Jail building
From FBSD_tips
Jump to: navigation, search

How to build and run a jail. DRAFT ARTICLE

Make sure you have the system sources installed (at /usr/src). Make sure the sources match the running system (it can cause problems if they don't match), if they don't match you should update your OS sources ( like this) and reinstall your kernel and world (like this).

Then, buildworld. This will compile all the userland that the jail installation will use.

cd /usr/src
make buildworld

Then we will prepare the system tree in the jail directory. This populates the jail with all the userland utilities. The path I choose to use here will become useful to other follow on articles about the uses of jails.

JAILDIR=/usr/jails/jail1.example.com/root/
mkdir -p ${JAILDIR}

cd /usr/src
make hierarchy DESTDIR=${JAILDIR}
make installworld DESTDIR=${JAILDIR}
cd /usr/src/etc
make distribution DESTDIR=${JAILDIR}
cd ${JAILDIR}
ln -sf dev/null kernel

Then we want to set up the network for running the jail.

ifconfig YOUR_INTERFACE alias inet YOUR_JAIL_IP_ADDRESS netmask 255.255.255.255

Now lets make sure the jail can resolve names.

cp /etc/resolv.conf /usr/jails/jail1.example.com/root/etc/resolv.conf

The jail needs a devfs. You may want to apply special rules to jail devfs's, see man devfs.

mount_devfs devfs $D/dev

Let's start the jail now.

jail /usr/jails/jail1.example.com/root/ jail1.example.com YOUR_JAIL_IP_ADDRESS sh /etc/rc

Now we can list the running jails via jls :

#jls
JID  IP Address              Hostname                Path
  1   YOUR_JAIL_IP_ADDRESS   jail1.example.com       /usr/jails/jail1.example.com/root/  

  You can now use the JID (jail I.D.) to 'jump into' the jail to execute commands via jexec. For instance, you can run sysinstall to add whatever post install options you like (run sshd on start, etc.) :

  jexec 1 sysinstall