FreeBSD Thick(厚) Jail
为方便调整,我设置了环境变量来方便后续操作
设置 jail目录和release版本环境变量
export jail_dir="zdata/jails"
export bsd_ver="14.3"
# 在FreeBSD中root用户的shell默认是sh,所以调整 ~/.shrc
echo 'jail_dir="zdata/jails"' >> ~/.shrc
echo 'bsd_ver="14.3"' >> ~/.shrc
原则上,一个 jail 只需要一个主机名、一个根目录、一个 IP 地址和一个用户空间。
下载用户空间:
下载用户空间
fetch https://download.freebsd.org/ftp/releases/amd64/amd64/$bsd_ver-RELEASE/base.txz -o /$jail_dir/media/$bsd_ver-RELEASE-base.txz
解压缩到jail目录:
解压缩到jail目录(
bsd 命名)mkdir -p /usr/local/jails/containers/bsd
tar -xf /usr/local/jails/media/14.2-RELEASE-base.txz -C /usr/local/jails/containers/bsd --unlink
jail目录内容就绪以后,需要复制时区和DNS配置文件:
复制复制时区和DNS配置文件
cp /etc/resolv.conf /usr/local/jails/containers/bsd/etc/resolv.conf
cp /etc/localtime /usr/local/jails/containers/bsd/etc/localtime
更新最新补丁:
更新jail
freebsd-update -b /usr/local/jails/containers/bsd/ fetch install
配置名为
bsd的Thick Jail
在
/etc/jail.conf 中添加一行配置来包含所有在 /etc/jail.conf.d/ 目录下以 .conf 结尾的配置.include "/etc/jail.conf.d/*.conf";
在
/etc/jail.conf.d 目录下添加 bsd.conf 配置bsd {
# STARTUP/LOGGING
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.consolelog = "/var/log/jail_console_${name}.log";
# PERMISSIONS
allow.raw_sockets;
exec.clean;
mount.devfs;
# HOSTNAME/PATH
host.hostname = "${name}";
path = "/usr/local/jails/containers/${name}";
# NETWORK
ip4.addr = 10.0.0.9/24;
interface = wifibox0;
}
启动名为
bsd的 Thick Jail:
启动名为
bsd 的Thick Jailservice jail start bsd