[RESOLVED] Cannot Start Jail - Help please - FreeBSD10

fred974

fred974

Hello everyone,

Could anyone help in resolving the issue that I have in starting up my ezjailjail in FreeBSD 10.
I my jail was created using the following command:
Code: 
ezjail-admin create -f myflavor -c zfs webjail 192.168.0.115
The output was
Code: 
/local/jails/webjail/.
/local/jails/webjail/./etc
/local/jails/webjail/./etc/syslog.conf
/local/jails/webjail/./etc/resolv.conf
/local/jails/webjail/./etc/rc.conf
/local/jails/webjail/./etc/motd
/local/jails/webjail/./etc/periodic.conf
/local/jails/webjail/./etc/ezjail.flavour.myflavor
/local/jails/webjail/./etc/rc.d
13 blocks
find: /local/jails/webjail/pkg/: No such file or directory
Warning: IP 192.168.0.115 not configured on a local interface.
Warning: Some services already seem to be listening on all IP, (including 192.168.0.115)
  This may cause some confusion, here they are:
root     master     1391  13 tcp4   *:25                  *:*
root     master     1391  14 tcp6   *:25                  *:*
Code: 
root@FreeBSD:~ # jls
   JID  IP Address      Hostname                      Path
This is the message I get when trying to start the jail
Code: 
root@FreeBSD:~ # /usr/local/etc/rc.d/ezjail start webjail
Starting jails: cannot start jail  "webjail":
mount_nullfs: /local/jails/webjail/basejail: Operation not supported by device
jail: webjail: /sbin/mount -t nullfs -o ro /local/jails/basejail /local/jails/webjail/basejail: failed
.
/etc/rc.d/jail: WARNING: Per-jail configuration via jail_* variables  is obsolete.  Please consider to migrate to /etc/jail.conf.
This is the contain of my flavor file
Code: 
#!/bin/sh
#
# BEFORE: DAEMON
# PROVIDE: ezjail.etsitservices.config
# ezjail flavour myflavor
# 

# Timezone
###########
#
ln -s /usr/share/zoneinfo/Europe/London /etc/localtime

. /etc/rc.subr

name=ezjail.flavour.myflavor
start_cmd=flavour_setup

flavour_setup() {

# Remove traces of ourself
# N.B.: Do NOT rm $0, it points to /etc/rc
##########################
  rm -f "/etc/rc.d/ezjail.flavour.myflavor"

# Groups
#########
#
pw groupadd -q -n user1
pw groupadd -q -n user2
pw groupadd -q -n user3

# Users
########
#
# give root a known password
echo -n '$1$p75bbfK.$Kz3dwkoVlgZrfLZdAXQt91' | pw usermod -n root -H 0
pw usermod root -p 01 01 01

echo -n '$1$p75bbfK.$Kz3dwkoVlgZrfLZdAXQt91' |\
pw useradd -n user1 -g user1 -G wheel -s /bin/csh -d /home/user1 -m -H 0
pw usermod user1 -p 01 01 01

echo -n '$1$p75bbfK.$Kz3dwkoVlgZrfLZdAXQt91' |\
pw useradd -n user2 -g user2 -G wheel -s /bin/csh -d /home/user2 -m -H 0
pw usermod user2 -p 01 01 01

echo -n '$1$p75bbfK.$Kz3dwkoVlgZrfLZdAXQt91' |\
pw useradd -n user3 -g user3 -G wheel -s /bin/csh -d /home/user3 -m -H 0
pw usermod user3 -p 01 01 01

### Daemon/System Accounts
# POSTFIX
echo -n '*' |\
pw useradd -n postfix -u 125 -s /usr/sbin/nologin -m -d /var/spool/postfix -g postfix -c 'Postfix Mail User' -H 0
## Postfix gripes if /var/spool/postfix isn't owned by root/wheel
chown root:wheel /var/spool/postfix

# Files
########
#
# 
chown -R user1:user1 /home/user1
chown -R user2:user2 /home/user2
chown -R user3:user3 /home/user3

# Postinstall
##############
#
# services must only listen on their own IP
hostname=$(hostname -s)
hname=$(grep $hostname /etc/hosts | awk '{print $1}')
echo "ListenAddress $hname" >> /etc/ssh/sshd_config

# Create all.log and console.log (chmod all.log, too)
touch /var/log/all.log && chmod 0600 /var/log/all.log
touch /var/log/console.log

# Packages
###########
#
# Install Portmaster
make -C /usr/ports/ports-mgmt/portmaster BATCH=yes OPTIONS_FILE_SET="BASH ZSH" install
}
run_rc_command "$1"

Also, how to do migrate to/etc/jail.conf

Thank you all in advance
 
Re: Cannot Start Jail - Help please - FreeBSD10

I don't use ezjail, but for FreeBSD-10, you have to move some of the configuration options out of /etc/rc.conf and into /etc/jail.conf. I have a page that goes over it a bit at http://home.roadrunner.com/~computertai ... djail.html. Do a search for FreeBDS-10 on the page.

One thing that I have noticed in FreeBSD-10 is that when using nullfs, devfs is not getting mounted properly. I have a post on this here, http://forums.freebsd.org/viewtopic.php?f=3&t=44504.

IMPORTANT: As I said, I don't use ezjail, so I don't know if any of this applies to you. It may be that ezjail is supposed to make its own entries somewhere in /etc/ or /usr/local/etc/, and the only reason I even mention the nullfs issue that I'm having is because I know it is used by ezjail.
 
Re: Cannot Start Jail - Help please - FreeBSD10

Thank you for the info @scottro, I'll read your pages:)
 
Last edited by a moderator:
Re: Cannot Start Jail - Help please - FreeBSD10

As my own page aims to be clear to newcomers, please let me know if the details about /etc/jail.conf aren't clear.
 
Re: Cannot Start Jail - Help please - FreeBSD10

Hi @scottro

The problem is now solved..
When I rebuilt the kernel, I removed the options to have jails
 
Last edited by a moderator:
Re: Cannot Start Jail - Help please - FreeBSD10

scottro said:
As my own page aims to be clear to newcomers, please let me know if the details about /etc/jail.conf aren't clear.
Click to expand...


Hi, I've been readingt you post again.. Although i Corrected kernel issue and am able to start the jails, I still get the following warning
Code: 
WARNING: Per-jail configuration via jail_* variables  is obsolete.  Please consider to migrate to /etc/jail.conf.
Your pages say that I need to add the following in the/etc/jail.conf.
Code: 
myjail {
	path = /jails/myjail;
	mount.devfs;
	devfs_ruleset = 4;
	host.hostname = myjail.example.com;
	ip4.addr = 192.168.1.51;
	exec.start = "/bin/sh /etc/rc";
	exec.stop = "/bin/sh /etc/rc.shutdown";
}

My question is: do I create a new
Code: 
myjail {}
block for each jail that I have?
 
Again, I don't use ezjail but yes, each separate jail should have its own block. Whether ezjail does this on its own in some other way, I don't know.
 
Is sysutils/ezjail actively maintained? If so, it shouldn't be too long till it's updated to suit the current setup. With that in mind, I wouldn't worry too much; it's a harmless warning, I think.
 
You must log in or register to reply here.
Back
Top