xref: /freebsd/share/examples/jails/README (revision 3048255235c13ee10b5110350ab5dde9d619ccd1) 
1fa212bfbSJulian Elischer# $FreeBSD$
2fa212bfbSJulian Elischer
3e0c45153SDevin TeskeThe below 4 samples require a VIMAGE enabled kernel:
4e0c45153SDevin Teske
5e0c45153SDevin Teske	# (as root)
6e0c45153SDevin Teske	$ cp VIMAGE /usr/src/sys/amd64/conf/
7e0c45153SDevin Teske	$ cd /usr/src
8e0c45153SDevin Teske	$ make KERNCONF=VIMAGE kernel
9e0c45153SDevin Teske	$ reboot
10e0c45153SDevin Teske
11*30482552SDevin TeskeFreeBSD 12 has VIMAGE enabled in GENERIC on amd64.
12*30482552SDevin TeskeIn that case, for jng simply load the ng_ether module first
13*30482552SDevin Teske(ng_bridge and ng_eiface will load on demand):
14*30482552SDevin Teske
15*30482552SDevin Teske	# (as root)
16*30482552SDevin Teske	# Load the ng_ether module at boot:
17*30482552SDevin Teske	$ sysrc kld_list+=ng_ether
18*30482552SDevin Teske	# Load ng_ether at once without rebooting:
19*30482552SDevin Teske	$ kldload ng_ether
20*30482552SDevin Teske
21abd0b262SDevin TeskeSample 1: jail.conf(5)
22abd0b262SDevin Teske
23abd0b262SDevin Teske	$ cp jib jng /usr/sbin/
24abd0b262SDevin Teske	$ cat jail.xxx.conf >> /etc/jail.conf
25abd0b262SDevin Teske	$ vi /etc/jail.conf
26abd0b262SDevin Teske	# NB: Customize root directory and bridge interface
27abd0b262SDevin Teske	$ sysrc jail_enable=YES
28abd0b262SDevin Teske	# NB: Assumes jail_list="" (meaning ``all jails in jail.conf'')
29abd0b262SDevin Teske	# NB: Assumes rc_conf_files="" (``below rc.conf(5) samples not used'')
30abd0b262SDevin Teske	$ service jail start
31abd0b262SDevin Teske
32abd0b262SDevin TeskeSample 2: rc.conf(5)
33abd0b262SDevin Teske
34abd0b262SDevin Teske	$ cp jib jng /usr/sbin/
35abd0b262SDevin Teske	$ cp rc.conf.jails /etc/
36abd0b262SDevin Teske	$ vi /etc/rc.conf.jails
37abd0b262SDevin Teske	# NB: Customize root directory and bridge interface
38abd0b262SDevin Teske	$ sysrc rc_conf_files+=/etc/rc.conf.jails
39abd0b262SDevin Teske	# NB: Assumes /etc/jail.conf does not exist and jail_list=""
40abd0b262SDevin Teske	$ service jail start
41abd0b262SDevin Teske
42abd0b262SDevin TeskeSample 3: Per-jail jail.conf(5)
43abd0b262SDevin Teske
44abd0b262SDevin Teske	$ cp jib jng /usr/sbin/
45abd0b262SDevin Teske	$ cp jail.xxx.conf /etc/
46abd0b262SDevin Teske	$ vi /etc/jail.xxx.conf
47abd0b262SDevin Teske	# NB: Customize root directory and bridge interface
48abd0b262SDevin Teske	$ sysrc jail_enable=YES
49abd0b262SDevin Teske	$ sysrc jail_list+=xxx
50abd0b262SDevin Teske	# NB: Assumes rc_conf_files=""
51abd0b262SDevin Teske	$ service jail start
52abd0b262SDevin Teske
53abd0b262SDevin TeskeSample 4: Per-jail rc.conf(5)
54abd0b262SDevin Teske
55abd0b262SDevin Teske	$ cp jib jng /usr/sbin/
56abd0b262SDevin Teske	$ cp rcjail.xxx.conf /etc/
57abd0b262SDevin Teske	$ vi /etc/rcjail.xxx.conf
58abd0b262SDevin Teske	# NB: Customize root directory and bridge interface
59abd0b262SDevin Teske	$ sysrc jail_enable=YES
60abd0b262SDevin Teske	$ sysrc jail_list+=xxx
61abd0b262SDevin Teske	$ sysrc rc_conf_files+=/etc/rcjail.xxx.conf
62abd0b262SDevin Teske	# NB: Assumes neither /etc/jail.conf nor /etc/jail.xxx.conf exist
63abd0b262SDevin Teske	$ service jail start
64abd0b262SDevin Teske
65abd0b262SDevin TeskeFor additional recipes, see share/examples/netgraph for
66fa212bfbSJulian Elischermaking and hooking together jails using netgraph as the
67fa212bfbSJulian Elischervirtual networking fabric.
68