From owner-freebsd-jail@FreeBSD.ORG Sun Jan 12 01:58:17 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E973B330 for ; Sun, 12 Jan 2014 01:58:17 +0000 (UTC) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id BA06B17E1 for ; Sun, 12 Jan 2014 01:58:17 +0000 (UTC) Received: from compute5.internal (compute5.nyi.mail.srv.osa [10.202.2.45]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id F32FF20BE3 for ; Sat, 11 Jan 2014 20:58:15 -0500 (EST) Received: from web3 ([10.202.2.213]) by compute5.internal (MEProxy); Sat, 11 Jan 2014 20:58:15 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:from:to:mime-version :content-transfer-encoding:content-type:in-reply-to:references :subject:date; s=smtpout; bh=w/jf3Z3/tvry/kDdEQ1dEV7V2dQ=; b=dkM B5Y3jEkQjkwMQCPeDxJRYevdJT/F81m0z2NUbgixHw6jqh7uGyRLGyIqu4fcoA7Y tXvp5XpwEfnxpr/1lnBce1kW0gbo2XnTjmRfGgSgfL1NbPaSDauxogn3ffpRmxBJ FNxeSyQ3Izpe5zP9w7qllVtodHQLbi7u2XXVWLAc= Received: by web3.nyi.mail.srv.osa (Postfix, from userid 99) id BED2C111C9F; Sat, 11 Jan 2014 20:58:15 -0500 (EST) Message-Id: <1389491895.26149.69590497.27B13D4C@webmail.messagingengine.com> X-Sasl-Enc: xd5380YOHAQuK9TEuI8Zp2Ojx/6fouV50L9p9GJrqBIi 1389491895 From: Mark Felder To: freebsd-jail@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-064ceef5 In-Reply-To: <52D1A7D5.32720.65E995@g8kbvdave.gmail.com> References: <52D1A7D5.32720.65E995@g8kbvdave.gmail.com> Subject: Re: Advice/guidance requested. Date: Sat, 11 Jan 2014 19:58:15 -0600 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Jan 2014 01:58:18 -0000 I would also recommend ezjails. Using fat jails is often completely unnecessary. From owner-freebsd-jail@FreeBSD.ORG Sun Jan 12 09:09:24 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4F5314D3 for ; Sun, 12 Jan 2014 09:09:24 +0000 (UTC) Received: from frv199.fwdcdn.com (frv199.fwdcdn.com [212.42.77.199]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 089B81184 for ; Sun, 12 Jan 2014 09:09:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ukr.net; s=ffe; h=Content-Transfer-Encoding:Content-Type:MIME-Version:References:In-Reply-To:Message-Id:Cc:To:Subject:From:Date; bh=sB7Z/r8kQ79anA4WEuZUB4fFWhx5qmRS+1R7IdzRIIw=; b=GTwaXw2dI4YD3zxcJ34eoOwHgyptRDlW8QrJxUqLCthV3OzdLp5UNb+4kyf2LnkwmxHId/muPIy3gsQEiuO6lTW92IrnF7YeKe0XypBPPCZYoBbCGMOUsR8ceinBR/GzxhXQAdG50kc87UKrj5WiIaSU5nMn3fugcr+rodU4j5I=; Received: from [10.10.10.34] (helo=frv34.ukr.net) by frv199.fwdcdn.com with smtp ID 1W2H2g-000FnT-18 for freebsd-jail@freebsd.org; Sun, 12 Jan 2014 11:09:14 +0200 Date: Sun, 12 Jan 2014 11:09:13 +0200 From: wishmaster Subject: Re[2]: Advice/guidance requested. To: Mark Felder X-Mailer: mail.ukr.net 5.0 Message-Id: <1389516744.523477025.przufqea@frv34.ukr.net> In-Reply-To: <1389491895.26149.69590497.27B13D4C@webmail.messagingengine.com> References: <52D1A7D5.32720.65E995@g8kbvdave.gmail.com> <1389491895.26149.69590497.27B13D4C@webmail.messagingengine.com> MIME-Version: 1.0 Received: from artemrts@ukr.net by frv34.ukr.net; Sun, 12 Jan 2014 11:09:13 +0200 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: binary Content-Disposition: inline Cc: freebsd-jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Jan 2014 09:09:24 -0000 --- Original message --- From: "Mark Felder" Date: 12 January 2014, 03:58:27 > I would also recommend ezjails. Using fat jails is often completely > unnecessary. Do you think using ezjail you will obtain "thin" jails? You are wrong. Setup 5...10 jails for applications: one jail for web-applications on php, one for java and so on. And you will see how your jails will be FAT! And now imagine update system and software procedure. So, if you need a lot of "light" isolation containers, ezjail is not your way. I use self written scripts which creates one base system with all needed packages and a lot of "containers" with vnet supports and with "security in mind". Upgrading is very easy, just one jail. From owner-freebsd-jail@FreeBSD.ORG Mon Jan 13 11:06:47 2014 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 473B7605 for ; Mon, 13 Jan 2014 11:06:47 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 300021147 for ; Mon, 13 Jan 2014 11:06:47 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id s0DB6ljG095876 for ; Mon, 13 Jan 2014 11:06:47 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id s0DB6k0H095874 for freebsd-jail@FreeBSD.org; Mon, 13 Jan 2014 11:06:46 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 13 Jan 2014 11:06:46 GMT Message-Id: <201401131106.s0DB6k0H095874@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jan 2014 11:06:47 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/184719 jail [jail] Starting jails: cannot start jail "domain_com": o conf/181650 jail [jail] [patch] /etc/rc.d/jail fails if a kernel built o kern/180916 jail [jail] [regression] jail startup is broken for 8.4 wit o kern/180067 jail [jail] [patch] fix multicast support within jails o bin/178302 jail jail(8): unknown parameter: ip6.addr when kernel compi o kern/176112 jail [jail] [panic] kernel panic when starting