Linux-only jail: yes it is possible
Baptiste Daroussin
baptiste.daroussin at gmail.com
Wed Mar 3 07:08:56 UTC 2010
Hi,
I'm new to the list I just want to testify that linux-only jails are possible.
I just (a few days ago) managed to have Debian GNU/Linux Lenny in a jail on
FreeBSD 8-STABLE (last update should be january). It is not perfect but it
works. For now I've been able to make work ssh, apache, xinetd, cron. The only
tested thing that currently fail is ssysklogd because of tries entries in /dev.
Explaination in french are available here:
http://blog.etoilebsd.net/post/Emprisonner_une_debian_dans_un_FreeBSD
Here is a fast translation:
1/ Create the jail skeleton:
# mkdir /home/jails/debian
# mkdir /home/jails/debian/dev
# mkdir /home/jails/debian/proc
# mkdir /home/jails/debian/sys
2/ Load the linuxulator modules
# kldload linux
# kldload linprocfs
# kldload linsysfs
# kldload lindev
3/ Mount the requiered FS
# mount -t devfs none /home/jails/debian/dev
# mount -t linprocfs none /home/jails/debian/proc
# mount -t linsysfs none /home/jails/debian/sys
(note: I'm note sure lindev is important or not)
I use and OpenVZ debian image for my setup because I'm lazy
4/ fetch it
# fetch http://download.openvz.org/template/precreated/debian-5.0-x86.tar.gz
5/ unpack it
# tar xvfp debian-5.0-x86.tar.gz -C debian --exclude dev* --exclude proc* \
--exclude sys*
now to be able to start the jail normally we only need one process to run (I
didn't really try to make it persistant with the persist keyword)
To take care of my lasyness, I created a /etc/rc and /etc/rc.shutdown on the
debian to be sure it can work with the jails init script ootb.
# echo "/etc/init.d/cron start" > /home/jails/debian/etc/rc
# chmod 755 /home/jails/debian/etc/rc
# echo "/etc/init.d/cron stop" > /home/jails/debian/etc/rc.shutdown
# chmod 755 /home/jails/debian/etc/rc.shutdown
in the rc.conf :
jail_debian_rootdir=/home/jails/debian
jail_debian_hostname="debian"
jail_debian_ip="192.168.1.3"
jail_debian_interface="nfe0"
jail_debian_devfs_enable="YES"
jail_debian_devfs_ruleset="devfsrules_jail"
jail_debian_flags="-n debian"
# /etc/rc.d/jail start debian # to start it
Here is the magic:
#jls
JID IP Address Hostname Path
15 192.168.1.3 debian /home/jails/debian
#jexec debian uname -a
Linux debian 2.6.16 FreeBSD 8.0-STABLE #3: Sun Jan 10 20:39:38 CET 2010 i686 GNU/Linux
#jexec debian cat /etc/debian_version
5.0.4
my main usage is to be able to test my own C code on linux.
Hope it can help.
regards,
-----
Bapt
More information about the freebsd-jail
mailing list