Step 1:
Install ezjail-admin. FreeBSD 10.0 uses pkgng for package management, so installation can be accomplished with
pkg install ezjail
Step 2:
Install the base jail. In this example, the binary applications will be used.
ezjail-admin install
This creates the base jail in /usr/jails/basejail that all other jails will use. The filesystem is mounted inside the jail as a read-only filesystem. This creates a single point for base system management and saves disk space.
Step 3:
Create the jail. In this case, "example.local" is the jail name, and 10.0.2.20 is the ip address.
ezjail-admin create example.local 10.0.2.20
The configuration file for the new jail will be /usr/local/etc/ezjail/example_local. Be sure to add in the ip alias on the host system, and to verify the jail binds to the address.
echo 'ifconfig_em0_alias0="inet 10.0.2.20 netmask 255.0.0.0"' >> /etc/rc.conf
Step 4:
Enable ezjail at boot and start the service.
echo 'ezjail_enable="YES"' >> /etc/rc.conf service ezjail start
You can verify the jail is running with jls.
JID IP Address Hostname Path 1 10.0.2.20 example.local /usr/jails/example.local
Step 5:
To access a jail console, use
ezjail-admin console example.local
Any modifications to the jail outside of the base system will now be stored in the /usr/jails/example.local directory. You may need to add a nameserver to the new jail to be able to add packages. Something like "echo 'nameserver 8.8.8.8' > /etc/resolv.conf" from the jail console should do. You can stop and start a particular jail with the command
service ezjail start <jailname> service ezjail stop <jailname>
No comments:
Post a Comment