jails o kern/174902 jail [jail] jail should provide validator for jail names o bin/173469 jail [jail] regression: security.jail.sysvipc_allowed=1 no o kern/169751 jail [jail] reading routing information does not work in ja o bin/167911 jail new jail(8) problem with removal, ifconfg -alias and k o kern/159918 jail [jail] inter-jail communication failure o kern/156111 jail [jail] procstat -b not supported in jail o misc/155765 jail [patch] `buildworld' does not honors WITHOUT_JAIL o conf/154246 jail [jail] [patch] Bad symlink created if devfs mount poin s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail o kern/133265 jail [jail] is there a solution how to run nfs client in ja o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid 19 problems total. From owner-freebsd-jail@FreeBSD.ORG Mon Jan 13 11:07:31 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4939CA1D for ; Mon, 13 Jan 2014 11:07:31 +0000 (UTC) Received: from mail.wasikowski.net (mail.wasikowski.net [IPv6:2001:6a0:1cb::b]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id F137011E3 for ; Mon, 13 Jan 2014 11:07:30 +0000 (UTC) Received: from mail.wasikowski.net (mail.wasikowski.net [IPv6:2001:6a0:1cb::b]) by mail.wasikowski.net (Postfix) with ESMTP id D559B712; Mon, 13 Jan 2014 12:07:19 +0100 (CET) X-Virus-Scanned: amavisd-new at wasikowski.net Received: from mail.wasikowski.net ([IPv6:2001:6a0:1cb::b]) by mail.wasikowski.net (scan.wasikowski.net [IPv6:2001:6a0:1cb::b]) (amavisd-new, port 10026) with ESMTP id f0JpfbGKFlSF; Mon, 13 Jan 2014 12:07:19 +0100 (CET) Received: from [192.168.138.150] (83-144-115-210.static.chello.pl [83.144.115.210]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mail.wasikowski.net (Postfix) with ESMTPSA id 3AA3B70E; Mon, 13 Jan 2014 12:07:19 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=wasikowski.net; s=default; t=1389611239; bh=WZsEeL+gPHi6qyD11sz9Y5o0PSAtnxCIL4Bha8ulK9A=; h=Date:From:To:CC:References:In-Reply-To; b=ONnb7+eL6LrGFpZeyRFX2CAbCp51u6CT7vklIZXSUMJ0beuZUEvlQZzmXrHcJRZmU zAzy4WPMrHGl7Yxmvrqow8+czqgivX6rfWbRL6wLMpplOvmBTM1Ub7M5uDuVfR34JU gojKeP8Kt51wdVmQJQnbSonJ6zWmi5mcM/gpRjLbRpcdPcr3SgBayOhRQgNAyYbwR0 b+Q8sVwhJ33I2jcseJefPcx//y79tKIOluL5gG4i7yDPFJz7pXOoYw/Ne6SBuRBhLJ lGoJ0fkE58+AKFB5cSpwxikn1/oCTTVmTN5cmGrLz1XWO4XCAD1WNepKdN/Oz/THVJ r/Ty4786pBEEw== Message-ID: <52D3C8E6.5030907@wasikowski.net> Date: Mon, 13 Jan 2014 12:07:18 +0100 From: =?UTF-8?B?xYF1a2FzeiBXxIVzaWtvd3NraQ==?= User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: wishmaster Subject: Re: Advice/guidance requested. References: <52D1A7D5.32720.65E995@g8kbvdave.gmail.com> <1389491895.26149.69590497.27B13D4C@webmail.messagingengine.com> <1389516744.523477025.przufqea@frv34.ukr.net> In-Reply-To: <1389516744.523477025.przufqea@frv34.ukr.net> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jan 2014 11:07:31 -0000 W dniu 2014-01-12 10:09, wishmaster pisze: >> I would also recommend ezjails. Using fat jails is often completely >> unnecessary. > > Do you think using ezjail you will obtain "thin" jails? You are wrong. Setup 5...10 jails for applications: one jail for web-applications on php, one for java and so on. And you will see how your jails will be FAT! And now imagine update system and software procedure. > So, if you need a lot of "light" isolation containers, ezjail is not your way. > I use self written scripts which creates one base system with all needed packages and a lot of "containers" with vnet supports and with "security in mind". Upgrading is very easy, just one jail. Sounds nice, maybe write some blog post or even a more detailed mail to this list with some how-to? I'm sure many people would find this very interesting. -- best regards, Lukasz Wasikowski From owner-freebsd-jail@FreeBSD.ORG Mon Jan 13 14:03:07 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E255561A for ; Mon, 13 Jan 2014 14:03:07 +0000 (UTC) Received: from mail-wi0-x229.google.com (mail-wi0-x229.google.com [IPv6:2a00:1450:400c:c05::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 77182120F for ; Mon, 13 Jan 2014 14:03:07 +0000 (UTC) Received: by mail-wi0-f169.google.com with SMTP id e4so1167392wiv.0 for ; Mon, 13 Jan 2014 06:03:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=from:to:date:mime-version:subject:message-id:priority:in-reply-to :references:content-type:content-transfer-encoding :content-description; bh=rIULvMFEZU32MlAsRpeVY6yYf6jwiEG9eEzD2xcMPV0=; b=psmyrfrS9tBgSG9cVl31qUUZi7gmnlrpnl35/tjcljJhebQH3f9yGoOECISG83a3pM +wnY7GMinDYLQ8e7JAfs2X7YuMdG6DHuCwcJa0ktKVFAltU4Dnn7jlpzKl6YsacT8K7K /7tlW0brgwCUoQ7r/dHhDpQybf00Zlyy82qBYvUNbZaW5SP1/kktVCsHQVjSOhUqcAEU zlQybjI9gs52o4cAxm3lOdnySXrzoaCzZ/kRn8A+yksFIE9RvCTDAgESQr+HBKgbY33G K8lV0ti74u3s1C4FJIvRGbDl7iAr0IrR6QrXRyjVd+WVHABMHG4E8CDkVfmhqLaaiGE6 sbSA== X-Received: by 10.180.104.164 with SMTP id gf4mr15151405wib.35.1389621785833; Mon, 13 Jan 2014 06:03:05 -0800 (PST) Received: from [192.168.16.97] ([217.41.35.220]) by mx.google.com with ESMTPSA id pk8sm17997880wic.6.2014.01.13.06.03.04 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Mon, 