Install sysutils/bastille and net/gitup on host through either ports or packages. For a nested display server to run or test from the jail, install x11-servers/xorg-nestserver or x11-servers/xephyr on the host system as well.
Bastille jail in the example or instruction will be named "myjail". I'll use an alias IP and network card as an example. doas or sudo can be used from your host system, depending on your setup.
For hints, type
Bootstrapping Bastille and installing jail
This sets up the jail directory, along with the base system for jails.
This uses an example IP and network card to set up a jail along with a set alias IP. Loopback lo1 as an IP uses different instructions for the jail.
Acceptable IP ranges for jail:
Using templates
The Bastille jail must be created and running before installing a template to it. See post #10 below for how to install templates.
From Host
Setting up rc.conf or rc.conf.local is optional, or only needed if the jail needs to be started on bootup:
/usr/local/bastille/bastille.conf can be edited, but to set up a basic Bastille jail, it can be left alone.
Use
gitup can also be installed inside the jail, and configured there.
To give /dev/ access:
Change the number in the line
From /etc/defaults/devfs.rules, ruleset 4 is the default for jails, so it a good starting point.
If your jail was started, restart it:
Thread jails-accessing-devices-from-bastille.79781
Turn on Xnest or Xephyr server as a nonroot user on the host system, that X11 programs from the jail can use:
Thread executing-x11-program-built-in-bastille-jail.82138
Using Bastille
Inside Bastille jail console
This sets the output to display :1 started from the host system via Xnest. To make this permanent, insert this line into /root/.cshrc. For use one time, for xterm, for example use
Now you can build ports within a Bastille jail. First, update the jail and its ports. Make sure the package tree in /etc/pkg/FreeBSD.conf matches the one for ports.
If you're using ports-mgmt/psearch inside the jail, an index will need to be created in the ports tree:
To see which base system you're using, type
Customizing ports for building and testing builds
You can make custom directories in /root or /opt, to copy original makefiles to from the ports tree in your jail, then run make commands there. This will use the rest of the jail's ports tree. Make a copy of the original Makefile, to Makefile.orig. Then, use
Mounting considerations for jail
mounting /usr/local/bastille in its own partition.
tunefs partition to give partition a label.
Use of tmpfs partitions inside jail for build directories.
See Post #10 below for mounting Bastille in a custom directory.
Removing jail
Backup files if you choose.
Edit rc.conf or rc.conf.local if there's a jail listing.
Removing Bastille
(unmount mountpoints containing bastille jails)
Use
Bastille jail in the example or instruction will be named "myjail". I'll use an alias IP and network card as an example. doas or sudo can be used from your host system, depending on your setup.
For hints, type
bastille [command] --help
. Some custom jail configuration files don't always work when it references another configuration file two or more levels deep. Copy the default configuration file to a custom file, then edit that, for what will be included with all other custom jail configuration files to be referenced.Bootstrapping Bastille and installing jail
bastille bootstrap 13.0-RELEASE update
This sets up the jail directory, along with the base system for jails.
bastille create myjail 13.0-RELEASE 192.168.1.100 re0
This uses an example IP and network card to set up a jail along with a set alias IP. Loopback lo1 as an IP uses different instructions for the jail.
Acceptable IP ranges for jail:
Code:
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
bastille list -a
bastille start myjail
Using templates
The Bastille jail must be created and running before installing a template to it. See post #10 below for how to install templates.
From Host
Setting up rc.conf or rc.conf.local is optional, or only needed if the jail needs to be started on bootup:
Code:
bastille_enable="YES"
bastille_list="jail1 jail2"
/usr/local/bastille/bastille.conf can be edited, but to set up a basic Bastille jail, it can be left alone.
Use
gitup
from host to install ports into a Bastille jail. /usr/local/etc/gitup.conf
Code:
"jail" : {
"repository_path" : "/ports.git",
"branch" : "main",
"target_directory" : "/usr/local/bastille/jails/[myjail]/root/usr/ports",
"ignores" : [
"distfiles",
"packages",
"INDEX-11",
"INDEX-12",
"INDEX-13",
"INDEX-14",
],
},
To give /dev/ access:
cd /usr/local/bastille/jails/myjail/
vi jail.conf
or bastille config myjail set devfs_ruleset=[#]
Change the number in the line
devfs_ruleset= ;
From /etc/defaults/devfs.rules, ruleset 4 is the default for jails, so it a good starting point.
If your jail was started, restart it:
bastille restart myjail
Thread jails-accessing-devices-from-bastille.79781
Turn on Xnest or Xephyr server as a nonroot user on the host system, that X11 programs from the jail can use:
Xnest :1 -listen tcp
Xephyr :1 -listen tcp
Thread executing-x11-program-built-in-bastille-jail.82138
Using Bastille
bastille list
bastille console myjail
Inside Bastille jail console
setenv DISPLAY :1
This sets the output to display :1 started from the host system via Xnest. To make this permanent, insert this line into /root/.cshrc. For use one time, for xterm, for example use
xterm -display :1
.Now you can build ports within a Bastille jail. First, update the jail and its ports. Make sure the package tree in /etc/pkg/FreeBSD.conf matches the one for ports.
If you're using ports-mgmt/psearch inside the jail, an index will need to be created in the ports tree:
cd /usr/ports
make index
To see which base system you're using, type
freebsd-version
. uname -a
will give the kernel version of the host, but not the base release version of the jail.Customizing ports for building and testing builds
You can make custom directories in /root or /opt, to copy original makefiles to from the ports tree in your jail, then run make commands there. This will use the rest of the jail's ports tree. Make a copy of the original Makefile, to Makefile.orig. Then, use
diff -u Makefile.orig Makefile
after editing, to note the differences. See: Post #9 below and https://docs.freebsd.org/en/books/porters-handbook/.Mounting considerations for jail
mounting /usr/local/bastille in its own partition.
tunefs partition to give partition a label.
Use of tmpfs partitions inside jail for build directories.
See Post #10 below for mounting Bastille in a custom directory.
Removing jail
Backup files if you choose.
bastille stop myjail
bastille destroy myjail
Edit rc.conf or rc.conf.local if there's a jail listing.
Removing Bastille
pkg remove bastille
(unmount mountpoints containing bastille jails)
cd /usr/local/bastille
chflags -R noschg
Use
rm
command carefully.
Last edited: