Jail problems

[Melvyn Sopacua]

On Monday 05 April 2004 17:07, Ivan Voras wrote:
> Kirk Strauser wrote:
> > At 2004-04-05T14:12:17Z, Ivan Voras <ivoras at fer.hr> writes:
> >>This is probably something big and obvious I'm missing, but what?
> >
> > What version of FreeBSD are you using?  If 5.x, do you have /dev mounted
> > inside each jail?
>
> You're right! I mis-mounted /dev! That, and some fiddling around solved the
> problems, thanks!

Maybe the attached makejail.sh script helps:
1) put it in /usr/src
2) create a /usr/src/ports-jail.sh which simply installs a default set of 
ports (in our case postfix/apache/php and the excellent 'jailer' port).
3) if needed, create an rc.conf.jail in /etc/ which sets some sensible default 
options (recent work done in the rc system could make this obsolete)
4) if needed create /etc/jailpatches/patch-login.conf - in our case it creates 
the 'standard' class, with more restrictive defaults.
5) You also need "/sbin/mount_jaildev":
##!/bin/sh

. /etc/rc.subr

jail_root=$1
if [ -z "$2" ]; then
        jail_ruleset=devfsrules_jail
else
        jail_ruleset=$2
fi
devfs_rulesets="/etc/defaults/devfs.rules /etc/devfs.rules"

devfs_mount_jail $jail_root $jail_ruleset

-- 
Melvyn

=======================================================
FreeBSD sarevok.webteckies.org 5.2-CURRENT FreeBSD 5.2-CURRENT #3: Sun Apr  4 
02:24:06 CEST 2004     
root at sarevok.webteckies.org:/usr/obj/usr/src/sys/SAREVOK_NOAPM_NODEBUG  i386
=======================================================
-------------- next part --------------
#!/bin/sh

JAILROOT=/jail
IP=$1
CP='cp -v'
if [ -z "$2" ]; then
        TESTIP=$IP
else
        TESTIP=$2
fi

usage () {
        echo $0 IP [TESTIP]
        echo 'Make a jail distribution for IP'
	echo 'If TESTIP is given, it is used to startup the jail and do'
	echo 'the final configurations.'
        exit
}

doit () {
        echo ''
        echo '---> ' $*
        echo ''
        eval "$*"
}

[ -z "$IP" ] && usage

D="${JAILROOT}/${IP}"
doit mkdir -p ${D}
doit cd /usr/src
make hierarchy DESTDIR=${D}
make obj
make depend
make all
make install DESTDIR=${D}
doit cd etc
make distribution DESTDIR=${D} -DNO_MAKEDEV_RUN
doit mount_jaildev ${D}/dev devfsrules_jail
doit cd ${D}
doit ln -fs dev/null kernel
doit cp -Rfp /usr/ports ${D}/usr/
${CP} /usr/src/ports-jail.sh ${D}/usr/ports/
doit chmod ugo+x ${D}/usr/ports/ports-jail.sh
${CP} /etc/resolv.conf ${D}/etc/
doit touch ${D}/etc/fstab
${CP} /etc/make.conf ${D}/etc/
doit ${CP} /etc/rc.conf.jail ${D}/etc/rc.conf
doit perl -pi.bak -e "\"s/^#ListenAddress 0\.0\.0\.0.*\$/ListenAddress ${IP}/\"" ${D}/etc/ssh/sshd_config
doit ${CP} /root/.profile /root/.bashrc /root/.shrc ${D}/root/
if [ -f /etc/jailpatches/patch-login.conf ]; then
	echo Fixing login.conf
	cd ${D}/etc
	patch < /etc/jailpatches/patch-login.conf
	cap_mkdb ${D}/etc/login.conf
fi
cd ${D}
ln -vfs usr/home home
doit jail ${D} jail-${IP}.idg.nl ${TESTIP} /usr/ports/ports-jail.sh