summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--share/examples/jails/README46
-rw-r--r--share/examples/jails/jail.xxx.conf35
-rw-r--r--share/examples/jails/rc.conf.jails76
-rw-r--r--share/examples/jails/rcjail.xxx.conf25
4 files changed, 181 insertions, 1 deletions
diff --git a/share/examples/jails/README b/share/examples/jails/README
index f32ee26..ccff12c 100644
--- a/share/examples/jails/README
+++ b/share/examples/jails/README
@@ -1,5 +1,49 @@
# $FreeBSD$
-See under share/examples/netgraph for some examples of
+Sample 1: jail.conf(5)
+
+ $ cp jib jng /usr/sbin/
+ $ cat jail.xxx.conf >> /etc/jail.conf
+ $ vi /etc/jail.conf
+ # NB: Customize root directory and bridge interface
+ $ sysrc jail_enable=YES
+ # NB: Assumes jail_list="" (meaning ``all jails in jail.conf'')
+ # NB: Assumes rc_conf_files="" (``below rc.conf(5) samples not used'')
+ $ service jail start
+
+Sample 2: rc.conf(5)
+
+ $ cp jib jng /usr/sbin/
+ $ cp rc.conf.jails /etc/
+ $ vi /etc/rc.conf.jails
+ # NB: Customize root directory and bridge interface
+ $ sysrc rc_conf_files+=/etc/rc.conf.jails
+ # NB: Assumes /etc/jail.conf does not exist and jail_list=""
+ $ service jail start
+
+Sample 3: Per-jail jail.conf(5)
+
+ $ cp jib jng /usr/sbin/
+ $ cp jail.xxx.conf /etc/
+ $ vi /etc/jail.xxx.conf
+ # NB: Customize root directory and bridge interface
+ $ sysrc jail_enable=YES
+ $ sysrc jail_list+=xxx
+ # NB: Assumes rc_conf_files=""
+ $ service jail start
+
+Sample 4: Per-jail rc.conf(5)
+
+ $ cp jib jng /usr/sbin/
+ $ cp rcjail.xxx.conf /etc/
+ $ vi /etc/rcjail.xxx.conf
+ # NB: Customize root directory and bridge interface
+ $ sysrc jail_enable=YES
+ $ sysrc jail_list+=xxx
+ $ sysrc rc_conf_files+=/etc/rcjail.xxx.conf
+ # NB: Assumes neither /etc/jail.conf nor /etc/jail.xxx.conf exist
+ $ service jail start
+
+For additional recipes, see share/examples/netgraph for
making and hooking together jails using netgraph as the
virtual networking fabric.
diff --git a/share/examples/jails/jail.xxx.conf b/share/examples/jails/jail.xxx.conf
new file mode 100644
index 0000000..8efa77d
--- /dev/null
+++ b/share/examples/jails/jail.xxx.conf
@@ -0,0 +1,35 @@
+# $FreeBSD$
+
+xxx {
+ host.hostname = "xxx.yyy"; # hostname
+ path = "/vm/xxx"; # root directory
+
+ exec.clean;
+ exec.system_user = "root";
+ exec.jail_user = "root";
+
+ #
+ # NB: Below 4-lines required
+ #
+ vnet;
+ # netgraph
+ vnet.interface = "ng0_xxx"; # vnet interface(s)
+ exec.prestart += "jng bridge xxx em0"; # bridge interface(s)
+ exec.poststop += "jng shutdown xxx"; # destroy interface(s)
+ # if_bridge
+ #vnet.interface = "e0b_xxx"; # vnet interface(s)
+ #exec.prestart += "jib addm xxx em0"; # bridge interface(s)
+ #exec.poststop += "jib destroy xxx"; # destroy interface(s)
+
+ # Standard recipe
+ exec.start += "/bin/sh /etc/rc";
+ exec.stop = "/bin/sh /etc/rc.shutdown";
+ exec.consolelog = "/var/log/jail_xxx_console.log";
+ mount.devfs; # mount devfs
+
+ # Optional (default off)
+ #devfs_ruleset = "11"; # rule to unhide bpf for DHCP
+ #allow.mount; # mount /etc/fstab.xxx
+ #allow.set_hostname = 1; # Allow hostname to change
+ #allow.sysvipc = 1; # Allow SysV Interprocess Comm.
+}
diff --git a/share/examples/jails/rc.conf.jails b/share/examples/jails/rc.conf.jails
new file mode 100644
index 0000000..674dce5
--- /dev/null
+++ b/share/examples/jails/rc.conf.jails
@@ -0,0 +1,76 @@
+# $FreeBSD$
+
+###############################################################################
+############################# JAIL CONFIGURATIONS #############################
+###############################################################################
+
+jail_enable="YES"
+jail_list="xxx"
+
+#
+# Global presets for all jails
+#
+jail_devfs_enable="YES" # mount devfs
+# Optional (default off)
+#jail_sysvipc_allow="YES" # Allow SysV Interprocess Comm.
