/etc/jail.conf documentation?

krad kraduk at gmail.com
Thu Oct 29 12:17:18 UTC 2015 

here is an extract from one of my jail configs which shows a few other
things to play with. Remember vnet and pf dont play at present.


     # Typical static defaults:
     # Use the rc scripts to start and stop jails.  Mount jail's /dev.
     exec.start = "/bin/sh /etc/rc";
     exec.stop = "/bin/sh /etc/rc.shutdown";
     exec.clean;
     mount.devfs;


     # Dynamic wildcard parameter:
     # Base the path off the jail name.
     path = "/jails/$name";


     emby {
             host.hostname = "emby.intranet";
             vnet.interface = emby_a;
             vnet;
             exec.prestart  = "ifconfig emby_a destroy || true ";
             exec.prestart  += "ifconfig emby_b destroy || true";
             exec.prestart  += "ifconfig epair8 create up";
             exec.prestart  += "ifconfig epair8a name emby_a";
             exec.prestart  += "ifconfig epair8b name emby_b";
             exec.prestart  += "ifconfig emby_b up";
             exec.prestart  += "ifconfig bridge0 addm emby_b";
             exec.prestart  += "ifconfig emby_a ether 02:ff:25:fc:05:da";
             exec.prestart  += " df | grep -q  /jails/emby/videos ||  mount
-t nullfs -o rw /videos /jails/emby/videos/";
             exec.poststop  = "ifconfig emby_a destroy";
             exec.poststop  += "ifconfig emby_b destroy";
             exec.poststop += "/sbin/umount /jails/emby/videos || true ";
             exec.start += "/sbin/dhclient emby_a";
             exec.start += "ifconfig emby_a inet6 accept_rtadv";
             exec.start += "/etc/rc.d/rtsold start";
        }


On 28 October 2015 at 20:43, Valeri Galtsev <galtsev at kicp.uchicago.edu>
wrote:

>
> On Wed, October 28, 2015 3:28 pm, Mark Felder wrote:
> >
> >
> > On Wed, Oct 28, 2015, at 10:59, Valeri Galtsev wrote:
> >> Dear All,
> >>
> >> Can someone recommend something similar to FreeBSD handbook that
> >> describes
> >> building jails for newer systems meaning /etc/jail.conf as opposed to
> >> /etc/rc.conf which handbook currently has in its jails chapter. I still
> >> have all jail configurations on 9.3 boxes in /etc/rc.conf, but it is
> >> time
> >> to build 10.x production boxes, and do things modern way (implying
> >> /etc/jail.conf). I still intend to keep building jails "old fashion way"
> >> as described in handbook, as opposed to using tools "ezjail" or similar.
> >>
> >> Thanks for all your advises!
> >>
> >> Valeri
> >>
> >> PS I know I can always use UNIX way of getting information, like
> >>
> >> man jail.conf
> >>
> >> , still...
> >>
> >
> > Hi Valeri,
> >
> > It's simpler than you think. Your /etc/jail.conf can be as simple as:
> >
> > exec.start = "/bin/sh /etc/rc";
> > exec.stop = "/bin/sh /etc/rc.shutdown";
> > exec.clean;
> > mount.devfs;
> >
> > path = /zroot/jails/$name;
> >
> > myjail{
> >     host.hostname = "myjail.local";
> >     ip4.addr = 192.168.1.5;
> > }
> >
>
> Mark, thanks a lot! I already have it running; I have a couple more I'm
> sure I need to have:
>
> allow.set_hostname = 0;
> allow.sysvipc = 0;
>
> but I definitely didn't have
>
> exec.stop = "/bin/sh /etc/rc.shutdown";
>
> which seems to be really beneficial for jail "clean shutdown" akin we do
> when we shut down real system.
>
> Thanks!
>
> Valeri
>
> > You can add more options to the jail as required. Look at jail(8) man
> > page instead of jail.conf(5) which lists the format, but not the
> > options. I think this is kind of backwards myself, but I wasn't involved
> > in these docs.
> >
> > Now you can do "service jail start myjail" it will just work. :-)
> >
> >
> > --
> >   Mark Felder
> >   ports-secteam member
> >   feld at FreeBSD.org
> > _______________________________________________
> > freebsd-questions at freebsd.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to
> > "freebsd-questions-unsubscribe at freebsd.org"
> >
>
>
> ++++++++++++++++++++++++++++++++++++++++
> Valeri Galtsev
> Sr System Administrator
> Department of Astronomy and Astrophysics
> Kavli Institute for Cosmological Physics
> University of Chicago
> Phone: 773-702-4247
> ++++++++++++++++++++++++++++++++++++++++
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
>

More information about the freebsd-questions mailing list