Ezjail

Revision as of 19:25, 6 March 2015 (view source) Sidetone (Talk | contribs) (→See also) ← Older edit		Revision as of 22:48, 6 March 2015 (view source) Sidetone (Talk | contribs) (→Accessing hardware) Newer edit →
Line 50:		Line 50:
	% ezjail-admin archive myjail		% ezjail-admin archive myjail
	% ls /usr/jails/ezjail-archives/		% ls /usr/jails/ezjail-archives/
		+
		+	==Accessing hardware==
		+	To access /dev files from the jail, adjust the following line in ''/usr/local/etc/devfs.rules'' in the base-system, or in /etc/devfs.rules inside the jail:
		+	ezjail_devfs_ruleset="devfsrules_jail"
		+	The context used is in sections, such as [devfsrules_jail], inside  ''/etc/defaults/devfs.rules'', however, don't edit ''/etc/defaults'' files.
		+
		+	Individual rules may be added after [devfsrules_jail] inside the jail's ''/etc/devfs.rules'' file.
	==See also==		==See also==

---

Revision as of 22:48, 6 March 2015

Ezjail is much easier to install and configure than using the sole program jail.

Contents 1 Installing and updating 2 Configuring 2.1 Filesystems 3 Starting 4 Archiving a jail 5 Accessing hardware 6 See also 7 References

Installing and updating

Install ezjail:

% cd /usr/ports/sysutils/ezjail
% make install clean

Then create the basejail, manpages, source and ports tree in the basejail:

% ezjail-admin install -msp

In order to update the base through quick binary, and ports:

% ezjail-admin update -uP

For a better understanding of the options, type:

% man ezjail
% man ezjail-admin

• Note: the -s flag has a different function when using the options install and update.

Configuring

% ifconfig wlan0 alias 192.168.1.20 netmask 0xffffff00 broadcast 192.168.1.255

To enable ezjail and its network connection, add to rc.conf:

% ifconfig_wlan0_alias0="inet 192.168.1.20 netmask 0xffffff00 broadcast 192.168.1.255"
% cloned_interfaces="${cloned_interfaces} lo1"
% ezjail_enable="YES"

% ezjail-admin create myjail 192.168.1.20
% cp /etc/resolv.conf /usr/jails/myjail/etc/

Your created jailname file in the directory /usr/local/etc/ezjail/ is where options can be set:

export jail_jailname_parameters="allow.raw_sockets=1"  # This allows network programs including ping to be used from the jail

Filesystems

Jail uses the module nullfs; it may be quickloaded or compiled into the kernel:

% kldload nullfs
% echo 'nullfs_load="YES"' >> /etc/rc.conf

options   NULLFS

Starting

% ezjail-admin start

• restart, stop, startcrypto, and stopcrypto are other options

To see your jail and log in to it type:

% ezjail-admin list
% ezjail-admin console myjail

Once inside the jail, configure your date, and network settings similarly to how its done in the root operating system.

Archiving a jail

% ezjail-admin stop myjail
% ezjail-admin archive myjail
% ls /usr/jails/ezjail-archives/

Accessing hardware

To access /dev files from the jail, adjust the following line in /usr/local/etc/devfs.rules in the base-system, or in /etc/devfs.rules inside the jail:

ezjail_devfs_ruleset="devfsrules_jail"

The context used is in sections, such as [devfsrules_jail], inside /etc/defaults/devfs.rules, however, don't edit /etc/defaults files.

Individual rules may be added after [devfsrules_jail] inside the jail's /etc/devfs.rules file.

See also

• Jail Facility - mentions ezjail alternative qjail

References

• BSD Now: Everything you need to know about Jails
• FreeBSD Handbook: Managing Jails with ezjail
• filesystem documentation