Fwd: Prototyping for basejail distribuition

Ricardo A. Reis ricardo_bsd at yahoo.com.br
Fri Apr 21 19:39:12 UTC 2006 


------- Forwarded message -------
From: "Ricardo A. Reis" <ricardo_bsd at yahoo.com.br>
To: "freebsd-security at freebsd.org" <freebsd-security at freebsd.org>
Cc: "freebsd-current at freebsd.org" <freebsd-current at freebsd.org>
Subject: Prototyping for basejail distribuition
Date: Thu, 13 Apr 2006 17:21:38 -0300


Hi,

I attach 2 files in this email, the first is a Makefile and the second is
jail.conf.
For demonstre my idea i resolved create one "Pseudo Prototyping", for test
is necessary:

1 - Create dir /usr/local/basejail
2 - Copy Makefile to /usr/local/basejail
3 - Copy jail.conf to /etc
4 - The initial basejail is precompiled is distributed in CD1,
for simular basejail is necessary a installworld structure in
/usr/local/basejail
cd /usr/src ; make installworld DESTDIR=/usr/local/basejail

Now is necessary config jail.conf,

-----
#sample template for create freebsd jail
#
# RC.CONF GLOBAL VARIABLES
#
exec_start="/bin/sh /etc/rc"
exec_stop="/bin/sh /etc/rc.shutdown"
devfs_enable="NO"
fdescfs_enable="NO"
procfs_enable="NO"
mount_enable="NO"
devfs_ruleset="ruleset_name"
flags="-l -U root"
#
# JAIL RC.CONF
#
sendmail_enable="NO"
inetd_flags="-wW -a"
rpcbind_enable="NO"
network_interfaces=""
#
# FILES
#
copy_to_jail="/etc/localtime /etc/resolv.conf /etc/csh.cshrc
/etc/csh.login"
#
# JAILS
#
jail_node01_rootdir="/usr/jail/node01"
jail_node01_hostname="node01.example.com"
jail_node01_ip="127.0.0.1 "

jail_node02_rootdir="/usr/jail/node02"
jail_node02_hostname="node02.example.com"
jail_node02_ip="127.0.0.2 "
-------
In this moment is possible create large numbers of jail, i
implemente in makefile,

[root at daemon:/usr/local/basejail] # make

>>> Sample in /usr/share/examples/etc/jail.conf

jail == create jail
rcconf == create rc.conf for start jails
etcconfig == create rc.conf for jails and copy file
showconfig == show information


Thanks for any comments,
Sorry for my english and poor Makefile.



-- 
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Makefile
Type: application/octet-stream
Size: 5084 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20060421/c26ce8d7/Makefile.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jail.conf
Type: application/octet-stream
Size: 686 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20060421/c26ce8d7/jail.obj

More information about the freebsd-stable mailing list