---
title: "FreeBSD Experiment 1: Jails"
---

In my preparations for removing ESXi, I tried creating a simple jail on my test
box `helios`. As part of my purpose is to learn as much as possible, I decided
against using a tool like `ezjail` in favor of doing it "by hand." While the
FreeBSD Handbook has some information on creating jails without using additional
tools, pretty much every other document I found suggested using ezjail. There's
a chance I'll revisit ezjail in the future, as it seems to have some helpful
features like having a "base jail" so you only need one copy of the FreeBSD base
system, but for now I'd like to do as much as possible without additional tools.

<!--more-->

My goal for this experiment was to set up a simple web server (nginx) inside a
jail. To start, I edited `/etc/jail.conf` to contain the following:

```
www {
  host.hostname = www.local;
  ip4.addr = 10.0.2.202;
  path = "/usr/jail/www";
  exec.start = "/bin/sh /etc/rc";
  exec.stop = "/bin/sh /etc/rc.shutdown";
}
```

Next, I used `bsdinstall(8)` to install the base system instead of compiling
from source:

```
root@helios:~ # bsdinstall jail /usr/jail/www
```

I then added `jail_enable="YES"` to `/etc/rc.conf` and started the jail:

```
root@helios:~ # service jail start www
```

This took a few seconds to complete, and then the jail showed up when I ran
`jls`:

```
root@helios:~ # jls
   JID  IP Address      Hostname                      Path
     1  10.0.2.202      www.local                     /usr/jail/www
```

I was able to enter the jail:

```
root@helios:~ # jexec www /bin/sh
#
```

But I seem not to have Internet connectivity, as attempting to use `pkg-ng`
fails:

```
# pkg install nginx
The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]: y
Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/FreeBSD:11:amd64/quarterly, please wait...
pkg: Error fetching http://pkg.FreeBSD.org/FreeBSD:11:amd64/quarterly/Latest/pkg.txz: Non-recoverable resolver failure
A pre-built version of pkg could not be found for your system.
Consider changing PACKAGESITE or installing it from ports: 'ports-mgmt/pkg'.
```

Running `ifconfig` inside the jail shows that I do not seem to have an IP
address, nor can I seem to communicate with any hosts. Interestingly when I
attempt to ping my gateway, I get the message:

```
ping: ssend socket: Operation not permitted
```

Clearly there's something I've not yet figured out.