pavement

Ezjail

From FreeBSDwiki
(Difference between revisions)
Jump to: navigation, search
(Accessing hardware)
(Configuring cleared up confusion)
Line 9: Line 9:
 
  % ezjail-admin install -msp
 
  % ezjail-admin install -msp
  
In order to update the base through quick binary, and ports:
+
In order to update the basejail through quick binary, and ports:
 
  % ezjail-admin update -uP
 
  % ezjail-admin update -uP
  
Line 18: Line 18:
  
 
==Configuring==
 
==Configuring==
 +
The custom configuration for each jail is in ''/usr/local/etc/ezjail/myjail'', and it it's jailed ''/etc'' directory. Pre-setup of jails can be configured in ''/usr/local/etc/ezjail.conf''. The text in these two files are similar except one lacks the the term ''export''.
 +
 +
===Network===
 
  % ifconfig wlan0 alias 192.168.1.20 netmask 0xffffff00 broadcast 192.168.1.255
 
  % ifconfig wlan0 alias 192.168.1.20 netmask 0xffffff00 broadcast 192.168.1.255
 
To enable ezjail and its network connection, add to ''rc.conf'':
 
To enable ezjail and its network connection, add to ''rc.conf'':
Line 29: Line 32:
 
Your created jailname file in the directory ''/usr/local/etc/ezjail/'' is where options can be set:
 
Your created jailname file in the directory ''/usr/local/etc/ezjail/'' is where options can be set:
 
  export jail_jailname_parameters="allow.raw_sockets=1"  # This allows network programs including ping to be used from the jail
 
  export jail_jailname_parameters="allow.raw_sockets=1"  # This allows network programs including ping to be used from the jail
 +
 +
===Accessing hardware===
 +
To access /dev files from the jail, take a look at the following line in ''/usr/local/etc/ezjail/myjail'' :
 +
export ezjail_devfs_ruleset="devfsrules_jail"
 +
 +
Now, take a look at the base-system's file ''/etc/defaults/devfs.rules'' for context, but don't edit it. In this file, '''[devfsrules_jail]''' refers to '''export ezjail_devfs_ruleset="devfsrules_jail"''' in the personalized ''devfs.rules'' file. To create custom rules, copy devfs.rules to the appropriate location then edit it, and individual rules may be added after [devfsrules_jail]
 +
 +
(accessing X display from jail not solved)
  
 
===Filesystems===
 
===Filesystems===
Line 53: Line 64:
 
  % ezjail-admin archive myjail
 
  % ezjail-admin archive myjail
 
  % ls /usr/jails/ezjail-archives/
 
  % ls /usr/jails/ezjail-archives/
 
==Accessing hardware==
 
To access /dev files from the jail, take a look at the following line in ''/usr/local/etc/ezjail/myjail'' :
 
export ezjail_devfs_ruleset="devfsrules_jail"
 
 
Now, take a look at the base-system's file ''/etc/defaults/devfs.rules'' for context, but don't edit it. In this file, '''[devfsrules_jail]''' refers to '''export ezjail_devfs_ruleset="devfsrules_jail"''' in the personalized ''devfs.rules'' file. To create custom rules, copy devfs.rules to the appropriate location then edit it.
 
 
Individual rules may be added after [devfsrules_jail] inside ''/usr/local/etc/devfs.rules''.
 
 
For pre-setup of jails, take a look at the file based on your created jail ''/usr/local/etc/ezjail.conf'' for the associated line:
 
jail_qt4_devfs_ruleset="devfsrules_jail"
 
 
(accessing X display from jail not solved)
 
  
 
==See also==
 
==See also==
Line 73: Line 71:
 
* [http://www.bsdnow.tv/tutorials/jails BSD Now: Everything you need to know about Jails]
 
* [http://www.bsdnow.tv/tutorials/jails BSD Now: Everything you need to know about Jails]
 
* [https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails-ezjail.html FreeBSD Handbook: Managing Jails with ezjail]
 
* [https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails-ezjail.html FreeBSD Handbook: Managing Jails with ezjail]
 +
* [http://www.freebsddiary.org/ezjail.php The FreeBSD Diary: ezjail - A jail administration framework]
 
* filesystem documentation
 
* filesystem documentation
 
* Network Administration with FreeBSD 7 (2008)
 
* Network Administration with FreeBSD 7 (2008)

Revision as of 23:46, 7 March 2015

Ezjail is much easier to install and configure than using the sole program jail.

Contents

Installing and updating

Install ezjail:

% cd /usr/ports/sysutils/ezjail
% make install clean

Then create the basejail, manpages, source and ports tree in the basejail:

% ezjail-admin install -msp

In order to update the basejail through quick binary, and ports:

% ezjail-admin update -uP

For a better understanding of the options, type:

% man ezjail
% man ezjail-admin
  • Note: the -s flag has a different function when using the options install and update.

Configuring

The custom configuration for each jail is in /usr/local/etc/ezjail/myjail, and it it's jailed /etc directory. Pre-setup of jails can be configured in /usr/local/etc/ezjail.conf. The text in these two files are similar except one lacks the the term export.

Network

% ifconfig wlan0 alias 192.168.1.20 netmask 0xffffff00 broadcast 192.168.1.255

To enable ezjail and its network connection, add to rc.conf:

% ifconfig_wlan0_alias0="inet 192.168.1.20 netmask 0xffffff00 broadcast 192.168.1.255"
% cloned_interfaces="${cloned_interfaces} lo1"
% ezjail_enable="YES"
% ezjail-admin create myjail 192.168.1.20
% cp /etc/resolv.conf /usr/jails/myjail/etc/

Your created jailname file in the directory /usr/local/etc/ezjail/ is where options can be set:

export jail_jailname_parameters="allow.raw_sockets=1"  # This allows network programs including ping to be used from the jail

Accessing hardware

To access /dev files from the jail, take a look at the following line in /usr/local/etc/ezjail/myjail :

export ezjail_devfs_ruleset="devfsrules_jail"

Now, take a look at the base-system's file /etc/defaults/devfs.rules for context, but don't edit it. In this file, [devfsrules_jail] refers to export ezjail_devfs_ruleset="devfsrules_jail" in the personalized devfs.rules file. To create custom rules, copy devfs.rules to the appropriate location then edit it, and individual rules may be added after [devfsrules_jail]

(accessing X display from jail not solved)

Filesystems

Jail uses the module nullfs; it may be quickloaded or compiled into the kernel:

% kldload nullfs
% echo 'nullfs_load="YES"' >> /etc/rc.conf
options   NULLFS

Starting

% ezjail-admin start
  • restart, stop, startcrypto, and stopcrypto are other options

To see your jail and log in to it type:

% ezjail-admin list
% ezjail-admin console myjail

Once inside the jail, configure your date, and network settings similarly to how its done in the root operating system.

From outside the jail, the program jexec may run a program from inside the jail:

% jexec myjail program

Archiving a jail

% ezjail-admin stop myjail
% ezjail-admin archive myjail
% ls /usr/jails/ezjail-archives/

See also

References

Personal tools