Ezjail
(→Accessing hardware) |
(→Accessing hardware: corrections clean up) |
||
| Line 52: | Line 52: | ||
==Accessing hardware== | ==Accessing hardware== | ||
| − | To access /dev files from the jail, adjust the following line in ''/usr/local/etc/ | + | To access /dev files from the jail, adjust the following line in ''/usr/local/etc/ezjail.conf'', or in ''/usr/local/etc/ezjail/myjail'', both in the base-system: |
ezjail_devfs_ruleset="devfsrules_jail" | ezjail_devfs_ruleset="devfsrules_jail" | ||
| − | Individual rules may be added after [devfsrules_jail] inside | + | Individual rules may be added after [devfsrules_jail] inside these files. |
Take a look at the base-system's file ''/etc/defaults/devfs.rules'' for context, but don't edit it. In this file, '''[devfsrules_jail]''' refers to '''ezjail_devfs_ruleset="devfsrules_jail"''' in the personalized ''devfs.rules'' file. | Take a look at the base-system's file ''/etc/defaults/devfs.rules'' for context, but don't edit it. In this file, '''[devfsrules_jail]''' refers to '''ezjail_devfs_ruleset="devfsrules_jail"''' in the personalized ''devfs.rules'' file. | ||
Revision as of 23:03, 6 March 2015
Ezjail is much easier to install and configure than using the sole program jail.
Contents |
Installing and updating
Install ezjail:
% cd /usr/ports/sysutils/ezjail % make install clean
Then create the basejail, manpages, source and ports tree in the basejail:
% ezjail-admin install -msp
In order to update the base through quick binary, and ports:
% ezjail-admin update -uP
For a better understanding of the options, type:
% man ezjail % man ezjail-admin
- Note: the -s flag has a different function when using the options install and update.
Configuring
% ifconfig wlan0 alias 192.168.1.20 netmask 0xffffff00 broadcast 192.168.1.255
To enable ezjail and its network connection, add to rc.conf:
% ifconfig_wlan0_alias0="inet 192.168.1.20 netmask 0xffffff00 broadcast 192.168.1.255"
% cloned_interfaces="${cloned_interfaces} lo1"
% ezjail_enable="YES"
% ezjail-admin create myjail 192.168.1.20 % cp /etc/resolv.conf /usr/jails/myjail/etc/
Your created jailname file in the directory /usr/local/etc/ezjail/ is where options can be set:
export jail_jailname_parameters="allow.raw_sockets=1" # This allows network programs including ping to be used from the jail
Filesystems
Jail uses the module nullfs; it may be quickloaded or compiled into the kernel:
% kldload nullfs % echo 'nullfs_load="YES"' >> /etc/rc.conf
options NULLFS
Starting
% ezjail-admin start
- restart, stop, startcrypto, and stopcrypto are other options
To see your jail and log in to it type:
% ezjail-admin list % ezjail-admin console myjail
Once inside the jail, configure your date, and network settings similarly to how its done in the root operating system.
Archiving a jail
% ezjail-admin stop myjail % ezjail-admin archive myjail % ls /usr/jails/ezjail-archives/
Accessing hardware
To access /dev files from the jail, adjust the following line in /usr/local/etc/ezjail.conf, or in /usr/local/etc/ezjail/myjail, both in the base-system:
ezjail_devfs_ruleset="devfsrules_jail"
Individual rules may be added after [devfsrules_jail] inside these files.
Take a look at the base-system's file /etc/defaults/devfs.rules for context, but don't edit it. In this file, [devfsrules_jail] refers to ezjail_devfs_ruleset="devfsrules_jail" in the personalized devfs.rules file.
See also
- Jail Facility - mentions ezjail alternative qjail
References
- BSD Now: Everything you need to know about Jails
- FreeBSD Handbook: Managing Jails with ezjail
- filesystem documentation
- Network Administration with FreeBSD 7 (2008)
