Ezjail

Ezjail is much easier to install and configure than using the sole program jail.

Contents 1 Installing and updating 2 Configuring 2.1 Filesystems 3 Starting 4 Archiving a jail 5 Accessing hardware 6 See also 7 References

Installing and updating

Install ezjail:

% cd /usr/ports/sysutils/ezjail
% make install clean

Then create the basejail, manpages, source and ports tree in the basejail:

% ezjail-admin install -msp

In order to update the base through quick binary, and ports:

% ezjail-admin update -uP

For a better understanding of the options, type:

% man ezjail
% man ezjail-admin

• Note: the -s flag has a different function when using the options install and update.

Configuring

% ifconfig wlan0 alias 192.168.1.20 netmask 0xffffff00 broadcast 192.168.1.255

To enable ezjail and its network connection, add to rc.conf:

% ifconfig_wlan0_alias0="inet 192.168.1.20 netmask 0xffffff00 broadcast 192.168.1.255"
% cloned_interfaces="${cloned_interfaces} lo1"
% ezjail_enable="YES"

% ezjail-admin create myjail 192.168.1.20
% cp /etc/resolv.conf /usr/jails/myjail/etc/

Your created jailname file in the directory /usr/local/etc/ezjail/ is where options can be set:

export jail_jailname_parameters="allow.raw_sockets=1"  # This allows network programs including ping to be used from the jail

Filesystems

Jail uses the module nullfs; it may be quickloaded or compiled into the kernel:

% kldload nullfs
% echo 'nullfs_load="YES"' >> /etc/rc.conf

options   NULLFS

Starting

% ezjail-admin start

• restart, stop, startcrypto, and stopcrypto are other options

To see your jail and log in to it type:

% ezjail-admin list
% ezjail-admin console myjail

Once inside the jail, configure your date, and network settings similarly to how its done in the root operating system.

Archiving a jail

% ezjail-admin stop myjail
% ezjail-admin archive myjail
% ls /usr/jails/ezjail-archives/

Accessing hardware

To access /dev files from the jail, take a look at the following line in /usr/local/etc/ezjail.conf in the base-system:

ezjail_devfs_ruleset="devfsrules_jail"

Now, take a look at the base-system's file /etc/defaults/devfs.rules for context, but don't edit it. In this file, [devfsrules_jail] refers to ezjail_devfs_ruleset="devfsrules_jail" in the personalized devfs.rules file. To create custom rules, copy devfs.rules to /usr/local/etc then edit it.

Individual rules may be added after [devfsrules_jail] inside /usr/local/etc/devfs.rules.

For customizing a jail individually, take a look at the file based on your created jail /usr/local/etc/ezjail/myjail for the associated line:

export jail_qt4_devfs_ruleset="devfsrules_jail"

See also

• Jail Facility - mentions ezjail alternative qjail

References

• BSD Now: Everything you need to know about Jails
• FreeBSD Handbook: Managing Jails with ezjail
• filesystem documentation
• Network Administration with FreeBSD 7 (2008)