jails Running Linux in a Jail

B

balanga

I see msgs about people running Linux in a Jail and have no idea about how to go about it.

Can someone suggest a guide? And does it apply to all Linux flavours, or just Debian and Ubuntu?
 
Many thanks Holger . I tried to incorporate your instructions into the following script:-
Bash: 
#!/bin/sh

export JAILNAME="Linux"
export JAIL="/usr/jail/$JAILNAME"

mkdir -p $JAIL

for DIR in /dev/fd /dev/shm /tmp /proc /sys; do mkdir -p $JAIL/${DIR}; done

pkg install -y debootstrap
debootstrap --arch=amd64 --no-check-gpg focal $JAIL

cat <<EOF > $JAIL/etc/fstab
 devfs           $JAIL/dev      devfs           rw                      0       0
 tmpfs           $JAIL/dev/shm  tmpfs           rw,size=1g,mode=1777    0       0
 fdescfs         $JAIL/dev/fd   fdescfs         rw,linrdlnk             0       0
 linprocfs       $JAIL/proc     linprocfs       rw                      0       0
 linsysfs        $JAIL/sys      linsysfs        rw                      0       0
 /tmp            $JAIL/tmp      nullfs          rw                      0       0
EOF

cat <<EOF >> /etc/jail.conf
$JAILNAME {
    host.hostname="$JAILNAME";
    ip4.addr= 192.168.1.111;
    path="$JAIL";
    allow.raw_sockets=1;
    exec.start='/bin/true';
    exec.stop='/bin/true';
    persist;
    mount.fstab="$JAIL/etc/fstab";
}
EOF

kldload linux64
sysrc +=kld_list linux64
sysrc jail_enable=YES

service jail start Linux
jls
jexec Linux /bin/bash

This seems to work, but I get the following when entering the jail:-

Code: 
root@X1:/etc# jexec Linux /bin/bash
groups: cannot find name for group ID 0
groups: cannot find name for group ID 5
I have no name!@Linux:/#
Looks like I'm missing something... Any idea what I've overlooked?
 
Last edited by a moderator:
cmoerz said:
It appears your jail does not have a hostname and you might be missing /etc/group?
Click to expand...
root@X1:/# cat /etc/jail.conf:-
Code: 
Linux {
    host.hostname="Linux";
    ip4.addr= 192.168.1.111;
    interface = wlan0;
    path="/usr/jail/Linux";
    allow.raw_sockets=1;
    exec.start='/bin/true';
    exec.stop='/bin/true';
    persist;
    mount.fstab="/usr/jail/Linux/etc/fstab";
}

service jail start Linux
Starting jails: Linux.

jls
Code: 
   JID  IP Address      Hostname                      Path
     1  192.168.1.108   openwrt                       /usr/jail/openwrt
     2  192.168.1.109   FreeBSD                       /usr/jail/FreeBSD
     3  192.168.1.110   mfsbsd                        /usr/jail/mfsbsd
     5  192.168.1.111   Linux                         /usr/jail/Linux

As for users and groups, I have no idea how they should be dealt with in a jail. Does the jail inherit the values from the host or should the jail have its own? I didn't see any reference for handling these in the guide I followed.
 
The linux jail gets its groups from /etc/group within its directory root. So, if you install your linux environment under /jail/linux, then it's going to be under /jail/linux/etc/group. /compat/linux is not required for that. That's used not for linux jails but for linux compatibility in the host system.

You need to have linux compatibility turned on, otherwise it won't work. I.e. sysrc linux_enable=YES && service linux start. This ensures that all required linuxkpi kernel modules are loaded for the compatibility layer to be available.

docs.freebsd.org

Chapter 12. Linux Binary Compatibility

FreeBSD provides binary compatibility with Linux, allowing users to install and run most Linux binaries on a FreeBSD system without having to first modify the binary
docs.freebsd.org docs.freebsd.org

If you use i.e. debootstrap, this should all be set up out of the box. See https://wiki.freebsd.org/LinuxJails

If your posts up there are from your system: what's under /usr/jails/Linux and /usr/jails/Linux/etc/group in particular? Watch the uppercase L there.
 
balanga said:

As for users and groups, I have no idea how they should be dealt with in a jail. Does the jail inherit the values from the host or should the jail have its own? I didn't see any reference for handling these in the guide I followed.
Click to expand...
I always use adduser(8) and explicitly create users in a jail. I.e.
Code: 
jexec my-jail sh
adduser myuser
 
cmoerz said:
The linux jail gets its groups from /etc/group within its directory root. So, if you install your linux environment under /jail/linux, then it's going to be under /jail/linux/etc/group. /compat/linux is not required for that. That's used not for linux jails but for linux compatibility in the host system.
Click to expand...
/usr/jail/Linux/etc/group is missing from the jail's filesystem. The rest looks fine though.

cmoerz said:
You need to have linux compatibility turned on, otherwise it won't work. I.e. sysrc linux_enable=YES && service linux start. This ensures that all required linuxkpi kernel modules are loaded for the compatibility layer to be available.

docs.freebsd.org

Chapter 12. Linux Binary Compatibility

FreeBSD provides binary compatibility with Linux, allowing users to install and run most Linux binaries on a FreeBSD system without having to first modify the binary
docs.freebsd.org docs.freebsd.org

If you use i.e. debootstrap, this should all be set up out of the box. See https://wiki.freebsd.org/LinuxJails

If your posts up there are from your system: what's under /usr/jails/Linux and /usr/jails/Linux/etc/group in particular? Watch the uppercase L there.
Click to expand...
I installed sysutils/debootstrap but then ran debootstrap --arch=amd64 --no-check-gpg focal /usr/jail/Linux.

According to https://wiki.freebsd.org/LinuxJails I should have run debootstrap bionic /compat/ubuntu

Maybe I created problems for myself by naming my jail Linux instead of ubuntu like all the examples show.

I think I will start again from scratch.

Does debootstrap install /etc/group?
 
You must log in or register to reply here.
Back
Top