13 Jan 2014 06:03:05 -0800 (PST) From: g8kbvdave@googlemail.com To: freebsd-jail@freebsd.org Date: Mon, 13 Jan 2014 14:03:03 -0000 MIME-Version: 1.0 Subject: Re: Advice/guidance requested. Message-ID: <52D3F217.16121.982CEA@g8kbvdave.gmail.com> Priority: normal In-reply-to: <52D3C8E6.5030907@wasikowski.net> References: <52D1A7D5.32720.65E995@g8kbvdave.gmail.com>, <1389516744.523477025.przufqea@frv34.ukr.net>, <52D3C8E6.5030907@wasikowski.net> X-mailer: Pegasus Mail for Windows (4.62) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jan 2014 14:03:07 -0000 > W dniu 2014-01-12 10:09, wishmaster pisze: > > >> I would also recommend ezjails. Using fat jails is often completely > >> unnecessary. > > > > Do you think using ezjail you will obtain "thin" jails? > > You are wrong. Setup 5...10 jails for applications: one jail for > > web-applications on php, one for java and so on. And you will see how your > > jails will be FAT! And now imagine update system and software procedure. > > So, if you need a lot of "light" isolation containers, ezjail is not your way. > > I use self written scripts which creates one base system with all needed > > packages and a lot of "containers" with vnet supports and with "security in > > mind". Upgrading is very easy, just one jail. > > Sounds nice, maybe write some blog post or even a more detailed mail to > this list with some how-to? I'm sure many people would find this very > interesting. > > -- > best regards, > Lukasz Wasikowski Yes indeed, then we can all learn how and more importantly "why". Best Regards. Dave B. From owner-freebsd-jail@FreeBSD.ORG Mon Jan 13 14:21:53 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A2503D7B for ; Mon, 13 Jan 2014 14:21:53 +0000 (UTC) Received: from us1.route.mx (us1.route.mx [50.17.238.48]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 66448135D for ; Mon, 13 Jan 2014 14:21:52 +0000 (UTC) Received: (route-mx 15496 invoked from network); 13 Jan 2014 14:15:11 -0000 Received: from unknown (HELO [192.168.1.100]) (nbari@inbox.im@route.mx) (envelope-sender ) by us1.route.mx (route-mx) with AES128-SHA encrypted SMTP for ; 13 Jan 2014 14:15:10 -0000 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\)) Subject: Re: Advice/guidance requested. From: Nicolas de Bari Embriz Garcia Rojas In-Reply-To: <52D3F217.16121.982CEA@g8kbvdave.gmail.com> Date: Mon, 13 Jan 2014 14:15:04 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: <0A404767-FB48-4269-93F3-4BBCACE959EC@inbox.im> References: <52D1A7D5.32720.65E995@g8kbvdave.gmail.com>, <1389516744.523477025.przufqea@frv34.ukr.net>, <52D3C8E6.5030907@wasikowski.net> <52D3F217.16121.982CEA@g8kbvdave.gmail.com> To: g8kbvdave@googlemail.com X-Mailer: Apple Mail (2.1827) Cc: freebsd-jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jan 2014 14:21:53 -0000 I like to use jails.conf and the sysutils/jail2/ port. I create a very basic jail and later just clone it taking advantage of = ZFS. I share the /usr/ports from the host with the jails, but let each jail = have their own files, so that later if needed, I can just dump the full = jail and move it to another server with out need to worry about X o Y = missing files. Once I have the jail, I follow this schema: = https://github.com/nbari/arena Hope this can help or give more ideas. regards. On Jan 13, 2014, at 2:03 PM, g8kbvdave@googlemail.com wrote: >> W dniu 2014-01-12 10:09, wishmaster pisze: >>=20 >>>> I would also recommend ezjails. Using fat jails is often completely >>>> unnecessary. >>>=20 >>> Do you think using ezjail you will obtain "thin" jails?=20 >>> You are wrong. Setup 5...10 jails for applications: one jail for >>> web-applications on php, one for java and so on. And you will see = how your >>> jails will be FAT! And now imagine update system and software = procedure. >>> So, if you need a lot of "light" isolation containers, ezjail is not = your way.=20 >>> I use self written scripts which creates one base system with all = needed=20 >>> packages and a lot of "containers" with vnet supports and with = "security in >>> mind". Upgrading is very easy, just one jail. >>=20 >> Sounds nice, maybe write some blog post or even a more detailed mail = to >> this list with some how-to? I'm sure many people would find this very >> interesting. >>=20 >> --=20 >> best regards, >> Lukasz Wasikowski >=20 > Yes indeed, then we can all learn how and more importantly "why". >=20 > Best Regards. >=20 > Dave B. >=20 > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to = "freebsd-jail-unsubscribe@freebsd.org" From owner-freebsd-jail@FreeBSD.ORG Mon Jan 13 14:42:00 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 487AE3A0 for ; Mon, 13 Jan 2014 14:42:00 +0000 (UTC) Received: from mail-wg0-x22c.google.com (mail-wg0-x22c.google.com [IPv6:2a00:1450:400c:c00::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id D17C71584 for ; Mon, 13 Jan 2014 14:41:59 +0000 (UTC) Received: by mail-wg0-f44.google.com with SMTP id l18so5678868wgh.11 for ; Mon, 13 Jan 2014 