/etc/jail.conf documentation?

Thu Oct 29 08:50:34 UTC 2015

On 28/10/2015 20:43, Valeri Galtsev wrote:
>
> On Wed, October 28, 2015 3:28 pm, Mark Felder wrote:
>>
>>
>> On Wed, Oct 28, 2015, at 10:59, Valeri Galtsev wrote:
>>> Dear All,
>>>
>>> Can someone recommend something similar to FreeBSD handbook that
>>> describes
>>> building jails for newer systems meaning /etc/jail.conf as opposed to
>>> /etc/rc.conf which handbook currently has in its jails chapter. I still
>>> have all jail configurations on 9.3 boxes in /etc/rc.conf, but it is
>>> time
>>> to build 10.x production boxes, and do things modern way (implying
>>> /etc/jail.conf). I still intend to keep building jails "old fashion way"
>>> as described in handbook, as opposed to using tools "ezjail" or similar.
>>>
>>> Thanks for all your advises!
>>>
>>> Valeri
>>>
>>> PS I know I can always use UNIX way of getting information, like
>>>
>>> man jail.conf
>>>
>>> , still...
>>>
>>
>> Hi Valeri,
>>
>> It's simpler than you think. Your /etc/jail.conf can be as simple as:
>>
>> exec.start = "/bin/sh /etc/rc";
>> exec.stop = "/bin/sh /etc/rc.shutdown";
>> exec.clean;
>> mount.devfs;
>>
>> path = /zroot/jails/$name;
>>
>> myjail{
>>      host.hostname = "myjail.local";
>>      ip4.addr = 192.168.1.5;
>> }
>>
>
> Mark, thanks a lot! I already have it running; I have a couple more I'm
> sure I need to have:
>
> allow.set_hostname = 0;
> allow.sysvipc = 0;
>
> but I definitely didn't have
>
> exec.stop = "/bin/sh /etc/rc.shutdown";
>
> which seems to be really beneficial for jail "clean shutdown" akin we do
> when we shut down real system.
>

If you use nullfs or unionfs in creating your jails, be aware of this bug

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=186360

There's a work around in the later comments that works fine.

-- 
Moore's Law of Mad Science: Every eighteen months, the minimum IQ
necessary to destroy the world drops by one point.