Jail doesn't seem to start

M

minimike

Hi

I wanna want to create Jails to learn the technology. So I am following the instructions from http://www.freebsd.org/doc/handbook/jails-build.html

So my rc.conf:

Code: 
jail_enable="NO"                                 # Set to NO to disable starting of any jails
jail_list="fbtomcat"                             # Space separated list of names of jails

jail_fbtomcat_rootdir="/var/jails/fbtomcat"      # jail's root directory
jail_fbtomcat_hostname="fbtomcat"                # jail's hostname
jail_fbtomcat_ip="192.168.2.21"                  # jail's IP address
jail_fbtomcat_devfs_enable="YES"                 # mount devfs in the jail

Now i wanna I want to start and access the Jail
Code: 
root@ ~src # /etc/rc.d/jail onestart fbtomcat 
Configuring jails:.
Starting jails: fbtomcat.
root@ ~src # jexec -U root fbtomcat /bin/sh
jexec: jail "fbtomcat" not found

Ping to the Jail fails too. Currently I don't understand what is going wrong. Can anybody help me? I am using FreeBSD 8.1

best regards
Darko Hojnik
 
Ok, first you have a problem with
Code: 
jail_fbtomcat_devfs_enable="YES"
in the way that you didn't specify
Code: 
jail_<jname>_devfs_ruleset="<devfs.rules_ID>"

Second, "jexec" expects a JID (integer) and not a "name".

ex: jexec -U root 1 /bin/whatever
where "1" is the JID of jail XYZ.
 
Hello da1

Thank you very much for your help. My first Jail is running now. So i have written
Code: 
jail_fbtomcat_devfs_ruleset="devfsrules_jail"
in the rc.conf. And I have fixed some other stuff. So the network is running too.

Currenty I couldn't use ping, nmap and sysinstall inside the Jail. Because I don't have as Root the right permissions for them. Do I have to modify the /etc/devfs.conf? Or where I have to set the propper permissions? And it is possible to hide the output from dmesg and to hide all unused NIC's inside the Jail?

kind regards
Darko Hojnik
 
You'd need to allow raw sockets inside the jail for pings and most of the nmap scans to work.
$ sysctl -d security.jail.allow_raw_sockets
Keep in mind that this will potentially allow the prison root to do whatever they want with your network.
 
Code: 
sysctl -d security.jail.allow_raw_sockets

hmm there is no alternative solution for them? I am thinking about to offer some Jails for rent to some of my customers. I am buying big Servers and I am testing what would be better. FreeBSD Jails or Solaris Zones. On FreeBSD I am able to run Debian KfreeBSD in a Jail without emulate something like Linux Zones on Solaris. I do not like the Filesystems, the bad Scheduler and the Managment for memory of current Linuxdistros. So currently I am thinking now, it's the best time to switch completely to Unix.
 
minimike said:
I am thinking about to offer some Jails for rent to some of my customers.
Click to expand...

Maybe "VIMAGE" will help you a bit further ?

Give it a try but keep in mind it is still consider experimental (due to lack of SCTP support alongside VIMAGE).

However, I was able to build a kernel with both VIMAGE and SCTP options (maybe it was fixed).
 
Hello da1

thank you for your suggestion. I have tried VIMAGE with Jails. So after my first tests I am really happy with them. I only have problems with bridging, but that will have to takes another thread

kind regards
Darko Hojnik
 
You must log in or register to reply here.
Back
Top