jail

Hello everyone! After some time around playing with pkgbase, I've found a way for making minimal OCI\Podman\Docker-like chroot environments where theres only an app (could be many of them, though) and its dependencies inside a chroot environment. No need for managing 500+MB bases or having...

I've got 5 static IP's from my ISP, but they are tied to mac addresses in order to obtain them. I'm trying to avoid VM's where I can, in favour of jails, but can't seem to get my assigned IP's when using a jail. I'm currently setting my hw addr in a jail by adding the line exec.created +=...

Hey guys, Is there something similar to NetBSD veriexec(8) on FreeBSD? I want to restrict in a jail the execution of only certain system binaries (even limiting root). Setting the filesystem as 'exec' only on the standard directories `/usr/bin` and `/usr/sbin` and 'noexec' on the others does...

In this article, we'll deploy both Jellyfin and Jellyseerr using Overlord, a DevOps-oriented tool for FreeBSD that emphasizes a declarative approach. Link: https://dtxdf.github.io/jellyseerr.html

GitOps is a modern operational framework that uses Git as the single source of truth. It is often mandatory to use a tool that emphasizes a declarative approach, where you define the desired state and the tool does the hard work. Or, in other words, an "everything is code" philosophy. Link...

It seems that pkg-base will soon be the standard on FreeBSD systems, but there seems to be no documentation concerning jails. So I’ll ask a few questions. How does one create a jail using pkg-base? Do we still fetch the .txz files? How does you update and upgrade a jail? How do you convert a...

Hi, I have a home server running FreeBSD with multiple services running in jails (using bastille). Right now I have the simplest networking setup using private IP addresses alias to my main re0 interface (as describe here...

https://docs.freebsd.org/en/books/handbook/jails/ I might be missing something - but if I follow this guide and I get to the point where I think I'm supposed to make these symbolic links - since we just moved the directories (usr, var etc) from the "base" to the "skeleton" in the steps before -...

Hello, I have a webserver configured in a VNET jail. The jail has its own IP 192.168.1.11 and I can access it in my LAN network without issue. However when I'm outside of my network, I can't reach the webserver. I got either timed out or "connection reset by peer" errors. I have the forward...

Hi, I am having issues setting up network on a dedicated server. Basic network tests are failing (cf. end of this message) 1/ Here is main objectives Secure both HOST and JAILS Jails must be able to access public IP (Internet) Jails MUST NOT be able to see any other jail than themself NB : I...

Hello everyone, today I tried to update the pkg list within one of my (classic) jails: # pkg update Updating FreeBSD repository catalogue... [bifrost.arthur] Fetching data.pkg: 100% 9 MiB 9.9MB/s 00:01 Processing entries: 0% Newer FreeBSD version for package zx: To ignore this...

i have 3 jails that use nullfs to mount the home directory each jail has zsh installed and so they all use the zsh config files i need a way to check the os, so i can have different shell config for each jail so they can have different shell paths XDG_RUNTIME_DIR directories, or use X11 or...

I have an EC2 instance with 2 jails, it's jail.conf looks like: jail1 { exec.start = "/bin/sh /etc/rc"; exec.stop = "/bin/sh /etc/rc.shutdown"; exec.consolelog = "/var/log/jail_console_${name}.log"; allow.raw_sockets; exec.clean; mount.devfs; path = "/jail/${name}"; ip4.addr...

Hi all, I am a long time Debian user. I use Debian professionally and personally for almost 20 years now. I know nothing about FreeBSD, but I am exploring alternatives for a specific use case I have, and FreeBSD is a candidate. I work for a software agency, we do very different kind of...

Hello. Need jails option - "allow.setscheduler" for this function. There is a couple software needs this. One of this is freeswitch to run in a jail.

I am trying to figure out how to better handle a dropped sshfs connection and need to do some testing but am not sure about all that I should test. The setup is: a vnet jail, with a child jail the vnet jail establishes an sshfs connection to remote storage the vnet jail then uses nullfs (rw...

Hi, I can't install a package in a jail with pkg, it blocks on the installation message. # jexec test # pkg install nano The package management tool is not yet installed on your system. Do you want to fetch and install it now? [y/N]: y Bootstrapping pkg from...

Hello I have a jail configured like this: jellyfin { # STARTUP/LOGGING exec.start = "/bin/sh /etc/rc"; exec.stop = "/bin/sh /etc/rc.shutdown"; exec.consolelog = "/var/log/jail_console_${name}.log"; # PERMISSIONS allow.raw_sockets; exec.clean; mount.devfs; allow.mount = true...

I would like to test how far in time can Jails keep old versions and I am trying to deploy a FreeBSD5 (the first release supporting amd64) in a jail being the host FreeBSD14. This host has several FreeBSD14 jails and they work without issues. I have tried to follow the same procedure but being...

Hi All, Noticed something interesting when creating a jail, if you use a numeric name it will assign that as the JID. Really appreciate it if anyone could help me answer the following questions - - Is this normal for jails or a bug? - Does it create a security risk using numeric names? - Why...