 |
  OS Lab FreeBSD Jail Tools |
Tools to Handle Jails under FreeBSD
jail is available since FreeBSD-4.0 and permits to encapsulate one or more processes within a 'jail', a sort of virtualization of a machine is possible. In order to use a jail some preparations are required.
man jail provides an overview and step-by-step setup for a jail. Based on man jail we developed a few shell-scripts collection called JailTools (aka jail_tools) which helps to
- install,
- start,
- stop
and- delete jails.
Two main installation types are available, either
Additional the two ways to do the installation is available:
- full install, a full autonomous jail, and
- light install, where /usr of the jail-host is mounted read-only
- shared disk where the host disk is shared, or
- dedicated disk where a file-based disk is used, which enables to copy, backup and restore a jail system disk easily.
You even can also attach a
which can be connected with any VNCviewer or even an java-enabled web-browser.
- virtual X11 screen to each jail,
We use the jail_tools for testing several /usr/ports versions, and the package system and custom developed package manipulation scripts. Maybe you have also use for those scripts.
We are aware there are quite a few jail utils or tools developed, but not many are available on the net publically.
It contains a couple of READMEs, scripts, and config-files:
HISTORY: 2005-04-15: 0.12:
jail_tool.1 man page added, jail.sh at boot clears <jail_root>/.vn/* entries2004-12-08: 0.11:
jail_install -v fixed, and small bug fix when creating jail_root2004-11-20: 0.10:
jail_ps & jail_stop complain when there is no /proc2004-05-19: 0.09:
better 5.x support (testing mdconfig and mount_devfs)2004-03-14: 0.08:
bit code beautifying (jail_install)2004-02-23: 0.07:
added jail_ro_usr global var in jail.conf, and -v for all scripts and preliminary support for FreeBSD-5.x now, also have jails named like the IP (no longer jail_<ip>) for simplificity (e.g. jail_ps). README also updated, more information and hints2004-02-18: 0.06:
extended jail.conf jailconfig_* parameters for virtual (off-screen) x11 screens, also jail_update added2004-02-10: 0.05:
file-based disks supported with -disk <disk_size> switch in jail_install (read new NOTE: for jail_install in the README)2004-01-10: 0.04:
jail.sh fixed, jail_install with -light support2003-10-30: 0.03:
first public release
- README, an overview and details
- README.x11, using virtual x11 screens
- README.virtual_disks, using virtual disks
- HISTORY
- LICENSE
- jail_tools.1, the man page
- jail.conf, the almighty config
- jailtab, like the /etc/fstab
- jail_install, creates a jail
- jail_start, starts the jail
- jail_stop, stops the jail
- jail_delete, deletes a jail
- jail_ps, list processes of a jail or list all running jails
- jail_update, update (upgrade) the jail
- jail.sh, starts jails at boot of the host
Downloads
jail_tools-0.12.tar.gz Download the tools, License: BSD, Supported OS: FreeBSD 4.x & FreeBSD 5.x
More Details
Jail Tools Cookbook A few hints and tips fbsd_jails WebGUI WebMin (WebGUI) module to handle jails with jail_tools
Preparation & Starting On the host:
% cd /usr/src/; make buildworld % vi /usr/local/etc/jail.conf % mkdir /usr/jails % jail_install 192.168.0.100 % jail_start 192.168.0.100
Running /etc/rc After that you are in the jail, and run the /etc/rc:
# sh /etc/rc Skipping disk checks ... Doing initial network setup:. Additional routing options: TCP keepalive=YES Routing daemons:. Additional daemons: syslogd. Doing additional network setup:. Starting final network daemons:. ELF ldconfig path: /usr/lib /usr/lib/compat /usr/local/lib a.out ldconfig path: /usr/lib/aout /usr/lib/compat/aout Starting standard daemons: inetd cron. Initial rc.i386 initialization:. Additional ABI support:. Local package initialization:. Additional TCP options:. Sun Aug 24 18:12:17 GMT 2003 Edit /etc/inetd.conf and comment out the lines with "ftp", "telnet", "shell", and "login" (this for test purposes), after that
# killall -1 inetd Then you define the passwd of user "jail":
# passwd jail Changing local password for jail. New password: Retype new password: passwd: updating the database... passwd: done Then let's exit from the jail:
# exit
rlogin into Jail Since we activated "login", you will be able to access the jail:
% rlogin 192.168.0.100 Password: Last login: Fri Aug 22 21:37:47 from colossus.local Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 4.8-STABLE (GENERIC) #0: Tue Jul 15 13:04:19 CEST 2003 Welcome to FreeBSD! ... Then you are logged into the jail.
Processes
% ps ax PID TT STAT TIME COMMAND 26495 ?? IsJ 0:00.01 /usr/sbin/syslogd -s 26503 ?? IsJ 0:00.00 /usr/sbin/inetd -wW 26505 ?? IsJ 0:00.01 /usr/sbin/cron 27090 ?? SsJ 0:00.01 rlogind 27091 p2 IsJ 0:00.01 login [pam] (login) 27092 p2 SJ 0:00.01 -tcsh (tcsh) 27748 p2 R+J 0:00.00 ps ax
On the host you can see the processes as well (same process ids):
# jail_ps 192.168.0.100 26495 syslogd 26503 inetd 26505 cron 27087 sh 27090 rlogind 27091 login 27092 tcsh
Nate Nielsen's Jails/Jailer Hints and few utils for jails Pawel Jakub Dawidek's FreeBSD page Couple of useful patches (see jailfstat: hide host mounts within jail, mijail: multiple IPs for a jail) FreeBSD Docs: Jail Useful paper jailNG Robert Watson's further extensions iMeme's Jailed Systems Using Jail() and Massively Jailed Systems Patch: Fix information-leak (mounts) in jail(2) Hides mounts within the jail to only local mounts CHROOT Break Descriptoin how to break out of chroot
 FreeBSD | FreeBSD Diskless |
All Rights Reserved - (C) 1997 - 2008 by The Labs.Com
Top of PageThe Labs.Com