Jails

Source: https://docs.freebsd.org/en/books/handbook/jails/

---

Cheatsheet

Start / Stop / Restart a Jail

service jail <start/stop/restart> <jail_name>

Managing Packages in a Jail

It is possible to manage packages of a jail from the host using this command:

pkg -j <jail_name> install <package_name>

Execute Commands in a Jail

jexec -l <jail_name> <command>

Get a shell in a Jail

jexec <jail_name> /bin/sh

Get info about Jails

jls

Update a Jail

You can update a jail using the following command:

freebsd-update -b <path_to_jail> fetch install

Upgrade a Jail

You can upgrade a jail using the following command:

freebsd-update -j <jail_name> fetch install
service jail restart <jail_name>

Warning

To upgrade the jail to a new major or minor version, first upgrade the host system as described in Performing Major and Minor Version Upgrades. Once the host has been upgraded and rebooted, the jail can then be upgraded.

For example to upgrade from 13.1-RELEASE to 13.2-RELEASE, execute the following commands on the host:

freebsd-update -j <jail_name> -r 13.2-RELEASE upgrade
freebsd-update -j <jail_name> install
service jail restart <jail_name>
freebsd-update -j <jail_name> install
service jail restart <jail_name>

Info

It is necessary to execute the install step two times. The first one upgrades the kernel, and the second one upgrades the rest of the components.

Then, if it was a major version upgrade, reinstall all installed packages and restart the jail again. This is required because the ABI version changes when upgrading between major versions of FreeBSD.

From the host:

pkg -j <jail_name> upgrade -f
service jail restart <jail_name>

---

Install a Jail

Source:

• https://docs.freebsd.org/en/books/handbook/jails/#creating-classic-jail

First create a ZFS or UFS dataset / directory to store the jail. The default path is /usr/local/jails/containers/<jail_name>.

Now install the jail content into that directory using the following command and following the install wizard:

bsdinstall jail <path_to_jail_dir>

Now create a jail configuration file. This file can be added to the directory /etc/jail.conf.d and should have the jailname as its name like this: <jail_name>.conf Also create another file at /etc/jail.conf with the following content to include all jail configuration files:

.include "/etc/jail.conf.d/*.conf";

The content of the actual configuration file could look like this:

<jail_name> {    
 # STARTUP/LOGGING  
 exec.start = "/bin/sh /etc/rc";    
 exec.stop = "/bin/sh /etc/rc.shutdown";    
 exec.consolelog = "/var/log/jail_console_${name}.log";    
  
 # PERMISSIONS  
 #allow.raw_sockets;    
 exec.clean;    
 mount.devfs;    
  
 # HOSTNAME/PATH  
 host.hostname = "${name}";    
 path = "<path_to_jail>/${name}";    
  
 # NETWORK  
 ip4 = inherit;    
 interface = re0;    
 
 # FSTAB  
 mount.fstab="/etc/fstab.${name}";
}

To start jails at system boot add the following line to /etc/rc.conf:

jail_enable="YES"
jail_parallel_start="YES"

You can now start the jail by using one of the following commands:

jail -c <jail_name>

or

service jail start <jail_name>

To get the shell of that jail use:

Get a shell in a Jail

jexec <jail_name> /bin/sh

Link to original