After Virtualbox crashed my machine, I decided to try my hand at building a virtual server using FreeBSD’s jail facility.
First, I created a directory to serve as the root directory for my jail;
slackbox# mkdir -p /usr/local/var/jails/192.168.0.100
Then I built the FreeBSD base system, so I could install it in the jail. Were I to build multiple jails, I’d probably use ezjail.
slackbox# cd /usr/src slackbox# make buildworld slackbox# mount -u -o exec /tmp slackbox# make installworld DESTDIR=/usr/local/var/jails/192.168.0.100 slackbox# make distribution DESTDIR=/usr/local/var/jails/192.168.0.100 slackbox# du -csm /usr/local/var/jails/192.168.0.100/ 184 /usr/local/var/jails/192.168.0.100/
/etc/fstab file is needed because the filesystems on the host are
already mounted. Mounting filessystems in jails is disallowed by default. This
can be changed by supplying the parameter
allow.mount=1 to the jail command.
slackbox# touch /usr/local/var/jails/192.168.0.100/etc/fstab
The jail will need some device nodes. The following is a way to create them.
slackbox# mount -t devfs devfs /usr/local/var/jails/192.168.0.100/dev slackbox# devfs -m /usr/local/var/jails/192.168.0.100/dev ruleset 4 slackbox# devfs -m /usr/local/var/jails/192.168.0.100/dev rule applyset
Also you don’t want to have a actual kernel, so just link it to
slackbox# cd /usr/local/var/jails/192.168.0.100/boot/kernel; ln -sf ../../dev/null kernel
Some files need to be set up in the jail;
slackbox# cat /usr/local/var/jails/192.168.0.100/etc/rc.conf # /etc/rc.conf # Local configuration for server.erewhon.net # Hostname and ip-adres are set by the jail. # Only expose the basic necessary devices in a jail. devfs_system_ruleset="devfsrules_jail" # Quell warnings about network interfaces. network_interfaces="" # Run the secure shell daemon. sshd_enable="YES" # Do not run sendmail sendmail_enable="NO" # Do not run the port mapper. rpcbind_enable="NO" slackbox# cat /usr/local/var/jails/192.168.0.100/etc/resolv.conf search erewhon.net nameserver 10.0.0.150
Now it is time to start the jail for the first time.
slackbox# ifconfig rl0 inet alias 192.168.0.100/32 slackbox# cd /usr/local/var/jails/192.168.0.100 slackbox# jail /usr/local/var/jails/192.168.0.100 server.erewhon.net 192.168.0.100 /bin/csh
In the jail, sysinstall(8) is used to set the root password. Additionally, I’ve added a user named ‘rsmith’ as a member of the wheel group, and with /bin/tcsh as default shell.
After use, the jail is destroyed by logging out of the started program. To completely remove everything associated with the jail, unmount the devfs instance and remove the alias from the network interface.
To start up a virtual server in the jail, run;
slackbox# ifconfig rl0 inet alias 192.168.0.100/32 slackbox# mount -t devfs devfs /usr/local/var/jails/192.168.1.1/dev slackbox# cd /usr/local/var/jails/192.168.0.100 slackbox# jail /usr/local/var/jails/192.168.0.100 server.erewhon.net 192.168.0.100 /bin/sh /etc/rc
To close a jail, use
jail -r to kill all processes in the jail. Then unmount
the devfs instance used in the jail, and remove the alias from the network device.
- Using the rc scripts to start a virtual server in a jail
- Using nullfs and unionfs for the ports tree in a jail