Freebsd jail setup: thin jail
Thin jails are jails that mount a basejail as readonly.
This basejail is generally shared with several other jails.
NOTE:
Thin jails have been criticized for being difficult to manage, particularly for updates.
If you have the disk space, create a thick jail instead.
FreeBSD <=10
Create jail in filesystem
# Create New Jails (within system) mkdir -p /home/j/gitbox/s mkdir -p /home/js/gitbox mkdir /home/js cpdup /home/j/skel /home/js/gitbox/home/j/{jail}/etc/resolv.conf
# /home/j/gitbox/etc/resolv.conf nameserver 192.168.1.1 # router ip addr
/etc/jails/{jail}.fstab
Each jail can now store it's own fstab, keeping your root system's fstab clean.You can keep this file wherever you'd like.
Reference it within your jail.conf'smount.fstab
setting.# /etc/jails/{yourjail}.fstab /home/j/jbase /home/j/gitbox nullfs ro 0 0 /home/js/gitbox /home/j/gitbox/s nullfs rw 0 0
/etc/jail.conf
Jail options can be set for all jails by writing them outside of a jail's scope.
Jail options can be referenced within other options using bash variable syntax.
All options can be defined either globally, or for a specific jail.# /etc/jail.conf exec.start="/bin/sh /etc/rc"; exec.stop="/bin/sh /etc/rc.shutdown"; mount.fstab = "/etc/jails/${host.hostname}.fstab"; path=/home/jail/${host.hostname}; wikijail { allow.mount; allow.mount.devfs; allow.mount.nullfs; host.hostname=wikijail; ip4.addr=192.168.1.131; }
FreeBSD <10
Create jail in filesystem
# Create New Jails (within system) mkdir -p /home/j/gitbox/s mkdir -p /home/js/gitbox mkdir /home/js cpdup /home/j/skel /home/js/gitbox/home/j/{jail}/etc/resolv.conf
# /home/j/gitbox/etc/resolv.conf nameserver 192.168.1.1 # router ip addr
/etc/fstab
In FreeBSD 9, jail mounts had to be declared within your host-server's fstab.
# /etc/fstab /home/j/jbase /home/j/gitbox nullfs ro 0 0 /home/js/gitbox /home/j/gitbox/s nullfs rw 0 0