jail

Hi everyone, I'm working on setting up a FreeBSD 14.3 VM to host a collection of jails that I want to spread out across a number of VLANs, so I have a number of vtnet interfaces that are attached to corresponding VLAN interfaces on the underlying host, and those vtnet interfaces, in turn, are...

Hi All I'm trying to use pkg with local repository. And need change repository dynamically working for jail I had saw in pkg section CONFIGURATION url Refer to PACKAGESITE in "ENVIRONMENT" My work fine configure of repository: /usr/local/etc/pkg/repos/barfoo.conf BARFOO_PKG: {...

Hi everyone, I'm on a quest to fine tune the configuration of a few jails I'm running, and one thing I'd like to do is disable periodic jobs that are either undesired and/or redundant for jails, and to get all of the remaining output sent to log files, rather than being delivered by mail...

I have recently performed a major upgrade on my FreeBSD systems from 14.3 to 15.0 using the traditional freebsd-update(8) procedure and then pkgbasified the upgraded 15.0-RELEASE to the new pkgbase system. On these upgraded systems, I have been running several thick Jails which I wanted also to...

Hello everyone, I am currently using jail. Due to the requirements of the business, the IPs within the jail need to be able to communicate directly with the IPs of the physical network cards. I tested both if_bridge and netgraph methods. The service could be running. However, when the physical...

I set up Navidrome inside a jail, and I am nullfs mounting my music folder into the jail. Navidrome cannot scan any media files (I only have FLAC music files), and I keep getting the following warnings in the log output: If I copy the same FLAC files that failed to scan into the jail so they...

Hi all, I have just upgraded from 13.5-RELEASE to 15.0-RELEASE on my arm64 machine, and am now trying to update my Bastille thin jails. I'm running Bastille 1.3.2.251225, and have followed the instructions for upgrading thin jails in the documentation. All goes well until I get to the...

Hi everyone, I'm attempting to setup a couple of jails with VLANs not just to continue educating myself on FreeBSD networking, but also to configure some testing infrastructure that'll hopefully help me to debug a problem I'm having with my pfSense CE router and my real VLANs after upgrading...

Okkkk, this is so dangerous. I did "add hide" for all devices before starting a jail and then whitelisted a couple of devices I need. Then, some time later ukbd0 and kbd2 miraculously appear in the jail! 😲😲😲 This seems crazy. Can a jail make sure nothing get added to it dynamically after it...

I'm shifting my gateway from 14.2 to 15.0 and the gateway runs a number of applications (statically compiled) in jails of their own. What I have encountered with a clean fresh install of 15 (that's absent in both 14.2 (current gateway) and 14.3 (testbed)) is that processes that are forked by...

I'm using bastille to create jails and so far it has been just fine. Since freebsd doesn't have a mount.cifs (like linux) the only legitimate option is using rclone. This works great but I noticed that the internal jail fstab doesn't seem to want to mount it even though it mounts just fine when...

I have a fresh install of FreeBSD 15.0-RELEASE (with pkgbase). I've created a jail via bsdinstall as a ZFS file system: zroot/jails/myjail 618M 1.08T 618M /jails/myjail When I go to install anything e.g. Nginx I get: pkg Fail to chflags /libexec/ld-elf32.so.1:Operation not...

Hi! I have a system running FreeBSD 15.0-RELEASE. The machine was upgraded to 15.0 using traditional freebsd-update procedure and then pkgbasified using pkgbasify and some modifications to the lua script. Now I want to upgrade a number of jails on that machine that are running 14.3-RELEASE-p6...

The principle of least privilege can be defined as “A security principle that a system should restrict the access privileges of users (or processes acting on behalf of users) to the minimum necessary to accomplish assigned tasks.”, and in the context of FreeBSD jails, this is where it really...

"The Ephemeral Concept" of AppJail is easy to implement in jails due to how easily they are managed, but virtual machines are just another way to achieve this, albeit a more complex one. In this article, we will implement "The Ephemeral Concept" on FreeBSD virtual machines using nbdkit as our...

Hello everyone! After some time around playing with pkgbase, I've found a way for making minimal OCI\Podman\Docker-like chroot environments where theres only an app (could be many of them, though) and its dependencies inside a chroot environment. No need for managing 500+MB bases or having...

I've got 5 static IP's from my ISP, but they are tied to mac addresses in order to obtain them. I'm trying to avoid VM's where I can, in favour of jails, but can't seem to get my assigned IP's when using a jail. I'm currently setting my hw addr in a jail by adding the line exec.created +=...

Hey guys, Is there something similar to NetBSD veriexec(8) on FreeBSD? I want to restrict in a jail the execution of only certain system binaries (even limiting root). Setting the filesystem as 'exec' only on the standard directories `/usr/bin` and `/usr/sbin` and 'noexec' on the others does...

In this article, we'll deploy both Jellyfin and Jellyseerr using Overlord, a DevOps-oriented tool for FreeBSD that emphasizes a declarative approach. Link: https://dtxdf.github.io/jellyseerr.html

GitOps is a modern operational framework that uses Git as the single source of truth. It is often mandatory to use a tool that emphasizes a declarative approach, where you define the desired state and the tool does the hard work. Or, in other words, an "everything is code" philosophy. Link...