d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
freebsd-skq/share/examples/jails/README
dteske 992afcace2 Fix jail examples in jib, jng, README 
The provided example jail configs do not work for multiple interfaces.
Multiple interfaces need to be specified as a comma separated list or
using multiple += lines in jail.conf. In the given example, a space-
separated string is used, which doesn't work with multiple interfaces.

Also added a note to the README about VIMAGE being built-in by default
on amd64 in FreeBSD 12, with appropriate instructions for loading the
necessary netgraph ether module (ng_ether) since it is neither built-
in nor autoloads.

Submitted by:	Ryan Moeller <ryan@freqlabs.com>
Reported by:	Ryan Moeller <ryan@freqlabs.com>
MFC after:	3 days
Sponsored by:	Smule, Inc.
Differential Revision:	https://reviews.freebsd.org/D17697
2018-10-28 18:32:47 +00:00

68 lines
1.8 KiB
Plaintext
Raw Permalink Blame History

# $FreeBSD$
The below 4 samples require a VIMAGE enabled kernel:
# (as root)
$ cp VIMAGE /usr/src/sys/amd64/conf/
$ cd /usr/src
$ make KERNCONF=VIMAGE kernel
$ reboot
FreeBSD 12 has VIMAGE enabled in GENERIC on amd64.
In that case, for jng simply load the ng_ether module first
(ng_bridge and ng_eiface will load on demand):
# (as root)
# Load the ng_ether module at boot:
$ sysrc kld_list+=ng_ether
# Load ng_ether at once without rebooting:
$ kldload ng_ether
Sample 1: jail.conf(5)
$ cp jib jng /usr/sbin/
$ cat jail.xxx.conf >> /etc/jail.conf
$ vi /etc/jail.conf
# NB: Customize root directory and bridge interface
$ sysrc jail_enable=YES
# NB: Assumes jail_list="" (meaning ``all jails in jail.conf'')
# NB: Assumes rc_conf_files="" (``below rc.conf(5) samples not used'')
$ service jail start
Sample 2: rc.conf(5)
$ cp jib jng /usr/sbin/
$ cp rc.conf.jails /etc/
$ vi /etc/rc.conf.jails
# NB: Customize root directory and bridge interface
$ sysrc rc_conf_files+=/etc/rc.conf.jails
# NB: Assumes /etc/jail.conf does not exist and jail_list=""
$ service jail start
Sample 3: Per-jail jail.conf(5)
$ cp jib jng /usr/sbin/
$ cp jail.xxx.conf /etc/
$ vi /etc/jail.xxx.conf
# NB: Customize root directory and bridge interface
$ sysrc jail_enable=YES
$ sysrc jail_list+=xxx
# NB: Assumes rc_conf_files=""
$ service jail start
Sample 4: Per-jail rc.conf(5)
$ cp jib jng /usr/sbin/
$ cp rcjail.xxx.conf /etc/
$ vi /etc/rcjail.xxx.conf
# NB: Customize root directory and bridge interface
$ sysrc jail_enable=YES
$ sysrc jail_list+=xxx
$ sysrc rc_conf_files+=/etc/rcjail.xxx.conf
# NB: Assumes neither /etc/jail.conf nor /etc/jail.xxx.conf exist
$ service jail start
For additional recipes, see share/examples/netgraph for
making and hooking together jails using netgraph as the
virtual networking fabric.
Reference in New Issue View Git Blame Copy Permalink