From owner-freebsd-jail@FreeBSD.ORG  Wed Mar  3 07:08:56 2010
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2B84A106564A
	for <freebsd-jail@freebsd.org>; Wed,  3 Mar 2010 07:08:56 +0000 (UTC)
	(envelope-from baptiste.daroussin@gmail.com)
Received: from mail-bw0-f224.google.com (mail-bw0-f224.google.com
	[209.85.218.224])
	by mx1.freebsd.org (Postfix) with ESMTP id ACBD08FC0A
	for <freebsd-jail@freebsd.org>; Wed,  3 Mar 2010 07:08:55 +0000 (UTC)
Received: by bwz24 with SMTP id 24so1104481bwz.13
	for <freebsd-jail@freebsd.org>; Tue, 02 Mar 2010 23:08:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:received:date:from:to:subject
	:message-id:mime-version:content-type:content-disposition:user-agent;
	bh=CP05h5zF/q+MKCWfyMy6/7lfJL+ZTjN3ufQzA3Zvu7w=;
	b=BqHudhdm6XHTmF1K3iT9Le7/uTsoQIuCKQQTcTl1/k8UqcaoklfW8I1Zo0rOrzRfDC
	ZnRdgFn2X2RBEEPb3wVg2Y+xej3qGNp5s/IwEW8iLxD5OrUPMEggcpDQDD9em5a+oJLL
	12pow+xBSIDg+DS1pVWFRBWRSRenMhzT6eHR4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=date:from:to:subject:message-id:mime-version:content-type
	:content-disposition:user-agent;
	b=P9xVE4vEF+CG6XDXR0nqg2c7ZxZB4vi+Re6T9c9jBRStCSNFriVGsVXVsWwaUcffOn
	ULW9pzX7JaXhFxnuypbeBgaaQR4U4wgNmJmPe2iAOkhiDXtlKyDBgWupDIKaDhO0y0fV
	Xnmb5+XGcaFtTzuZv1PQccloToSTQGm1+bGl0=
Received: by 10.204.11.11 with SMTP id r11mr5657297bkr.12.1267598546057;
	Tue, 02 Mar 2010 22:42:26 -0800 (PST)
Received: from wicklow.lan (stc92-3-82-245-249-89.fbx.proxad.net
	[82.245.249.89])
	by mx.google.com with ESMTPS id g18sm328880bkw.19.2010.03.02.22.42.25
	(version=TLSv1/SSLv3 cipher=RC4-MD5);
	Tue, 02 Mar 2010 22:42:25 -0800 (PST)
Received: from bapt (uid 1001) (envelope-from baptiste.daroussin@gmail.com)
	id 2d2d6 by wicklow.lan (DragonFly Mail Agent)
	Wed, 03 Mar 2010 07:37:57 +0100
Date: Wed, 3 Mar 2010 07:37:57 +0100
From: Baptiste Daroussin <baptiste.daroussin@gmail.com>
To: freebsd-jail@freebsd.org
Message-ID: <20100303063757.GA20246@wicklow.lan>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.20 (2009-06-14)
Subject: Linux-only jail: yes it is possible
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Mar 2010 07:08:56 -0000

Hi,

I'm new to the list I just want to testify that linux-only jails are possible.

I just (a few days ago) managed to have Debian GNU/Linux Lenny in a jail on
FreeBSD 8-STABLE (last update should be january). It is not perfect but it
works. For now I've been able to make work ssh, apache, xinetd, cron. The only
tested thing that currently fail is ssysklogd because of tries entries in /dev.

Explaination in french are available here:
http://blog.etoilebsd.net/post/Emprisonner_une_debian_dans_un_FreeBSD

Here is a fast translation:

1/ Create the jail skeleton:
# mkdir /home/jails/debian
# mkdir /home/jails/debian/dev
# mkdir /home/jails/debian/proc
# mkdir /home/jails/debian/sys

2/ Load the linuxulator modules
# kldload linux
# kldload linprocfs
# kldload linsysfs
# kldload lindev

3/ Mount the requiered FS
# mount -t devfs none /home/jails/debian/dev
# mount -t linprocfs none /home/jails/debian/proc
# mount -t linsysfs none /home/jails/debian/sys

(note: I'm note sure lindev is important or not)

I use and OpenVZ debian image for my setup because I'm lazy
4/ fetch it
# fetch http://download.openvz.org/template/precreated/debian-5.0-x86.tar.gz

5/ unpack it 
# tar xvfp debian-5.0-x86.tar.gz -C debian --exclude dev* --exclude proc* \
--exclude sys*

now to be able to start the jail normally we only need one process to run (I
didn't really try to make it persistant with the persist keyword)

To take care of my lasyness, I created a /etc/rc and /etc/rc.shutdown on the
debian to be sure it can work with the jails init script ootb.

# echo "/etc/init.d/cron start" > /home/jails/debian/etc/rc
# chmod 755 /home/jails/debian/etc/rc
# echo "/etc/init.d/cron stop" > /home/jails/debian/etc/rc.shutdown
# chmod 755 /home/jails/debian/etc/rc.shutdown

in the rc.conf :
jail_debian_rootdir=/home/jails/debian
jail_debian_hostname="debian"
jail_debian_ip="192.168.1.3"
jail_debian_interface="nfe0"
jail_debian_devfs_enable="YES"
jail_debian_devfs_ruleset="devfsrules_jail"
jail_debian_flags="-n debian"

# /etc/rc.d/jail start debian # to start it

Here is the magic:
#jls
   JID  IP Address      Hostname                      Path
       15  192.168.1.3     debian                        /home/jails/debian
#jexec debian uname -a
	   Linux debian 2.6.16 FreeBSD 8.0-STABLE #3: Sun Jan 10 20:39:38 CET 2010 i686 GNU/Linux
#jexec debian cat /etc/debian_version
	   5.0.4

my main  usage is to be able to test my own C code on linux.

Hope it can help.

regards,
-----
Bapt