FreeBSD Jails


FreeBSD Jail is nothing but OS-level virtualization that allows partitioning a system into several independent mini-systems. These mini-systems are called Jails, a jail could be a complete jail that resembles the whole system or a service jail that is created for specific services such as web server, database server, etc.

The process of building jails will be the same for both kinds of jails. While creating complete jails you have two options you can create it by using binaries or sources.

FreeBSD Jails have their own root user and access right. Jails were introduced in the FreeBSD 4.x by Paul Henning Kamp. In this article, we will show how to create and deploy jails in FreeBSD.

Update your FreeBSD system

Before you start creating or deploying FreeBSD jails make sure your kernel and base system is up to date. Use the given command to fetch the system updates –

freebsd-update fetch

Next, use the given command to apply all outstanding base OS security upgrades to your system.

freebsd-update install

How to Install ezjail on FreeBSD

The ezjail tool automates and simplifies many of the jail tasks. For creating and managing jails using ezjail you need to install it in your system. Use the following command to install ezjail on freebsd.

Change the current directory to ports directory

cd /usr/ports/sysutils/ezjail

and the use-

make install clean

Now open the file /etc/rc.conf and add the given like to start ezjail at boot time.

ezjail_enable="YES"

Start the ezjail service using –

service ezjail start

How to create a base jail template

The ezjail-admin utility is used to manage the ezjail environment and jails created. Use the given command to create or update ezjail’s environment from the source –

ezjail-admin install

You can also specify the mirror location using the option -h as follows –

ezjail-admin install -h http://ftp.freebsd.org

You can edit /usr/local/etc/ezjail.conf to set the mirror location –

# Set mirror which is nearest to you #
ezjail_ftphost=ftp://ftp5.tw.freebsd.org

The above command will populate the jail with FreeBSD-RELEASE now to populate the jail with installworld use –

ezjail-admin update -p -i

Where,

  • -p – Provide ports for jail.
  • -i – Do not run make world. This will save time and it will use the existing buildworld done

Create a cloned loopback interface

Create another loopback interface lo1 by using the given command to keep jail loopback traffic off the host’s loopback network interface.

echo 'cloned_interfaces="lo1"' >> /etc/rc.conf
## Restart netif ##
service netif cloneup

You can verify the created interface using the given command.

ifconfig

How do I start all jails

You can use the given command to start all the jails that you have created.

/usr/local/etc/rc.d/ezjail start

How do I stop all Jails

Now if you want to stop the running jails then you can use the given commands.

# /usr/local/etc/rc.d/ezjail stop

How to start or stop a specific jail

You can use the given command to start a specific jail –

/usr/local/etc/rc.d/ezjail {start/stop/restart} jail_name

For example –

To start a jail name httpd use –

/usr/local/etc/rc.d/ezjail start httpd

How to display the list of all jails

By using the given command you can list all the jails on a system

jls

OR

ezjail-admin list

Conclusion

I hope now you understand how to create and deploy a jail in FreeBSD. Now if you have a query then write us in the comments below.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.