Source string Read only

(itstool) path: step/para
195/1950
Context English State
For a basejail based on the FreeBSD RELEASE matching that of the host computer, use <command>install</command>. For example, on a host computer running FreeBSD 10-STABLE, the latest RELEASE version of FreeBSD -10 will be installed in the jail):
<prompt>#</prompt> <userinput>ezjail-admin install -p</userinput>
To Populate the Jail with <command>installworld</command>
buildworld
The basejail can be installed from binaries created by <_:buildtarget-1/> on the host with <command>ezjail-admin update</command>.
In this example, FreeBSD 10-STABLE has been built from source. The jail directories are created. Then <_:buildtarget-1/> is executed, installing the host's <filename>/usr/obj</filename> into the basejail.
<prompt>#</prompt> <userinput>ezjail-admin update -i -p</userinput>
The host's <filename>/usr/src</filename> is used by default. A different source directory on the host can be specified with <option>-s</option> and a path, or set with <varname>ezjail_sourcetree</varname> in <filename>/usr/local/etc/ezjail.conf</filename>.
The basejail's ports tree is shared by other jails. However, downloaded distfiles are stored in the jail that downloaded them. By default, these files are stored in <filename>/var/ports/distfiles</filename> within each jail. <filename>/var/ports</filename> inside each jail is also used as a work directory when building ports.
The <acronym>FTP</acronym> protocol is used by default to download packages for the installation of the basejail. Firewall or proxy configurations can prevent or interfere with <acronym>FTP</acronym> transfers. The <acronym>HTTP</acronym> protocol works differently and avoids these problems. It can be chosen by specifying a full <acronym>URL</acronym> for a particular download mirror in <filename>/usr/local/etc/ezjail.conf</filename>:
ezjail_ftphost=http://<replaceable>ftp.FreeBSD.org</replaceable>
See <xref linkend="mirrors-ftp"/> for a list of sites.
Creating and Starting a New Jail
New jails are created with <command>ezjail-admin create</command>. In these examples, the <literal>lo1</literal> loopback interface is used as described above.
Create and Start a New Jail
Create the jail, specifying a name and the loopback and network interfaces to use, along with their <acronym>IP</acronym> addresses. In this example, the jail is named <literal>dnsjail</literal>.
<prompt>#</prompt> <userinput>ezjail-admin create <replaceable>dnsjail</replaceable> '<replaceable>lo1|127.0.1.1</replaceable>,<replaceable>em0</replaceable>|<replaceable>192.168.1.50</replaceable>'</userinput>
Most network services run in jails without problems. A few network services, most notably <citerefentry><refentrytitle>ping</refentrytitle><manvolnum>8</manvolnum></citerefentry>, use <emphasis>raw network sockets</emphasis>. In jails, raw network sockets are disabled by default for security. Services that require them will not work.
Occasionally, a jail genuinely needs raw sockets. For example, network monitoring applications often use <citerefentry><refentrytitle>ping</refentrytitle><manvolnum>8</manvolnum></citerefentry> to check the availability of other computers. When raw network sockets are actually needed in a jail, they can be enabled by editing the <application>ezjail</application> configuration file for the individual jail, <filename>/usr/local/etc/ezjail/<replaceable>jailname</replaceable></filename>. Modify the <literal>parameters</literal> entry:
export jail_<replaceable>jailname</replaceable>_parameters="allow.raw_sockets=1"
Do not enable raw network sockets unless services in the jail actually require them.
Start the jail:
<prompt>#</prompt> <userinput>ezjail-admin start <replaceable>dnsjail</replaceable></userinput>
Use a console on the jail:
<prompt>#</prompt> <userinput>ezjail-admin console <replaceable>dnsjail</replaceable></userinput>
The jail is operating and additional configuration can be completed. Typical settings added at this point include:
Set the <systemitem class="username">root</systemitem> Password
Connect to the jail and set the <systemitem class="username">root</systemitem> user's password:
<prompt>#</prompt> <userinput>ezjail-admin console <replaceable>dnsjail</replaceable></userinput>
<prompt>#</prompt> <userinput>passwd</userinput>
Changing local password for root
New Password:
Retype New Password:
Time Zone Configuration
The jail's time zone can be set with <citerefentry><refentrytitle>tzsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>. To avoid spurious error messages, the <citerefentry><refentrytitle>adjkerntz</refentrytitle><manvolnum>8</manvolnum></citerefentry> entry in <filename>/etc/crontab</filename> can be commented or removed. This job attempts to update the computer's hardware clock with time zone changes, but jails are not allowed to access that hardware.

Loading…

No matching activity found.

Browse all component changes

Glossary

English English
No related strings found in the glossary.

Source information

Source string comment
(itstool) path: step/para
Flags
read-only
Source string location
book.translate.xml:31000
String age
a year ago
Source string age
a year ago
Translation file
books/handbook.pot, string 5029