Freebsd jail setup: thin jail: Difference between revisions

From wikinotes
No edit summary
(No difference)

Latest revision as of 11:43, 13 June 2020

Thin jails are jails that mount a basejail as readonly.
This basejail is generally shared with several other jails.


Thin jails have been criticized for being difficult to manage, particularly for updates.
If you have the disk space, create a thick jail instead.

FreeBSD <=10

Create jail in filesystem

# Create New Jails (within system)
mkdir -p /home/j/gitbox/s
mkdir -p /home/js/gitbox

mkdir /home/js
cpdup /home/j/skel /home/js/gitbox


# /home/j/gitbox/etc/resolv.conf
nameserver  # router ip addr


Each jail can now store it's own fstab, keeping your root system's fstab clean.

You can keep this file wherever you'd like.
Reference it within your jail.conf's mount.fstab setting.

# /etc/jails/{yourjail}.fstab
/home/j/jbase    /home/j/gitbox    nullfs   ro  0   0
/home/js/gitbox  /home/j/gitbox/s  nullfs   rw  0   0


Jail options can be set for all jails by writing them outside of a jail's scope.
Jail options can be referenced within other options using bash variable syntax.
All options can be defined either globally, or for a specific jail.

# /etc/jail.conf

exec.start="/bin/sh /etc/rc";
exec.stop="/bin/sh /etc/rc.shutdown";
mount.fstab = "/etc/jails/${host.hostname}.fstab";

wikijail {

FreeBSD <10

Create jail in filesystem

# Create New Jails (within system)
mkdir -p /home/j/gitbox/s
mkdir -p /home/js/gitbox

mkdir /home/js
cpdup /home/j/skel /home/js/gitbox


# /home/j/gitbox/etc/resolv.conf
nameserver  # router ip addr


In FreeBSD 9, jail mounts had to be declared within your host-server's fstab.

# /etc/fstab
/home/j/jbase    /home/j/gitbox    nullfs   ro  0   0
/home/js/gitbox  /home/j/gitbox/s  nullfs   rw  0   0