Roland's homepage

My random knot in the Web

Creating a virtual server on FreeBSD with a jail

After Virtualbox crashed my machine, I decided to try my hand at building a virtual server using FreeBSD’s jail facility.

First, I created a directory to serve as the root directory for my jail;

slackbox# mkdir -p /usr/local/var/jails/

Then I built the FreeBSD base system, so I could install it in the jail. Were I to build multiple jails, I’d probably use ezjail.

slackbox# cd /usr/src
slackbox# make buildworld
slackbox# mount -u -o exec /tmp
slackbox# make installworld DESTDIR=/usr/local/var/jails/
slackbox# make distribution DESTDIR=/usr/local/var/jails/
slackbox# du -csm /usr/local/var/jails/
184 /usr/local/var/jails/

An empty /etc/fstab file is needed because the filesystems on the host are already mounted. Mounting filessystems in jails is disallowed by default. This can be changed by supplying the parameter allow.mount=1 to the jail command.

slackbox# touch /usr/local/var/jails/

The jail will need some device nodes. The following is a way to create them.

slackbox# mount -t devfs devfs /usr/local/var/jails/
slackbox# devfs -m /usr/local/var/jails/ ruleset 4
slackbox# devfs -m /usr/local/var/jails/ rule applyset

Also you don’t want to have a actual kernel, so just link it to /dev/null.

slackbox# cd /usr/local/var/jails/; ln -sf ../../dev/null kernel

Some files need to be set up in the jail;

slackbox# cat /usr/local/var/jails/
# /etc/rc.conf
# Local configuration for
# Hostname and ip-adres are set by the jail.
# Only expose the basic necessary devices in a jail.
# Quell warnings about network interfaces.
# Run the secure shell daemon.
# Do not run sendmail
# Do not run the port mapper.

slackbox# cat /usr/local/var/jails/

Now it is time to start the jail for the first time.

slackbox# ifconfig rl0 inet alias
slackbox# cd /usr/local/var/jails/
slackbox# jail /usr/local/var/jails/ /bin/csh

In the jail, sysinstall(8) is used to set the root password. Additionally, I’ve added a user named ‘rsmith’ as a member of the wheel group, and with /bin/tcsh as default shell.

After use, the jail is destroyed by logging out of the started program. To completely remove everything associated with the jail, unmount the devfs instance and remove the alias from the network interface.

To start up a virtual server in the jail, run;

slackbox# ifconfig rl0 inet alias
slackbox# mount -t devfs devfs /usr/local/var/jails/
slackbox# cd /usr/local/var/jails/
slackbox# jail /usr/local/var/jails/ /bin/sh /etc/rc

To close a jail, use jail -r to kill all processes in the jail. Then unmount the devfs instance used in the jail, and remove the alias from the network device.

For comments, please send me an e-mail.

Related articles

←  Using the rc scripts to start a virtual server in a jail Defining command completions for tcsh  →