diff options
-rw-r--r-- | share/examples/jails/README | 46 | ||||
-rw-r--r-- | share/examples/jails/jail.xxx.conf | 35 | ||||
-rw-r--r-- | share/examples/jails/rc.conf.jails | 76 | ||||
-rw-r--r-- | share/examples/jails/rcjail.xxx.conf | 25 |
4 files changed, 181 insertions, 1 deletions
diff --git a/share/examples/jails/README b/share/examples/jails/README index f32ee26..ccff12c 100644 --- a/share/examples/jails/README +++ b/share/examples/jails/README @@ -1,5 +1,49 @@ # $FreeBSD$ -See under share/examples/netgraph for some examples of +Sample 1: jail.conf(5) + + $ cp jib jng /usr/sbin/ + $ cat jail.xxx.conf >> /etc/jail.conf + $ vi /etc/jail.conf + # NB: Customize root directory and bridge interface + $ sysrc jail_enable=YES + # NB: Assumes jail_list="" (meaning ``all jails in jail.conf'') + # NB: Assumes rc_conf_files="" (``below rc.conf(5) samples not used'') + $ service jail start + +Sample 2: rc.conf(5) + + $ cp jib jng /usr/sbin/ + $ cp rc.conf.jails /etc/ + $ vi /etc/rc.conf.jails + # NB: Customize root directory and bridge interface + $ sysrc rc_conf_files+=/etc/rc.conf.jails + # NB: Assumes /etc/jail.conf does not exist and jail_list="" + $ service jail start + +Sample 3: Per-jail jail.conf(5) + + $ cp jib jng /usr/sbin/ + $ cp jail.xxx.conf /etc/ + $ vi /etc/jail.xxx.conf + # NB: Customize root directory and bridge interface + $ sysrc jail_enable=YES + $ sysrc jail_list+=xxx + # NB: Assumes rc_conf_files="" + $ service jail start + +Sample 4: Per-jail rc.conf(5) + + $ cp jib jng /usr/sbin/ + $ cp rcjail.xxx.conf /etc/ + $ vi /etc/rcjail.xxx.conf + # NB: Customize root directory and bridge interface + $ sysrc jail_enable=YES + $ sysrc jail_list+=xxx + $ sysrc rc_conf_files+=/etc/rcjail.xxx.conf + # NB: Assumes neither /etc/jail.conf nor /etc/jail.xxx.conf exist + $ service jail start + +For additional recipes, see share/examples/netgraph for making and hooking together jails using netgraph as the virtual networking fabric. diff --git a/share/examples/jails/jail.xxx.conf b/share/examples/jails/jail.xxx.conf new file mode 100644 index 0000000..8efa77d --- /dev/null +++ b/share/examples/jails/jail.xxx.conf @@ -0,0 +1,35 @@ +# $FreeBSD$ + +xxx { + host.hostname = "xxx.yyy"; # hostname + path = "/vm/xxx"; # root directory + + exec.clean; + exec.system_user = "root"; + exec.jail_user = "root"; + + # + # NB: Below 4-lines required + # + vnet; + # netgraph + vnet.interface = "ng0_xxx"; # vnet interface(s) + exec.prestart += "jng bridge xxx em0"; # bridge interface(s) + exec.poststop += "jng shutdown xxx"; # destroy interface(s) + # if_bridge + #vnet.interface = "e0b_xxx"; # vnet interface(s) + #exec.prestart += "jib addm xxx em0"; # bridge interface(s) + #exec.poststop += "jib destroy xxx"; # destroy interface(s) + + # Standard recipe + exec.start += "/bin/sh /etc/rc"; + exec.stop = "/bin/sh /etc/rc.shutdown"; + exec.consolelog = "/var/log/jail_xxx_console.log"; + mount.devfs; # mount devfs + + # Optional (default off) + #devfs_ruleset = "11"; # rule to unhide bpf for DHCP + #allow.mount; # mount /etc/fstab.xxx + #allow.set_hostname = 1; # Allow hostname to change + #allow.sysvipc = 1; # Allow SysV Interprocess Comm. +} diff --git a/share/examples/jails/rc.conf.jails b/share/examples/jails/rc.conf.jails new file mode 100644 index 0000000..674dce5 --- /dev/null +++ b/share/examples/jails/rc.conf.jails @@ -0,0 +1,76 @@ +# $FreeBSD$ + +############################################################################### +############################# JAIL CONFIGURATIONS ############################# +############################################################################### + +jail_enable="YES" +jail_list="xxx" + +# +# Global