FreeBSD Jails
From DWIKI
HOWTO
Host IP: 10.0.0.15, Jail IP: 10.0.0.16
JAIL=/jails/jail1 mkdir $JAIL cd /usr/src make installworld DESTDIR=$JAIL make distribution DESTDIR=$JAIL
Set up /etc/fstab to mount ports in your jail:
/usr/ports /jails/jail1/usr/ports nullfs ro,auto 0 0 devfs /jails/jail1/dev devfs rw 0 0
Set up /jails/jail1/etc/make.conf for ports:
WRKDIRPREFIX=/var/wrkdir DISTDIR=/var/distfiles
Set up /jails/jail1/etc/rc.conf
sshd_enable="YES"
Configuring deamons on the jail host
Sendmail: in the .mc file put:
DAEMON_OPTIONS(`Name=IPv4, Addr="10.0.0.15",Family=inet')
Sshd, in /etc/ssh/sshd_config, make sure it only listens on IP of the host
ListenAddress 10.0.0.15
And at last /etc/rc.conf
jail_enable="YES" jail_list="jail1" jail_jail1_rootdir="/jails/jail1" jail_jail1_hostname="jail1" jail_jail1_ip="10.0.0.16"
Links
FAQ
ln: /dev/log: Operation not permitted
How to see which jails are active?
jls
(dis) allow icmp
sysctl security.jail.allow_raw_sockets
enter a jail
Get the JID of the jail to enter
jls
Then enter jail 2 with your shell of choice
jexec 2 csh
# For PostgreSQL #http://www.freebsddiary.org/jail-multiple.php jail_sysvipc_allow="YES"
non-existent system call invoked
compat options? COMPAT_* in kernel?
jls shows stopped jail
something is still in use.
Notes
sysinstall _ftpPath=ftp://ftp.FreeBSD.org/pub/FreeBSD/ nonInteractive=yes mediaSetFTP
releaseName=7.1-RELEASE dists=base distSetCustom installRoot=<JAILDIR> installCommit