Freebsd jail setup: base jail
BaseJails are used in Thin-Jail setups.
You create a bare FreeBSD install that will be nullfs mounted as readonly in other jails.
This helps keep the total disk space low.
BaseJail Setups
download releases
This approach is my favourite, since it lets you download binaries for target releases.
See for available releases: ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64
Download/Extract release
fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/12.1-RELEASE/base.txz -o /tmp/base.txz fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/12.1-RELEASE/lib32.txz -o /tmp/lib32.txz fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/12.1-RELEASE/ports.txz -o /tmp/ports.txz tar -xvf /tmp/base.txz -C /usr/local/jails/fulljail1 tar -xvf /tmp/lib32.txz -C /usr/local/jails/fulljail1 tar -xvf /tmp/ports.txz -C /usr/local/jails/fulljail1Update baseinstall
env UNAME_r=12.1-RELEASE freebsd-update -b /usr/local/jails/fulljail fetch installbsdinstall (install from internet)
bsdinstall jail /desired/path/to/jailUnfinished -- see https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails-build.html
make buildworld (compile new kernel)
Enable jails, and add a jail to the list of jails to be started.
/etc/rc.confjail_enable="YES" jail_set_hostname_allow="NO"Compile freebsd kernel in
/usr/src# find your kernel version (ex: 11.1) uname -r # fetch kernel source-code for your kernel version fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/10.2-RELEASE/src.txz # extract src to /usr/src sudo tar -C / -xvzf src.txz # compile kernel cd /usr/src sudo make buildworldBuild jail environment
mkdir -p /home/j/jbase make installworld DESTDIR=/home/j/jbase ## create libraries, binaries, manpages etc make distribution DESTDIR=/home/j/jbase ## install all required config files sudo pkg install cpdupCreate ports collection to share amongst jails
cd /home/j/jbase mkdir usr/ports portsnap -p /home/j/jbase/usr/ports fetch extract cpdup /usr/src /home/j/jbase/usr/srcCreate skeleton for read/write part of system
cd /home/j/jbase mkdir /home/j/skel /home/j/skel/home /home/j/skel/usr-X11R6 /home/j/skel/distfiles mv etc /home/j/skel mv usr/local /home/j/skel/usr-local mv tmp /home/j/skel mv var /home/j/skel mv root /home/j/skelInstall missing config files
mergemaster -t /home/j/skel/var/tmp/temproot -D /home/j/skel -i cd /home/j/skel rm -R bin boot lib libexec mnt proc rescue sbin sys usr devsymlink r/w system to read-only system
cd /home/j/jbase mkdir s # the slashes below are intentional /s/compat for f in compat etc home root distfiles tmp var; sudo ln -s "/s/$f" "$f" ln -s /s/usr-local usr/local ln -s /s/usr-X11R6 usr/X11R6 # (or the long way...) ln -s /s/compat compat ln -s /s/etc etc ln -s /s/home home ln -s /s/root root ln -s /s/usr-local usr/local ln -s /s/usr-X11R6 usr/X11R6 ln -s /s/distfiles usr/ports/distfiles ln -s /s/tmp tmp ln -s /s/var varCreate make.conf so ports will compile in jails
/home/j/skel/etc/make.confWRKDIRPREFIX?= /s/portbuild
