc/rc.conf


Configuring deamons on the jail host:
sshd_enable="YES"


Sendmail:


Sshd:
==Configuring deamons on the jail host==


Sendmail: in the .mc file put:
DAEMON_OPTIONS(`Name=IPv4, Addr="10.0.0.15",Family=inet')


Sshd, in /etc/ssh/sshd_config, make sure it only listens on IP of the host
ListenAddress  10.0.0.15


===Links===
 
And at last /etc/rc.conf
jail_enable="YES"
jail_list="jail1"
jail_jail1_rootdir="/jails/jail1"
jail_jail1_hostname="jail1"
jail_jail1_ip="10.0.0.16"
 
=Links=
*[http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails-application.html Handbook about jails, just follow this :)]
*[http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails-application.html Handbook about jails, just follow this :)]
*[http://www.freebsddiary.org/jail-6.php Jails]
*[http://www.freebsddiary.org/jail-6.php Jails]
*[http://www.freebsddiary.org/jail-multiple.php More Jails]
*[http://www.freebsddiary.org/jail-multiple.php Multiple Jails]
*http://wiki.freebsd.org/Jails
*http://wiki.freebsd.org/Jails


==FAQ==
=FAQ=
===upgrading jails===
http://www.cyberciti.biz/faq/how-to-upgrade-freebsd-jail-vps/
 
 
===copying jails===
Of course you first stop the jail to copy :)
tar -cpf - . | tar -C /usr/jail/new -xpf -
 
 
===ln: /dev/log: Operation not permitted===
===ln: /dev/log: Operation not permitted===



Latest revision as of 11:22, 11 November 2010

HOWTO

Host IP: 10.0.0.15, Jail IP: 10.0.0.16

JAIL=/jails/jail1
mkdir $JAIL
cd /usr/src
make installworld DESTDIR=$JAIL 
make distribution DESTDIR=$JAIL 

Set up /etc/fstab to mount ports in your jail:

/usr/ports      /jails/jail1/usr/ports      nullfs  ro,auto 0       0
devfs           /jails/jail1/dev            devfs   rw      0       0


Set up /jails/jail1/etc/make.conf for ports:

WRKDIRPREFIX=/var/wrkdir
DISTDIR=/var/distfiles

Set up /jails/jail1/etc/rc.conf

sshd_enable="YES"


Configuring deamons on the jail host

Sendmail: in the .mc file put:

DAEMON_OPTIONS(`Name=IPv4, Addr="10.0.0.15",Family=inet')

Sshd, in /etc/ssh/sshd_config, make sure it only listens on IP of the host

ListenAddress  10.0.0.15


And at last /etc/rc.conf

jail_enable="YES"
jail_list="jail1"
jail_jail1_rootdir="/jails/jail1"
jail_jail1_hostname="jail1"
jail_jail1_ip="10.0.0.16"

Links

FAQ

upgrading jails

http://www.cyberciti.biz/faq/how-to-upgrade-freebsd-jail-vps/


copying jails

Of course you first stop the jail to copy :)

tar -cpf - . | tar -C /usr/jail/new -xpf -


ln: /dev/log: Operation not permitted

How to see which jails are active?

jls


(dis) allow icmp

sysctl security.jail.allow_raw_sockets

enter a jail

Get the JID of the jail to enter

jls

Then enter jail 2 with your shell of choice

jexec 2 csh


(postgresql) FATAL: could not create shared memory segment: Function not implemented

# For PostgreSQL
#http://www.freebsddiary.org/jail-multiple.php
jail_sysvipc_allow="YES"

non-existent system call invoked

compat options? COMPAT_* in kernel?


jls shows stopped jail

something is still in use.

Notes

sysinstall _ftpPath=ftp://ftp.FreeBSD.org/pub/FreeBSD/ nonInteractive=yes mediaSetFTP

             releaseName=7.1-RELEASE dists=base distSetCustom installRoot=<JAILDIR> installCommit