jail

Hi all, I have just upgraded from 13.5-RELEASE to 15.0-RELEASE on my arm64 machine, and am now trying to update my Bastille thin jails. I'm running Bastille 1.3.2.251225, and have followed the instructions for upgrading thin jails in the documentation. All goes well until I get to the...

Hi everyone, I'm attempting to setup a couple of jails with VLANs not just to continue educating myself on FreeBSD networking, but also to configure some testing infrastructure that'll hopefully help me to debug a problem I'm having with my pfSense CE router and my real VLANs after upgrading...

Okkkk, this is so dangerous. I did "add hide" for all devices before starting a jail and then whitelisted a couple of devices I need. Then, some time later ukbd0 and kbd2 miraculously appear in the jail! 😲😲😲 This seems crazy. Can a jail make sure nothing get added to it dynamically after it...

I'm shifting my gateway from 14.2 to 15.0 and the gateway runs a number of applications (statically compiled) in jails of their own. What I have encountered with a clean fresh install of 15 (that's absent in both 14.2 (current gateway) and 14.3 (testbed)) is that processes that are forked by...

I'm using bastille to create jails and so far it has been just fine. Since freebsd doesn't have a mount.cifs (like linux) the only legitimate option is using rclone. This works great but I noticed that the internal jail fstab doesn't seem to want to mount it even though it mounts just fine when...

I have a fresh install of FreeBSD 15.0-RELEASE (with pkgbase). I've created a jail via bsdinstall as a ZFS file system: zroot/jails/myjail 618M 1.08T 618M /jails/myjail When I go to install anything e.g. Nginx I get: pkg Fail to chflags /libexec/ld-elf32.so.1:Operation not...

Hi! I have a system running FreeBSD 15.0-RELEASE. The machine was upgraded to 15.0 using traditional freebsd-update procedure and then pkgbasified using pkgbasify and some modifications to the lua script. Now I want to upgrade a number of jails on that machine that are running 14.3-RELEASE-p6...

The principle of least privilege can be defined as “A security principle that a system should restrict the access privileges of users (or processes acting on behalf of users) to the minimum necessary to accomplish assigned tasks.”, and in the context of FreeBSD jails, this is where it really...

"The Ephemeral Concept" of AppJail is easy to implement in jails due to how easily they are managed, but virtual machines are just another way to achieve this, albeit a more complex one. In this article, we will implement "The Ephemeral Concept" on FreeBSD virtual machines using nbdkit as our...

Hello everyone! After some time around playing with pkgbase, I've found a way for making minimal OCI\Podman\Docker-like chroot environments where theres only an app (could be many of them, though) and its dependencies inside a chroot environment. No need for managing 500+MB bases or having...

I've got 5 static IP's from my ISP, but they are tied to mac addresses in order to obtain them. I'm trying to avoid VM's where I can, in favour of jails, but can't seem to get my assigned IP's when using a jail. I'm currently setting my hw addr in a jail by adding the line exec.created +=...

Hey guys, Is there something similar to NetBSD veriexec(8) on FreeBSD? I want to restrict in a jail the execution of only certain system binaries (even limiting root). Setting the filesystem as 'exec' only on the standard directories `/usr/bin` and `/usr/sbin` and 'noexec' on the others does...

In this article, we'll deploy both Jellyfin and Jellyseerr using Overlord, a DevOps-oriented tool for FreeBSD that emphasizes a declarative approach. Link: https://dtxdf.github.io/jellyseerr.html

GitOps is a modern operational framework that uses Git as the single source of truth. It is often mandatory to use a tool that emphasizes a declarative approach, where you define the desired state and the tool does the hard work. Or, in other words, an "everything is code" philosophy. Link...

It seems that pkg-base will soon be the standard on FreeBSD systems, but there seems to be no documentation concerning jails. So I’ll ask a few questions. How does one create a jail using pkg-base? Do we still fetch the .txz files? How does you update and upgrade a jail? How do you convert a...

Hi, I have a home server running FreeBSD with multiple services running in jails (using bastille). Right now I have the simplest networking setup using private IP addresses alias to my main re0 interface (as describe here...

https://docs.freebsd.org/en/books/handbook/jails/ I might be missing something - but if I follow this guide and I get to the point where I think I'm supposed to make these symbolic links - since we just moved the directories (usr, var etc) from the "base" to the "skeleton" in the steps before -...

Hello, I have a webserver configured in a VNET jail. The jail has its own IP 192.168.1.11 and I can access it in my LAN network without issue. However when I'm outside of my network, I can't reach the webserver. I got either timed out or "connection reset by peer" errors. I have the forward...

Hi, I am having issues setting up network on a dedicated server. Basic network tests are failing (cf. end of this message) 1/ Here is main objectives Secure both HOST and JAILS Jails must be able to access public IP (Internet) Jails MUST NOT be able to see any other jail than themself NB : I...

Hello everyone, today I tried to update the pkg list within one of my (classic) jails: # pkg update Updating FreeBSD repository catalogue... [bifrost.arthur] Fetching data.pkg: 100% 9 MiB 9.9MB/s 00:01 Processing entries: 0% Newer FreeBSD version for package zx: To ignore this...