06:41:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=from:to:date:mime-version:subject:cc:message-id:priority :in-reply-to:references:content-type:content-transfer-encoding :content-description; bh=jJEvyfKZXTAKrd2S3LwPRMGNrL08F+FKTpLAsOAPDAM=; b=JQ5VD+jda2vbzQLI0enEZEh3rTBCLLd64DbT7V6npuQIut4k7rHptb0sKbcnwDHfgx g9nXbfndzi/IgTnPUkqocd3o8TiTVaLuIogC1pXe+ukvBE7dACmmz35lqB3s7K/jY+/n AuIfAVArDRKo678RFFgf1qb5uoFcKpmOvZ8DaBH3A823bcxOcLryBsPhqcEwQ5A7kLfe eGbbebV6OuyegPxi+1a3w1B8RVd5Xp9IbT51KvSxhm2c/qZ/BgSC/ck94QXKtKZxmGnc m/Gt2OnTv2/PKYYfSuZOAWTUetex3Oy8cuxM0y2WWskHiwqJA0tHeSflQXumKowQjvp0 cGbg== X-Received: by 10.194.173.163 with SMTP id bl3mr22490758wjc.10.1389624118198; Mon, 13 Jan 2014 06:41:58 -0800 (PST) Received: from [192.168.16.97] ([217.41.35.220]) by mx.google.com with ESMTPSA id e5sm11659951wja.15.2014.01.13.06.41.57 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Mon, 13 Jan 2014 06:41:57 -0800 (PST) From: g8kbvdave@googlemail.com To: Nicolas de Bari Embriz Garcia Rojas Date: Mon, 13 Jan 2014 14:41:53 -0000 MIME-Version: 1.0 Subject: Re: Advice/guidance requested. Message-ID: <52D3FB31.27659.BBBC3D@g8kbvdave.gmail.com> Priority: normal In-reply-to: <0A404767-FB48-4269-93F3-4BBCACE959EC@inbox.im> References: <52D1A7D5.32720.65E995@g8kbvdave.gmail.com>, <52D3F217.16121.982CEA@g8kbvdave.gmail.com>, <0A404767-FB48-4269-93F3-4BBCACE959EC@inbox.im> X-mailer: Pegasus Mail for Windows (4.62) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Cc: freebsd-jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jan 2014 14:42:00 -0000 I know, top posting.... Hi. Other than the directory structure illustrated there, you've confused me. (Not difficult!) The problem I'm finding, is that everyone assumes everyone else knows what everyone is talking about, in detail! I freely admit I don't! (But I'm slowly learning.) So.... Please excuse my ignorance, but what has "arena" got to do with Jails? Bearing in mind, Ive yet to get any of this to work even in it's most basic form, other than a base FBSD system that ticks allong nicely doing other things such as NTP timekeeping duties. The other thing is, I will be needing to document all this, so in x years time when I might need to do it all again, I can. Though from what I'm hearing, it'll have all changed again by then anyway, so I'll be back to square one. Is there a simple (graphical) illustration with basic description somewhere, that explain's how the parts of a jail inter-relate with each other, and the base system? I'm a bear with a small brain BoBo! I'm doing this to support an aspect of a hobby of mine, not for any proffit or gain. Sorry, but there is just too much conflicting information to try and absorb at present, and though I've been meddling with computers and other tech stuff for many years (decades!) I'm a Unix noob in this respect. Regards. Dave B. > I like to use jails.conf and the sysutils/jail2/ port. > > I create a very basic jail and later just clone it taking advantage of ZFS. > > I share the /usr/ports from the host with the jails, but let each jail have their own files, so that later if needed, I can just dump the full jail and move it to another server with out need to worry about X o Y missing files. > > Once I have the jail, I follow this schema: https://github.com/nbari/arena > > Hope this can help or give more ideas. > > regards. > > > > On Jan 13, 2014, at 2:03 PM, g8kbvdave@googlemail.com wrote: > > >> W dniu 2014-01-12 10:09, wishmaster pisze: > >> > >>>> I would also recommend ezjails. Using fat jails is often completely > >>>> unnecessary. > >>> > >>> Do you think using ezjail you will obtain "thin" jails? > >>> You are wrong. Setup 5...10 jails for applications: one jail for > >>> web-applications on php, one for java and so on. And you will see how your > >>> jails will be FAT! And now imagine update system and software procedure. > >>> So, if you need a lot of "light" isolation containers, ezjail is not your way. > >>> I use self written scripts which creates one base system with all needed > >>> packages and a lot of "containers" with vnet supports and with "security in > >>> mind". Upgrading is very easy, just one jail. > >> > >> Sounds nice, maybe write some blog post or even a more detailed mail to > >> this list with some how-to? I'm sure many people would find this very > >> interesting. > >> > >> -- > >> best regards, > >> Lukasz Wasikowski > > > > Yes indeed, then we can all learn how and more importantly "why". > > > > Best Regards. > > > > Dave B. > > > > _______________________________________________ > > freebsd-jail@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > From owner-freebsd-jail@FreeBSD.ORG Mon Jan 13 16:13:52 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6448FE91 for ; Mon, 13 Jan 2014 16:13:52 +0000 (UTC) Received: from land.berklix.org (land.berklix.org [144.76.10.