From owner-freebsd-questions@freebsd.org Wed Oct 28 20:43:47 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2E823A209FA for ; Wed, 28 Oct 2015 20:43:47 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.70.90]) by mx1.freebsd.org (Postfix) with ESMTP id 0A6D61A85; Wed, 28 Oct 2015 20:43:46 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id 4A34ECB8CBE; Wed, 28 Oct 2015 15:43:46 -0500 (CDT) Received: from 128.135.52.6 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Wed, 28 Oct 2015 15:43:46 -0500 (CDT) Message-ID: <20953.128.135.52.6.1446065026.squirrel@cosmo.uchicago.edu> In-Reply-To: <1446064085.1148620.422968569.0E47599D@webmail.messagingengine.com> References: <49230.128.135.52.6.1446047977.squirrel@cosmo.uchicago.edu> <1446064085.1148620.422968569.0E47599D@webmail.messagingengine.com> Date: Wed, 28 Oct 2015 15:43:46 -0500 (CDT) Subject: Re: /etc/jail.conf documentation? From: "Valeri Galtsev" To: "Mark Felder" Cc: freebsd-questions@freebsd.org Reply-To: galtsev@kicp.uchicago.edu User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Oct 2015 20:43:47 -0000 On Wed, October 28, 2015 3:28 pm, Mark Felder wrote: > > > On Wed, Oct 28, 2015, at 10:59, Valeri Galtsev wrote: >> Dear All, >> >> Can someone recommend something similar to FreeBSD handbook that >> describes >> building jails for newer systems meaning /etc/jail.conf as opposed to >> /etc/rc.conf which handbook currently has in its jails chapter. I still >> have all jail configurations on 9.3 boxes in /etc/rc.conf, but it is >> time >> to build 10.x production boxes, and do things modern way (implying >> /etc/jail.conf). I still intend to keep building jails "old fashion way" >> as described in handbook, as opposed to using tools "ezjail" or similar. >> >> Thanks for all your advises! >> >> Valeri >> >> PS I know I can always use UNIX way of getting information, like >> >> man jail.conf >> >> , still... >> > > Hi Valeri, > > It's simpler than you think. Your /etc/jail.conf can be as simple as: > > exec.start = "/bin/sh /etc/rc"; > exec.stop = "/bin/sh /etc/rc.shutdown"; > exec.clean; > mount.devfs; > > path = /zroot/jails/$name; > > myjail{ > host.hostname = "myjail.local"; > ip4.addr = 192.168.1.5; > } > Mark, thanks a lot! I already have it running; I have a couple more I'm sure I need to have: allow.set_hostname = 0; allow.sysvipc = 0; but I definitely didn't have exec.stop = "/bin/sh /etc/rc.shutdown"; which seems to be really beneficial for jail "clean shutdown" akin we do when we shut down real system. Thanks! Valeri > You can add more options to the jail as required. Look at jail(8) man > page instead of jail.conf(5) which lists the format, but not the > options. I think this is kind of backwards myself, but I wasn't involved > in these docs. > > Now you can do "service jail start myjail" it will just work. :-) > > > -- > Mark Felder > ports-secteam member > feld@FreeBSD.org > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++