Solved Jails : userland, buildworld and kernel question

S

Sebel

Hi !

I'm reading the FreeBSD handbook to learn how to get the best of this wonderful OS.

As the title says it, I have a few questions about the jails :

1. I can read multiple times the word "userland", what is it exactly ? As I understand it is the whole system minus the kernel, am I right ?
2. In the chapter 14.3 Creating and Controlling Jails, the example asks to go to /usr/src and run make buildworld, what does it rebuild exactly ? The complete system and all ports ? Does it have something to do with point 1. ?
3. I was able to start a jail just by extracting the base system, so no kernel in it. Don't jails need a kernel ? I see there are two types of jails : complete and service jails. Do the service jail have a kernel and service jail not ?

Thank you very much for your answers !

Sebel
 
Good questions I think :)

Sebel said:
1. I can read multiple times the word "userland", what is it exactly ? As I understand it is the whole system minus the kernel, am I right ?
Click to expand...
Correct, but context is important. It's usually not so much the utilities but the virtual layer they operate in, also often referred to as userspace. When something operates in kernelspace (think about a kernel module/driver) then it has basically full and unrestricted access to your operating system. Userland has to depend on the kernel giving it access. This is also how permissions get enforced.

Sebel said:
2. In the chapter 14.3 Creating and Controlling Jails, the example asks to go to /usr/src and run make buildworld, what does it rebuild exactly ? The complete system and all ports ? Does it have something to do with point 1. ?
Click to expand...
Reminds me that I still have a suggestion about that on my todo ;)

FreeBSD is different from Linux in that it's not merely a kernel but consists of a full base system. So the source tree is actually the source for a full blown working operating system. make buildworld does exactly that: it builds ('compiles') the entire operating system so that you can then install that somewhere. Usually this is done to manage the system you're running (that's also the default) but you can also use this to install the system into a specific directory, usable by a jail.

However...

I'd personally suggest against doing it this way:
Code: 
peter@zefiris:/opt/jails $ ls
base.txz        kernel.txz      lib32.txz       psi/
See, the whole system gets distributed in a few packages, as seen above. You can find these on the installation media, usually somewhere in /usr/freebsd-dist (from the top of my head, I'm not 100% sure about the exact name!). Thing is: all you basically have to do is to extract base.txz and you got yourself a jail. Well, the most part of it ;) You also need to configure it of course, that's done in /etc/jail.conf and/or optionally /etc/rc.conf.

But this is how I configure my jails. I keep hold of the latest "base packages" and use those to set it up.

Sebel said:
3. I was able to start a jail just by extracting the base system, so no kernel in it. Don't jails need a kernel ? I see there are two types of jails : complete and service jails. Do the service jail have a kernel and service jail not ?
Click to expand...
Smart thinking :)

No, jails do not need a kernel because a jail is basically a virtual system running 'inside' your current one. Using the same kernel. Of course it makes (some) sense to install one anyway, I often do that for the sole purpose of "security through obscurity". Not something to rely on to keep you safe mind you, but it does make the jail look "more real" then if you didn't have any kernel on it. For whatever it's worth of course.

Hope this can help.
 
ShelLuser said:
Hope this can help.
Click to expand...

Yes of course, you fully answered all my questions ! :)

I've made a small mistake in question 3 : I said two times "service jail" but I was meaning "full jail" vs "service jail".

Thanks a lot it's absolutely clear now.

Regards,

Sebel
 
You must log in or register to reply here.
Back
Top