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id E4EF91E1F for ; Mon, 13 Jan 2014 16:13:51 +0000 (UTC) Received: from mart.js.berklix.net (pD9FBE044.dip0.t-ipconnect.de [217.251.224.68]) (authenticated bits=128) by land.berklix.org (8.14.5/8.14.5) with ESMTP id s0DGDe8h004111; Mon, 13 Jan 2014 16:13:40 GMT (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (fire.js.berklix.net [192.168.91.41]) by mart.js.berklix.net (8.14.3/8.14.3) with ESMTP id s0DGDSIT069987; Mon, 13 Jan 2014 17:13:28 +0100 (CET) (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (localhost [127.0.0.1]) by fire.js.berklix.net (8.14.4/8.14.4) with ESMTP id s0DGDAGY018336; Mon, 13 Jan 2014 17:13:16 +0100 (CET) (envelope-from jhs@fire.js.berklix.net) Message-Id: <201401131613.s0DGDAGY018336@fire.js.berklix.net> To: g8kbvdave@googlemail.com Subject: Re: Advice/guidance requested. From: "Julian H. Stacey" Organization: http://berklix.com BSD Unix Linux Consultants, Munich Germany User-agent: EXMH on FreeBSD http://berklix.com/free/ X-URL: http://www.berklix.com In-reply-to: Your message "Mon, 13 Jan 2014 14:41:53 GMT." <52D3FB31.27659.BBBC3D@g8kbvdave.gmail.com> Date: Mon, 13 Jan 2014 17:13:10 +0100 Sender: jhs@berklix.com Cc: freebsd-jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jan 2014 16:13:52 -0000 Hi, Reference: > From: g8kbvdave@googlemail.com > Date: Mon, 13 Jan 2014 14:41:53 -0000 g8kbvdave@googlemail.com wrote: > I know, top posting.... So don't, too many lately. Comply with the project's mail list rules ! On average top posters are less clued up & less conformant to project so less benefit to read, so when looking to save time reading lists, it's effecient to delete top posters unread. Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com Interleave replies below like a play script. Indent old text with "> ". Send plain text, not quoted-printable, HTML, base64, or multipart/alternative. Con Man Fakes A Loan Shark http://www.berklix.eu/jhs/blog/2014_01_09 From owner-freebsd-jail@FreeBSD.ORG Mon Jan 13 16:40:58 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 365FB4E0 for ; Mon, 13 Jan 2014 16:40:58 +0000 (UTC) Received: from us1.route.mx (us1.route.mx [50.17.238.48]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id C52D8107E for ; Mon, 13 Jan 2014 16:40:57 +0000 (UTC) Received: (route-mx 16258 invoked from network); 13 Jan 2014 16:40:56 -0000 Received: from unknown (HELO [192.168.1.100]) (nbari@inbox.im@route.mx) (envelope-sender ) by us1.route.mx (route-mx) with AES128-SHA encrypted SMTP for ; 13 Jan 2014 16:40:56 -0000 Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\)) Subject: Re: Advice/guidance requested. From: Nicolas de Bari Embriz Garcia Rojas In-Reply-To: <52D3FB31.27659.BBBC3D@g8kbvdave.gmail.com> Date: Mon, 13 Jan 2014 16:40:50 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: <03484C5F-9851-4965-9C91-D4982E45CFE9@inbox.im> References: <52D1A7D5.32720.65E995@g8kbvdave.gmail.com>, <52D3F217.16121.982CEA@g8kbvdave.gmail.com>, <0A404767-FB48-4269-93F3-4BBCACE959EC@inbox.im> <52D3FB31.27659.BBBC3D@g8kbvdave.gmail.com> To: g8kbvdave@googlemail.com X-Mailer: Apple Mail (2.1827) Cc: freebsd-jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jan 2014 16:40:58 -0000 Hi, sorry for the confusion, I will go a little more in detail trying to = explain more my use case. To what it concerns to jails: Basic setup: FreeBSD Host with N jails. For this I create a basic, light jail (custom src.conf) , the one later = is cloned (ZFS), and configuration is in jails.conf. To install packages in a jail I share the host ports tree on all jails. That=92s all it concerns to jails.=20 Now, =93arena=94 is the name I give to a simple directory structure = that I can use in any *nix system. My intention of it, was to have = always an "universal deployment schema" compatible with any *nix. = basically my way of emulating jails in *nix that don=92t have jails.=20 When working with Freebsd, inside a jail I create an =91arena=92 = following the schema I sent previously. (https://github.com/nbari/arena) Unfortunately not all my working environments are always FreeBSD, = therefore I had to found an structure that could work in any *nix. = The name I chose was =91arena=92 , so basically is a directory =91/arena=92= that contents the applications, sites, sources, run scripts, basically = everything required by my applications, so that I can just replicate = that structure in any *nix and have everything working either is a linux = a freebsd or either inside a jail. Today you may be working in a jail and have all perfect running, but = maybe one day you will need to move or replicate all your applications, = to servers that could be running using linux, a freebsd host within = virtualbox, or either maybe an instance of bhyve, because of this I = created this =93arena=94, universal deployment that can help me move = things fast. Hope I didn=92t confuse you more, but I just tried to explain and = complement the use of jails, in my case, rather than been fat or thin, = jails are perfect containers that allow to deploy very custom = applications. If you have more questions feel free to ask. The src.conf I use for the jails is:=20 8<=97 CC=3Dclang