FreeBSD EzJail EC2

arp

New Member


Messages: 6

Hi Everyone

I'm currently trying to setup Jails via EzJail on a couple of AWS EC2 instances. One is running 10.1 and the other is 10.2 (both running RELEASE).

When I try to start a Jail I get the following error on both machines:

ezjail-admin start db

Code:
Starting jails: cannot start jail  "db": 

jail: db: mount.fdescfs: /usr/jails/db/dev/fd: No such file or directory

.

/etc/rc.d/jail: WARNING: Per-jail configuration via jail_* variables  is obsolete.  Please consider to migrate to /etc/jail.conf.

Error: Could not start db.

  You need to start it by hand.
Note: Nothing more than the Warning is appearing in the logs.

The commands I used to create the Jail were:

Code:
cloned_interfaces="lo1"
ezjail_enable="YES"
service net if cloneup
ezjail-admin update -i -p
ezjail-admin create db 'lo1|x.x.x.x'


The same commands worked correctly on two other machines, one physical and the other a DigitalOcean VPS, both running 10.2 RELEASE.

Any help would be greatly appreciated.
 
OP
OP
A

arp

New Member


Messages: 6

Make sure devfs(5) is enabled in the jail too.
As far as I can tell it is. The config for the Jail is as follows:

Code:
export jail_db_hostname="db"
export jail_db_ip="lo1|127.0.1.1"
export jail_db_rootdir="/usr/jails/db"
export jail_db_exec_start="/bin/sh /etc/rc"
export jail_db_exec_stop=""
export jail_db_mount_enable="YES"
export jail_db_devfs_enable="YES"
export jail_db_devfs_ruleset="devfsrules_jail"
export jail_db_procfs_enable="YES"
export jail_db_fdescfs_enable="YES"
export jail_db_image=""
export jail_db_imagetype=""
export jail_db_attachparams=""
export jail_db_attachblocking=""
export jail_db_forceblocking=""
export jail_db_zfs_datasets=""
export jail_db_cpuset=""
export jail_db_fib=""
export jail_db_parentzfs=""
export jail_db_parameters=""
export jail_db_post_start_script=""
export jail_db_retention_policy=""
Is there anywhere else I need to look?
 
OP
OP
A

arp

New Member


Messages: 6

To answer my own question it did indeed have something to do with devfs. The machines in question have chroot enabled on /dev. To get the Jail to start I added the following to /etc/devfs.conf.

Code:
[devfsrules_jail=5]
add hide
add path run unhide
add path random unhide
And adjust the devfs rule in /usr/local/etc/ezjail/db from:

Code:
export jail_db_devfs_ruleset="devfsrules_jail"
To:

Code:
export jail_db_devfs_ruleset="5"
 
Top