Ezjail
From FreeBSDwiki
(Difference between revisions)
(ezjail) |
|||
| Line 1: | Line 1: | ||
| − | Ezjail is much easier to install and configure than using the sole program jail. | + | Ezjail is much easier to install and configure than using the sole program [[jails|jail]]. |
==Installing and updating== | ==Installing and updating== | ||
| Line 50: | Line 50: | ||
% ezjail-admin archive myjail | % ezjail-admin archive myjail | ||
% ls /usr/jails/ezjail-archives/ | % ls /usr/jails/ezjail-archives/ | ||
| + | |||
| + | ==See also== | ||
| + | * [[Jail Facility]] - uses ezjail alternative ''qjail'' | ||
==References== | ==References== | ||
| Line 55: | Line 58: | ||
* [https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails-ezjail.html FreeBSD Handbook: Managing Jails with ezjail] | * [https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails-ezjail.html FreeBSD Handbook: Managing Jails with ezjail] | ||
* filesystem documentation | * filesystem documentation | ||
| + | |||
| + | [[Category:Securing FreeBSD]] | ||
| + | [[Category:FreeBSD for Servers]] | ||
| + | [[Category:Configuring FreeBSD]] | ||
Revision as of 19:14, 6 March 2015
Ezjail is much easier to install and configure than using the sole program jail.
Contents |
Installing and updating
Install ezjail:
% cd /usr/ports/sysutils/ezjail % make install clean
Then create the basejail, manpages, source and ports tree in the basejail:
% ezjail-admin install -msp
In order to update the base through quick binary, and ports:
% ezjail-admin update -uP
For a better understanding of the options, type:
% man ezjail % man ezjail-admin
- Note: the -s flag has a different function when using the options install and update.
Configuring
% ifconfig wlan0 alias 192.168.1.20 netmask 0xffffff00 broadcast 192.168.1.255
To enable ezjail and its network connection, add to rc.conf:
% ifconfig_wlan0_alias0="inet 192.168.1.20 netmask 0xffffff00 broadcast 192.168.1.255"
% cloned_interfaces="${cloned_interfaces} lo1"
% ezjail_enable="YES"
% ezjail-admin create myjail 192.168.1.20 % cp /etc/resolv.conf /usr/jails/myjail/etc/
Your created jailname file in the directory /usr/local/etc/ezjail/ is where options can be set:
export jail_jailname_parameters="allow.raw_sockets=1" # This allows network programs including ping to be used from the jail
Filesystems
Jail uses the module nullfs; it may be quickloaded or compiled into the kernel:
% kldload nullfs % echo 'nullfs_load="YES"' >> /etc/rc.conf
options NULLFS
Starting
% ezjail-admin start
- restart, stop, startcrypto, and stopcrypto are other options
To see your jail and log in to it type:
% ezjail-admin list % ezjail-admin console myjail
Once inside the jail, configure your date, and network settings similarly to how its done in the root operating system.
Archiving a jail
% ezjail-admin stop myjail % ezjail-admin archive myjail % ls /usr/jails/ezjail-archives/
See also
- Jail Facility - uses ezjail alternative qjail
References
- BSD Now: Everything you need to know about Jails
- FreeBSD Handbook: Managing Jails with ezjail
- filesystem documentation