CXX=3Dclang++ CPP=3Dclang-cpp # src for jail WITHOUT_ACCT=3D"YES" WITHOUT_ACPI=3D"YES" WITHOUT_AMD=3D"YES" WITHOUT_APM=3D"YES" WITHOUT_ASSERT_DEBUG=3D"YES" WITHOUT_AT=3D"YES" WITHOUT_ATM=3D"YES" WITHOUT_AUDIT=3D"YES" WITHOUT_AUTHPF=3D"YES" WITHOUT_BIND_DNSSEC=3D"YES" WITHOUT_BIND_ETC=3D"YES" WITHOUT_BIND_LIBS_LWRES=3D"YES" WITHOUT_BIND_MTREE=3D"YES" WITHOUT_BIND_NAMED=3D"YES" WITHOUT_BLUETOOTH=3D"YES" WITHOUT_BOOT=3D"YES" WITHOUT_BSNMP=3D"YES" WITHOUT_CALENDAR=3D"YES" WITHOUT_CDDL=3D"YES" WITHOUT_CTM=3D"YES" WITHOUT_CVS=3D"YES" WITHOUT_DICT=3D"YES" WITHOUT_EXAMPLES=3D"YES" WITHOUT_FLOPPY=3D"YES" WITHOUT_FORTH=3D"YES" WITHOUT_FREEBSD_UPDATE=3D"YES" WITHOUT_GAMES=3D"YES" WITHOUT_GDB=3D"YES" WITHOUT_GPIB=3D"YES" WITHOUT_GSSAPI=3D"YES" WITHOUT_HTML=3D"YES" WITHOUT_IPFILTER=3D"YES" WITHOUT_IPFW=3D"YES" WITHOUT_IPX=3D"YES" WITHOUT_JAIL=3D"YES" WITHOUT_KERBEROS=3D"YES" WITHOUT_LEGACY_CONSOLE=3D"YES" WITHOUT_LIB32=3D"YES" WITHOUT_LPR=3D"YES" WITHOUT_NCP=3D"YES" WITHOUT_NDIS=3D"YES" WITHOUT_NETGRAPH=3D"YES" WITHOUT_NIS=3D"YES" WITHOUT_NLS=3D"YES" WITHOUT_NLS_CATALOGS=3D"YES" WITHOUT_NS_CACHING=3D"YES" WITHOUT_NTP=3D"YES" WITHOUT_PF=3D"YES" WITHOUT_PMC=3D"YES" WITHOUT_PORTSNAP=3D"YES" WITHOUT_PPP=3D"YES" WITHOUT_PROFILE=3D"YES" WITHOUT_QUOTAS=3D"YES" WITHOUT_RCMDS=3D"YES" WITHOUT_RCS=3D"YES" WITHOUT_RESCUE=3D"YES" WITHOUT_ROUTED=3D"YES" WITHOUT_SENDMAIL=3D"YES" WITHOUT_SHAREDOCS=3D"YES" WITHOUT_SYSCONS=3D"YES" WITHOUT_SYSINSTALL=3D"YES" WITHOUT_USB=3D"YES" WITHOUT_WIRELESS=3D"YES" WITHOUT_WPA_SUPPLICANT_EAPOL=3D"YES" WITHOUT_ZFS=3D=93YES=94 8<--- regards.=20 On Jan 13, 2014, at 2:41 PM, g8kbvdave@googlemail.com wrote: > I know, top posting.... >=20 > Hi. >=20 > Other than the directory structure illustrated there, you've confused = me. (Not=20 > difficult!) >=20 > The problem I'm finding, is that everyone assumes everyone else knows = what=20 > everyone is talking about, in detail! I freely admit I don't! (But = I'm slowly=20 > learning.) >=20 > So.... Please excuse my ignorance, but what has "arena" got to do = with Jails? >=20 > Bearing in mind, Ive yet to get any of this to work even in it's most = basic form,=20 > other than a base FBSD system that ticks allong nicely doing other = things such=20 > as NTP timekeeping duties. >=20 > The other thing is, I will be needing to document all this, so in x = years time when=20 > I might need to do it all again, I can. Though from what I'm = hearing, it'll have=20 > all changed again by then anyway, so I'll be back to square one. >=20 > Is there a simple (graphical) illustration with basic description = somewhere, that=20 > explain's how the parts of a jail inter-relate with each other, and = the base=20 > system? I'm a bear with a small brain BoBo! I'm doing this to = support an=20 > aspect of a hobby of mine, not for any proffit or gain. >=20 > Sorry, but there is just too much conflicting information to try and = absorb at=20 > present, and though I've been meddling with computers and other tech = stuff for=20 > many years (decades!) I'm a Unix noob in this respect. >=20 > Regards. >=20 > Dave B. >=20 >=20 >> I like to use jails.conf and the sysutils/jail2/ port. >>=20 >> I create a very basic jail and later just clone it taking advantage = of ZFS. >>=20 >> I share the /usr/ports from the host with the jails, but let each = jail have their own files, so that later if needed, I can just dump the = full jail and move it to another server with out need to worry about X o = Y missing files. >>=20 >> Once I have the jail, I follow this schema: = https://github.com/nbari/arena >>=20 >> Hope this can help or give more ideas. >>=20 >> regards. >>=20 >>=20 >>=20 >> On Jan 13, 2014, at 2:03 PM, g8kbvdave@googlemail.com wrote: >>=20 >>>> W dniu 2014-01-12 10:09, wishmaster pisze: >>>>=20 >>>>>> I would also recommend ezjails. Using fat jails is often = completely >>>>>> unnecessary. >>>>>=20 >>>>> Do you think using ezjail you will obtain "thin" jails?=20 >>>>> You are wrong. Setup 5...10 jails for applications: one jail for >>>>> web-applications on php, one for java and so on. And you will see = how your >>>>> jails will be FAT! And now imagine update system and software = procedure. >>>>> So, if you need a lot of "light" isolation containers, ezjail is = not your way.=20 >>>>> I use self written scripts which creates one base system with all = needed=20 >>>>> packages and a lot of "containers" with vnet supports and with = "security in >>>>> mind". Upgrading is very easy, just one jail. >>>>=20 >>>> Sounds nice, maybe write some blog post or even a more detailed = mail to >>>> this list with some how-to? I'm sure many people would find this = very >>>> interesting. >>>>=20 >>>> --=20 >>>> best regards, >>>> Lukasz Wasikowski >>>=20 >>> Yes indeed, then we can all learn how and more importantly "why". >>>=20 >>> Best Regards. >>>=20 >>> Dave B. >>>=20 >>> _______________________________________________ >>> freebsd-jail@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail >>> To unsubscribe, send any mail to = "freebsd-jail-unsubscribe@freebsd.org" >>=20 >=20 >=20 From owner-freebsd-jail@FreeBSD.ORG Tue Jan 14 16:37:13 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0A1E75AA for ; Tue, 14 Jan 2014 16:37:13 +0000 (UTC) Received: from mail-wg0-x229.google.com (mail-wg0-x229.google.com [IPv6:2a00:1450:400c:c00::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 94B78177D for ; Tue, 14 Jan 2014 16:37:12 +0000 (UTC) Received: by mail-wg0-f41.google.com with SMTP id n12so4127142wgh.0 for ; Tue, 14 Jan 2014 08:37:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=from:to:date:mime-version:subject:message-id:priority:in-reply-to :references:content-type:content-transfer-encoding :content-description; bh=AOglzUsQ6zEY5MDZhTyFxi1Efvwf02wCx3IExHzyN0w=; b=SG4LFXwLzIxvhkQ0DT+7csdAzccZHSIVIbJY9pr/cqBWDp6Ea3y6NVMZGdYenI0ivm UzhYWvFf76UcgzNk9+ooBZ+Ei85TK2XAeAprEJsMopjU1v82TdzsBP3cxXH70hgkTYIT hBama/SFu6JcpcS3djutwDfCxucCJMqjdRt3lG7d7dRDpB+O+LRtuZ5ZxymjEwn9w/Fs oh2Fq8siAeTxhmbVbrJH5UXCW+6ip8TEs16feW9VsgXS4gQhzOPaPNZmbipAYeJ/INCL 5rBUhpA4WEwFcdWiMqR0OGdxWQGsWNKyhL2qORMa4o1QSFUX697StDNEyUENRZOMXQ4q frJA== X-Received: by 10.194.59.210 with SMTP id b18mr10087443wjr.60.1389717431084; Tue, 14 Jan 2014 08:37:11 -0800 (PST) Received: from [192.168.16.83] ([217.41.35.220]) by mx.google.com with ESMTPSA id ux5sm971918wjc.6.2014.01.14.08.37.09 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 14 Jan 2014 08:37:10 -0800 (PST) From: g8kbvdave@googlemail.com To: freebsd-jail@freebsd.org Date: Tue, 14 Jan 2014 16:37:07 -0000 MIME-Version: 1.0 Subject: Re: Advice/guidance requested. Message-ID: <52D567B3.12618.1BACD65@g8kbvdave.gmail.com> Priority: normal In-reply-to: <20140112163523.K43023@sola.nimnet.asn.au> References: <52D1A7D5.32720.65E995@g8kbvdave.gmail.com>, <20140112163523.K43023@sola.nimnet.asn.au> X-mailer: Pegasus Mail for Windows (4.62) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2014 16:37:13 -0000 > On Sat, 11 Jan 2014 20:21:41 -0000, g8kbvdave@googlemail.com wrote: > > Hi. > > Hi Dave, > > > PLEASE don't just point me at "The Handbook". It's useless if you don't already > > know what to do. (And in all honesty, even if you do, it's not often much help > > I find.) > > The handbook section on jails is pretty good actually, though it may be > a bit out of date - nonetheless I suggest familiarising yourself with > it, and then using ezjail, which is very well documented itself. > > ezjail's author Dirk Engling (erdgeist) hangs out in freebsd-jail but > rarely has to answer questions himself since many competant ezjail users > hang out here. > > I just googled 'ezjail' and the first reference, before the rather out > of date though useful cyberciti.biz one someone mentioned and a number > of other possibly useful links, is the real thing: > > http://erdgeist.org/arts/software/ezjail/ > > cheers, Ian OK Thanks. Re the "Handbook" and the comment "though it may be a bit out of date". Sadly, it's the "a bit out of date" parts, that stump me each time, so that's one of the major reasons why I find the "Handbook" so difficult to get on with. I guess as those people who use jails and such don't need to reference the Handbook, it doesn't keep up to speed with the releases in the real world? (Of course, that NEVER happens in other walks of life, does it! :) ) Anyway... I've spent some time on and off, reading up on all this, as a result I am at present veering towards qjail, as for whatever reason, I do find the doc's easier to follow and understand. (Remember, I'm not from a Unix background. I ar just a lowley engineering technician, who want's to do something safe(er) with a webserver for a hobby site.) As well as qjail though, I've also got an indipendant VM setup to use ezjail, so I'll experiment with both and see what happens. As always however, I find it difficult these days to get "enough of the right sort of contiguious time" to fiddle and learn about all this stuff, what with daily life, work + domestic and other social time swallowers. Slow progress, but progress none the less. Cheers All. Dave B. From owner-freebsd-jail@FreeBSD.ORG Tue Jan 14 22:26:43 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3B5C788C for ; Tue, 14 Jan 2014 22:26:43 +0000 (UTC) Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1lp0017.outbound.protection.outlook.com [213.199.154.17]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 6EAC110C1 for ; Tue, 14 Jan 2014 22:26:41 +0000 (UTC) Received: from DB3PR06MB011.eurprd06.prod.outlook.com (10.141.7.146) by DB3PR06MB233.eurprd06.prod.outlook.com (10.141.5.142) with Microsoft SMTP Server (TLS) id 15.0.851.11; Tue, 14 Jan 2014 22:26:34 +0000 Received: from DB3PR06MB011.eurprd06.prod.outlook.com (10.141.7.146) by DB3PR06MB011.eurprd06.prod.outlook.com (10.141.7.146) with Microsoft SMTP Server (TLS) id 15.0.842.7; Tue, 14 Jan 2014 22:26:33 +0000 Received: from DB3PR06MB011.eurprd06.prod.outlook.com ([169.254.5.85]) by DB3PR06MB011.eurprd06.prod.outlook.com ([169.254.5.190]) with mapi id 15.00.0842.003; Tue, 14 Jan 2014 22:26:33 +0000 From: James