presets for all jails +# +jail_devfs_enable="YES" # mount devfs +# Optional (default off) +#jail_sysvipc_allow="YES" # Allow SysV Interprocess Comm. +#jail_set_hostname_allow="YES" # Allow hostname to change + +# +# To allow dhclient(8) to work inside a jail, make sure the following appears +# in /etc/devfs.rules (which should be created if it doesn't exist): +# +# [devfsrules_jail=11] +# add include $devfsrules_hide_all +# add include $devfsrules_unhide_basic +# add include $devfsrules_unhide_login +# add path 'bpf*' unhide +# + +############################################################ JAILS + +# NETGRAPH TEMPLATE (copy/pate; then replace {name} with short name for jail) +# +# {name} +# +#jail_{name}_hostname="{name}.shxd.cx" # hostname +#jail_{name}_rootdir="/vm/{name}" # root directory +#jail_{name}_vnet_interfaces="ng0_{name}" # vnet interface(s) +#jail_{name}_exec_prestart0="jng bridge {name} em0" # bridge interface(s) +#jail_{name}_exec_poststop0="jng shutdown {name}" # destroy interface(s) +# Optional (default off) +#jail_{name}_devfs_ruleset="11" # rule to unhide bpf for DHCP +#jail_{name}_mount_enable="YES" # mount /etc/fstab.{name} + +# IF_BRIDGE TEMPLATE (copy/pate; then replace {name} with short name for jail) +# +# {name} +# +#jail_{name}_hostname="{name}.shxd.cx" # hostname +#jail_{name}_rootdir="/vm/{name}" # root directory +#jail_{name}_vnet_interfaces="e0b_{name}" # vnet interface(s) +#jail_{name}_exec_prestart0="jib addm {name} em0" # bridge interface(s) +#jail_{name}_exec_poststop0="jib destroy {name}" # destroy interface(s) +# Optional (default off) +#jail_{name}_devfs_ruleset="11" # rule to unhide bpf for DHCP +#jail_{name}_mount_enable="YES" # mount /etc/fstab.{name} + +# +# XXX +# +jail_xxx_hostname="xxx.yyy" # hostname +jail_xxx_rootdir="/vm/xxx" # root directory +# netgraph +jail_xxx_vnet_interface="ng0_xxx" # vnet interface(s) +jail_xxx_exec_prestart0="jng bridge xxx em0" # bridge interface(s) +jail_xxx_exec_poststop0="jng shutdown xxx" # destroy interface(s) +# if_bridge +#jail_xxx_vnet_interface="e0b_xxx" # vnet interface(s) +#jail_xxx_exec_prestart0="jib addm xxx em0" # bridge interface(s) +#jail_xxx_exec_poststop0="jib destroy xxx" # destroy interface(s) +# Optional (default off) +#jail_xxx_devfs_ruleset="11" # rule to unhide bpf for DHCP +#jail_xxx_mount_enable="YES" # mount /etc/fstab.xxx + +################################################################################ +# END +################################################################################ diff --git a/share/examples/jails/rcjail.xxx.conf b/share/examples/jails/rcjail.xxx.conf new file mode 100644 index 0000000..a292905 --- /dev/null +++ b/share/examples/jails/rcjail.xxx.conf @@ -0,0 +1,25 @@ +# $FreeBSD$ + +jail_xxx_hostname="xxx.yyy" # hostname +jail_xxx_rootdir="/vm/xxx" # root directory + +# +# NB: Below 3 lines required +# +# netgraph +jail_xxx_vnet_interface="ng0_xxx" # vnet interface(s) +jail_xxx_exec_prestart0="jng bridge xxx em0" # bridge interface(s) +jail_xxx_exec_poststop0="jng shutdown xxx" # destroy interface(s) +# if_bridge +#jail_xxx_vnet_interface="e0b_xxx" # vnet interface(s) +#jail_xxx_exec_prestart0="jib addm xxx em0" # bridge interface(s) +#jail_xxx_exec_poststop0="jib destroy xxx" # destroy interface(s) + +# Standard recipe +jail_xxx_devfs_enable="YES" # mount devfs + +# Optional (default off) +#jail_xxx_devfs_ruleset="11" # rule to unhide bpf for DHCP +#jail_xxx_mount_enable="YES" # mount /etc/fstab.xxx +#jail_xxx_set_hostname_allow="YES" # Allow hostname to change +#jail_xxx_sysvipc_allow="YES" # Allow SysV Interprocess Comm. |