FreeBSD Jail is nothing but OS-level virtualization that allows partitioning a system into several independent mini-systems. These mini-systems are called Jails, a jail could be a complete jail that resembles the whole system or a service jail that is created for specific services such as web server, database server, etc.
The process of building jails will be the same for both kinds of jails. While creating complete jails you have two options you can create it by using binaries or sources.
FreeBSD Jails have their own root user and access right. Jails were introduced in the FreeBSD 4.x by Paul Henning Kamp. In this article, we will show how to create and deploy jails in FreeBSD.
Update your FreeBSD system
Before you start creating or deploying FreeBSD jails make sure your kernel and base system is up to date. Use the given command to fetch the system updates –
freebsd-update fetch
Next, use the given command to apply all outstanding base OS security upgrades to your system.
freebsd-update install
How to Install ezjail on FreeBSD
The ezjail tool automates and simplifies many of the jail tasks. For creating and managing jails using ezjail you need to install it in your system. Use the following command to install ezjail on freebsd.
Change the current directory to ports directory
cd /usr/ports/sysutils/ezjail
and the use-
make install clean
Now open the file /etc/rc.conf
and add the given like to start ezjail at boot time.
ezjail_enable="YES"
Start the ezjail service using –
service ezjail start
How to create a base jail template
The ezjail-admin utility is used to manage the ezjail environment and jails created. Use the given command to create or update ezjail’s environment from the source –
ezjail-admin install
You can also specify the mirror location using the option -h as follows –
ezjail-admin install -h http://ftp.freebsd.org
You can edit /usr/local/etc/ezjail.conf
to set the mirror location –
# Set mirror which is nearest to you # ezjail_ftphost=ftp://ftp5.tw.freebsd.org
The above command will populate the jail with FreeBSD-RELEASE now to populate the jail with installworld use –
ezjail-admin update -p -i
Where,
-p
– Provide ports for jail.-i
– Do not run make world. This will save time and it will use the existing buildworld done
Create a cloned loopback interface
Create another loopback interface lo1 by using the given command to keep jail loopback traffic off the host’s loopback network interface.
echo 'cloned_interfaces="lo1"' >> /etc/rc.conf ## Restart netif ## service netif cloneup
You can verify the created interface using the given command.
ifconfig
How do I start all jails
You can use the given command to start all the jails that you have created.
/usr/local/etc/rc.d/ezjail start
How do I stop all Jails
Now if you want to stop the running jails then you can use the given commands.
# /usr/local/etc/rc.d/ezjail stop
How to start or stop a specific jail
You can use the given command to start a specific jail –
/usr/local/etc/rc.d/ezjail {start/stop/restart} jail_name
For example –
To start a jail name httpd use –
/usr/local/etc/rc.d/ezjail start httpd
How to display the list of all jails
By using the given command you can list all the jails on a system
jls
OR
ezjail-admin list
Conclusion
I hope now you understand how to create and deploy a jail in FreeBSD. Now if you have a query then write us in the comments below.