Lodge To: "freebsd-jail@freebsd.org" Subject: Re: Advice/guidance requested. Thread-Topic: Advice/guidance requested. Thread-Index: AQHPEXetyvrs/niHOE6vLnqq8CqloQ== Date: Tue, 14 Jan 2014 22:26:32 +0000 Message-ID: <44d37ca567f04549aae20bec46885566@DB3PR06MB011.eurprd06.prod.outlook.com> Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [81.174.132.199] x-forefront-prvs: 0091C8F1EB x-forefront-antispam-report: SFV:NSPM; SFS:(10009001)(689001)(679001)(779001)(53834002)(199002)(189002)(51704005)(24454002)(76482001)(56816005)(50986001)(19580395003)(19580405001)(51856001)(74662001)(15395725003)(87266001)(69226001)(83322001)(85852003)(4396001)(90146001)(63696002)(79102001)(81542001)(54356001)(47736001)(74366001)(59766001)(93136001)(93516001)(81686001)(56776001)(53806001)(80022001)(74316001)(77982001)(81816001)(76796001)(81342001)(85306002)(74502001)(76786001)(46102001)(65816001)(66066001)(31966008)(76176001)(54316002)(16236675002)(74876001)(74482001)(47446002)(77096001)(33646001)(80976001)(74706001)(15202345003)(47976001)(15975445006)(2656002)(76576001)(83072002)(87936001)(92566001)(49866001)(24736002)(80792004); DIR:OUT; SFP:1101; SCL:1; SRVR:DB3PR06MB011; H:DB3PR06MB011.eurprd06.prod.outlook.com; CLIP:81.174.132.199; FPR:; RD:InfoNoRecords; A:1; MX:1; LANG:en; MIME-Version: 1.0 X-OriginatorOrg: Lodge.me.uk Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 X-Content-Filtered-By: Mailman/MimeDel 2.1.17 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2014 22:26:43 -0000 DQpPbiAxNCBKYW4gMjAxNCAxNjozNywgImc4a2J2ZGF2ZUBnb29nbGVtYWlsLmNvbSIgPGc4a2J2 ZGF2ZUBnb29nbGVtYWlsLmNvbT4gd3JvdGU6DQo+DQo+ID4gT24gU2F0LCAxMSBKYW4gMjAxNCAy MDoyMTo0MSAtMDAwMCwgZzhrYnZkYXZlQGdvb2dsZW1haWwuY29tIHdyb3RlOg0KPiA+ICA+IEhp Lg0KPiA+DQo+ID4gSGkgRGF2ZSwNCj4gPg0KPiA+ICA+IFBMRUFTRSBkb24ndCBqdXN0IHBvaW50 IG1lIGF0ICJUaGUgSGFuZGJvb2siLiAgSXQncyB1c2VsZXNzIGlmIHlvdSBkb24ndCBhbHJlYWR5 DQo+ID4gID4ga25vdyB3aGF0IHRvIGRvLiAgIChBbmQgaW4gYWxsIGhvbmVzdHksIGV2ZW4gaWYg eW91IGRvLCBpdCdzIG5vdCBvZnRlbiBtdWNoIGhlbHANCj4gPiAgPiBJIGZpbmQuKQ0KPiA+DQo+ ID4gVGhlIGhhbmRib29rIHNlY3Rpb24gb24gamFpbHMgaXMgcHJldHR5IGdvb2QgYWN0dWFsbHks IHRob3VnaCBpdCBtYXkgYmUNCj4gPiBhIGJpdCBvdXQgb2YgZGF0ZSAtIG5vbmV0aGVsZXNzIEkg c3VnZ2VzdCBmYW1pbGlhcmlzaW5nIHlvdXJzZWxmIHdpdGgNCj4gPiBpdCwgYW5kIHRoZW4gdXNp bmcgZXpqYWlsLCB3aGljaCBpcyB2ZXJ5IHdlbGwgZG9jdW1lbnRlZCBpdHNlbGYuDQo+ID4NCj4g PiBlemphaWwncyBhdXRob3IgRGlyayBFbmdsaW5nIChlcmRnZWlzdCkgaGFuZ3Mgb3V0IGluIGZy ZWVic2QtamFpbCBidXQNCj4gPiByYXJlbHkgaGFzIHRvIGFuc3dlciBxdWVzdGlvbnMgaGltc2Vs ZiBzaW5jZSBtYW55IGNvbXBldGFudCBlemphaWwgdXNlcnMNCj4gPiBoYW5nIG91dCBoZXJlLg0K PiA+DQo+ID4gSSBqdXN0IGdvb2dsZWQgJ2V6amFpbCcgYW5kIHRoZSBmaXJzdCByZWZlcmVuY2Us IGJlZm9yZSB0aGUgcmF0aGVyIG91dA0KPiA+IG9mIGRhdGUgdGhvdWdoIHVzZWZ1bCBjeWJlcmNp dGkuYml6IG9uZSBzb21lb25lIG1lbnRpb25lZCBhbmQgYSBudW1iZXINCj4gPiBvZiBvdGhlciBw b3NzaWJseSB1c2VmdWwgbGlua3MsIGlzIHRoZSByZWFsIHRoaW5nOg0KPiA+DQo+ID4gaHR0cDov L2VyZGdlaXN0Lm9yZy9hcnRzL3NvZnR3YXJlL2V6amFpbC8NCj4gPg0KPiA+IGNoZWVycywgSWFu DQo+DQo+DQo+IE9LIFRoYW5rcy4NCj4NCj4gUmUgdGhlICJIYW5kYm9vayIgYW5kIHRoZSBjb21t ZW50ICJ0aG91Z2ggaXQgbWF5IGJlIGEgYml0IG91dCBvZiBkYXRlIi4NCj4NCj4gU2FkbHksIGl0 J3MgdGhlICJhIGJpdCBvdXQgb2YgZGF0ZSIgcGFydHMsIHRoYXQgc3R1bXAgbWUgZWFjaCB0aW1l LCBzbyB0aGF0J3Mgb25lDQo+IG9mIHRoZSBtYWpvciByZWFzb25zIHdoeSBJIGZpbmQgdGhlICJI YW5kYm9vayIgc28gZGlmZmljdWx0IHRvIGdldCBvbiB3aXRoLiAgICBJDQo+IGd1ZXNzIGFzIHRo b3NlIHBlb3BsZSB3aG8gdXNlIGphaWxzIGFuZCBzdWNoIGRvbid0IG5lZWQgdG8gcmVmZXJlbmNl IHRoZQ0KPiBIYW5kYm9vaywgaXQgZG9lc24ndCBrZWVwIHVwIHRvIHNwZWVkIHdpdGggdGhlIHJl bGVhc2VzIGluIHRoZSByZWFsIHdvcmxkPw0KPg0KPiAoT2YgY291cnNlLCB0aGF0IE5FVkVSIGhh cHBlbnMgaW4gb3RoZXIgd2Fsa3Mgb2YgbGlmZSwgZG9lcyBpdCEgIDopICApDQo+DQo+IEFueXdh eS4uLg0KPg0KPiBJJ3ZlIHNwZW50IHNvbWUgdGltZSBvbiBhbmQgb2ZmLCByZWFkaW5nIHVwIG9u IGFsbCB0aGlzLCBhcyBhIHJlc3VsdCBJIGFtIGF0DQo+IHByZXNlbnQgdmVlcmluZyB0b3dhcmRz IHFqYWlsLCBhcyBmb3Igd2hhdGV2ZXIgcmVhc29uLCBJIGRvIGZpbmQgdGhlIGRvYydzIGVhc2ll cg0KPiB0byBmb2xsb3cgYW5kIHVuZGVyc3RhbmQuICAgKFJlbWVtYmVyLCBJJ20gbm90IGZyb20g YSBVbml4IGJhY2tncm91bmQuICBJIGFyDQo+IGp1c3QgYSBsb3dsZXkgZW5naW5lZXJpbmcgdGVj aG5pY2lhbiwgd2hvIHdhbnQncyB0byBkbyBzb21ldGhpbmcgc2FmZShlcikgd2l0aA0KPiBhIHdl YnNlcnZlciBmb3IgYSBob2JieSBzaXRlLikNCj4NCj4gQXMgd2VsbCBhcyBxamFpbCB0aG91Z2gs IEkndmUgYWxzbyBnb3QgYW4gaW5kaXBlbmRhbnQgVk0gc2V0dXAgdG8gdXNlIGV6amFpbCwgc28N Cj4gSSdsbCBleHBlcmltZW50IHdpdGggYm90aCBhbmQgc2VlIHdoYXQgaGFwcGVucy4NCj4NCj4g QXMgYWx3YXlzIGhvd2V2ZXIsIEkgZmluZCBpdCBkaWZmaWN1bHQgdGhlc2UgZGF5cyB0byBnZXQg ImVub3VnaCBvZiB0aGUgcmlnaHQgc29ydA0KPiBvZiBjb250aWd1aW91cyB0aW1lIiB0byBmaWRk bGUgYW5kIGxlYXJuIGFib3V0IGFsbCB0aGlzIHN0dWZmLCB3aGF0IHdpdGggZGFpbHkgbGlmZSwN Cj4gd29yayArIGRvbWVzdGljIGFuZCBvdGhlciBzb2NpYWwgdGltZSBzd2FsbG93ZXJzLg0KPg0K PiBTbG93IHByb2dyZXNzLCBidXQgcHJvZ3Jlc3Mgbm9uZSB0aGUgbGVzcy4NCj4NCj4gQ2hlZXJz IEFsbC4NCj4NCj4gRGF2ZSBCLg0KPg0KPg0KDQpNYXkgSSBtYWtlIGEgc3VnZ2VzdGlvbi4gSXQg bWlnaHQgYmUgd29ydGggdHJ5aW5nIFBDLUJTRCBhbmQgV2FyZGVuLiBLcmlzIE1vb3JlIGFuZCBn dXlzIGhhdmUgZG9uZSBhIGdvb2Qgam9iIG9mIHRoZSBHVUkgd2hpY2ggbWFrZXMgaXQgdmVyeSBl YXN5LiBUaGUgY29tbWFuZCBsaW5lIGlzIGFsc28gYXZhaWxhYmxlIHNob3VsZCB5b3Ugd2FudC9u ZWVkIGl0Lg0K