blob: ad860de6ad3b9525c73c940ab106686c6299051b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
---
title: "FreeBSD Experiment 1: Jails"
---
In my preparations for removing ESXi, I tried creating a simple jail on my test
box `helios`. As part of my purpose is to learn as much as possible, I decided
against using a tool like `ezjail` in favor of doing it "by hand." While the
FreeBSD Handbook has some information on creating jails without using additional
tools, pretty much every other document I found suggested using ezjail. There's
a chance I'll revisit ezjail in the future, as it seems to have some helpful
features like having a "base jail" so you only need one copy of the FreeBSD base
system, but for now I'd like to do as much as possible without additional tools.
<!--more-->
My goal for this experiment was to set up a simple web server (nginx) inside a
jail. To start, I edited `/etc/jail.conf` to contain the following:
```
www {
host.hostname = www.local;
ip4.addr = 10.0.2.202;
path = "/usr/jail/www";
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
}
```
Next, I used `bsdinstall(8)` to install the base system instead of compiling
from source:
```
root@helios:~ # bsdinstall jail /usr/jail/www
```
I then added `jail_enable="YES"` to `/etc/rc.conf` and started the jail:
```
root@helios:~ # service jail start www
```
This took a few seconds to complete, and then the jail showed up when I ran
`jls`:
```
root@helios:~ # jls
JID IP Address Hostname Path
1 10.0.2.202 www.local /usr/jail/www
```
I was able to enter the jail:
```
root@helios:~ # jexec www /bin/sh
#
```
But I seem not to have Internet connectivity, as attempting to use `pkg-ng`
fails:
```
# pkg install nginx
The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]: y
Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/FreeBSD:11:amd64/quarterly, please wait...
pkg: Error fetching http://pkg.FreeBSD.org/FreeBSD:11:amd64/quarterly/Latest/pkg.txz: Non-recoverable resolver failure
A pre-built version of pkg could not be found for your system.
Consider changing PACKAGESITE or installing it from ports: 'ports-mgmt/pkg'.
```
Running `ifconfig` inside the jail shows that I do not seem to have an IP
address, nor can I seem to communicate with any hosts. Interestingly when I
attempt to ping my gateway, I get the message:
```
ping: ssend socket: Operation not permitted
```
Clearly there's something I've not yet figured out.
|
