Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 28 Oct 2015 15:43:46 -0500 (CDT)
From:      "Valeri Galtsev" <galtsev@kicp.uchicago.edu>
To:        "Mark Felder" <feld@FreeBSD.org>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: /etc/jail.conf documentation?
Message-ID:  <20953.128.135.52.6.1446065026.squirrel@cosmo.uchicago.edu>
In-Reply-To: <1446064085.1148620.422968569.0E47599D@webmail.messagingengine.com>
References:  <49230.128.135.52.6.1446047977.squirrel@cosmo.uchicago.edu> <1446064085.1148620.422968569.0E47599D@webmail.messagingengine.com>

next in thread | previous in thread | raw e-mail | index | archive | help

On Wed, October 28, 2015 3:28 pm, Mark Felder wrote:
>
>
> On Wed, Oct 28, 2015, at 10:59, Valeri Galtsev wrote:
>> Dear All,
>>
>> Can someone recommend something similar to FreeBSD handbook that
>> describes
>> building jails for newer systems meaning /etc/jail.conf as opposed to
>> /etc/rc.conf which handbook currently has in its jails chapter. I still
>> have all jail configurations on 9.3 boxes in /etc/rc.conf, but it is
>> time
>> to build 10.x production boxes, and do things modern way (implying
>> /etc/jail.conf). I still intend to keep building jails "old fashion way"
>> as described in handbook, as opposed to using tools "ezjail" or similar.
>>
>> Thanks for all your advises!
>>
>> Valeri
>>
>> PS I know I can always use UNIX way of getting information, like
>>
>> man jail.conf
>>
>> , still...
>>
>
> Hi Valeri,
>
> It's simpler than you think. Your /etc/jail.conf can be as simple as:
>
> exec.start = "/bin/sh /etc/rc";
> exec.stop = "/bin/sh /etc/rc.shutdown";
> exec.clean;
> mount.devfs;
>
> path = /zroot/jails/$name;
>
> myjail{
>     host.hostname = "myjail.local";
>     ip4.addr = 192.168.1.5;
> }
>

Mark, thanks a lot! I already have it running; I have a couple more I'm
sure I need to have:

allow.set_hostname = 0;
allow.sysvipc = 0;

but I definitely didn't have

exec.stop = "/bin/sh /etc/rc.shutdown";

which seems to be really beneficial for jail "clean shutdown" akin we do
when we shut down real system.

Thanks!

Valeri

> You can add more options to the jail as required. Look at jail(8) man
> page instead of jail.conf(5) which lists the format, but not the
> options. I think this is kind of backwards myself, but I wasn't involved
> in these docs.
>
> Now you can do "service jail start myjail" it will just work. :-)
>
>
> --
>   Mark Felder
>   ports-secteam member
>   feld@FreeBSD.org
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"
>


++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20953.128.135.52.6.1446065026.squirrel>