+#jail_set_hostname_allow="YES" # Allow hostname to change
+
+#
+# To allow dhclient(8) to work inside a jail, make sure the following appears
+# in /etc/devfs.rules (which should be created if it doesn't exist):
+#
+# [devfsrules_jail=11]
+# add include $devfsrules_hide_all
+# add include $devfsrules_unhide_basic
+# add include $devfsrules_unhide_login
+# add path 'bpf*' unhide
+#
+
+############################################################ JAILS
+
+# NETGRAPH TEMPLATE (copy/pate; then replace {name} with short name for jail)
+#
+# {name}
+#
+#jail_{name}_hostname="{name}.shxd.cx" # hostname
+#jail_{name}_rootdir="/vm/{name}" # root directory
+#jail_{name}_vnet_interfaces="ng0_{name}" # vnet interface(s)
+#jail_{name}_exec_prestart0="jng bridge {name} em0" # bridge interface(s)
+#jail_{name}_exec_poststop0="jng shutdown {name}" # destroy interface(s)
+# Optional (default off)
+#jail_{name}_devfs_ruleset="11" # rule to unhide bpf for DHCP
+#jail_{name}_mount_enable="YES" # mount /etc/fstab.{name}
+
+# IF_BRIDGE TEMPLATE (copy/pate; then replace {name} with short name for jail)
+#
+# {name}
+#
+#jail_{name}_hostname="{name}.shxd.cx" # hostname
+#jail_{name}_rootdir="/vm/{name}" # root directory
+#jail_{name}_vnet_interfaces="e0b_{name}" # vnet interface(s)
+#jail_{name}_exec_prestart0="jib addm {name} em0" # bridge interface(s)
+#jail_{name}_exec_poststop0="jib destroy {name}" # destroy interface(s)
+# Optional (default off)
+#jail_{name}_devfs_ruleset="11" # rule to unhide bpf for DHCP
+#jail_{name}_mount_enable="YES" # mount /etc/fstab.{name}
+
+#
+# XXX
+#
+jail_xxx_hostname="xxx.yyy" # hostname
+jail_xxx_rootdir="/vm/xxx" # root directory
+# netgraph
+jail_xxx_vnet_interface="ng0_xxx" # vnet interface(s)
+jail_xxx_exec_prestart0="jng bridge xxx em0" # bridge interface(s)
+jail_xxx_exec_poststop0="jng shutdown xxx" # destroy interface(s)
+# if_bridge
+#jail_xxx_vnet_interface="e0b_xxx" # vnet interface(s)
+#jail_xxx_exec_prestart0="jib addm xxx em0" # bridge interface(s)
+#jail_xxx_exec_poststop0="jib destroy xxx" # destroy interface(s)
+# Optional (default off)
+#jail_xxx_devfs_ruleset="11" # rule to unhide bpf for DHCP
+#jail_xxx_mount_enable="YES" # mount /etc/fstab.xxx
+
+################################################################################
+# END
+################################################################################
diff --git a/share/examples/jails/rcjail.xxx.conf b/share/examples/jails/rcjail.xxx.conf
new file mode 100644
index 0000000..a292905
--- /dev/null
+++ b/share/examples/jails/rcjail.xxx.conf
@@ -0,0 +1,25 @@
+# $FreeBSD$
+
+jail_xxx_hostname="xxx.yyy" # hostname
+jail_xxx_rootdir="/vm/xxx" # root directory
+
+#
+# NB: Below 3 lines required
+#
+# netgraph
+jail_xxx_vnet_interface="ng0_xxx" # vnet interface(s)
+jail_xxx_exec_prestart0="jng bridge xxx em0" # bridge interface(s)
+jail_xxx_exec_poststop0="jng shutdown xxx" # destroy interface(s)
+# if_bridge
+#jail_xxx_vnet_interface="e0b_xxx" # vnet interface(s)
+#jail_xxx_exec_prestart0="jib addm xxx em0" # bridge interface(s)
+#jail_xxx_exec_poststop0="jib destroy xxx" # destroy interface(s)
+
+# Standard recipe
+jail_xxx_devfs_enable="YES" # mount devfs
+
+# Optional (default off)
+#jail_xxx_devfs_ruleset="11" # rule to unhide bpf for DHCP
+#jail_xxx_mount_enable="YES" # mount /etc/fstab.xxx
+#jail_xxx_set_hostname_allow="YES" # Allow hostname to change
+#jail_xxx_sysvipc_allow="YES" # Allow SysV Interprocess Comm.
OpenPOWER on IntegriCloud