Source string Read only

(itstool) path: para/buildtarget
10/100
Context English State
Jails can be allowed to use aliases of this secondary loopback interface without interfering with the host.
Inside a jail, access to the loopback address <systemitem class="ipaddress">127.0.0.1</systemitem> is redirected to the first <acronym>IP</acronym> address assigned to the jail. To make the jail loopback correspond with the new <literal>lo1</literal> interface, that interface must be specified first in the list of interfaces and <acronym>IP</acronym> addresses given when creating a new jail.
Give each jail a unique loopback address in the <systemitem class="ipaddress">127.0.0.0</systemitem><systemitem class="netmask">/8</systemitem> netblock.
Install <package role="port">sysutils/ezjail</package>:
<prompt>#</prompt> <userinput>cd /usr/ports/sysutils/ezjail</userinput>
<prompt>#</prompt> <userinput>make install clean</userinput>
Enable <application>ezjail</application> by adding this line to <filename>/etc/rc.conf</filename>:
ezjail_enable="YES"
The service will automatically start on system boot. It can be started immediately for the current session:
<prompt>#</prompt> <userinput>service ezjail start</userinput>
With <application>ezjail</application> installed, the basejail directory structure can be created and populated. This step is only needed once on the jail host computer.
In both of these examples, <option>-p</option> causes the ports tree to be retrieved with <citerefentry><refentrytitle>portsnap</refentrytitle><manvolnum>8</manvolnum></citerefentry> into the basejail. That single copy of the ports directory will be shared by all the jails. Using a separate copy of the ports directory for jails isolates them from the host. The <application>ezjail</application> <acronym>FAQ</acronym> explains in more detail: <link xlink:href="http://erdgeist.org/arts/software/ezjail/#FAQ"/>.
To Populate the Jail with FreeBSD-RELEASE
For a basejail based on the FreeBSD RELEASE matching that of the host computer, use <command>install</command>. For example, on a host computer running FreeBSD 10-STABLE, the latest RELEASE version of FreeBSD -10 will be installed in the jail):
<prompt>#</prompt> <userinput>ezjail-admin install -p</userinput>
To Populate the Jail with <command>installworld</command>
buildworld
The basejail can be installed from binaries created by <_:buildtarget-1/> on the host with <command>ezjail-admin update</command>.
In this example, FreeBSD 10-STABLE has been built from source. The jail directories are created. Then <_:buildtarget-1/> is executed, installing the host's <filename>/usr/obj</filename> into the basejail.
<prompt>#</prompt> <userinput>ezjail-admin update -i -p</userinput>
The host's <filename>/usr/src</filename> is used by default. A different source directory on the host can be specified with <option>-s</option> and a path, or set with <varname>ezjail_sourcetree</varname> in <filename>/usr/local/etc/ezjail.conf</filename>.
The basejail's ports tree is shared by other jails. However, downloaded distfiles are stored in the jail that downloaded them. By default, these files are stored in <filename>/var/ports/distfiles</filename> within each jail. <filename>/var/ports</filename> inside each jail is also used as a work directory when building ports.
The <acronym>FTP</acronym> protocol is used by default to download packages for the installation of the basejail. Firewall or proxy configurations can prevent or interfere with <acronym>FTP</acronym> transfers. The <acronym>HTTP</acronym> protocol works differently and avoids these problems. It can be chosen by specifying a full <acronym>URL</acronym> for a particular download mirror in <filename>/usr/local/etc/ezjail.conf</filename>:
ezjail_ftphost=http://<replaceable>ftp.FreeBSD.org</replaceable>
See <xref linkend="mirrors-ftp"/> for a list of sites.
Creating and Starting a New Jail
New jails are created with <command>ezjail-admin create</command>. In these examples, the <literal>lo1</literal> loopback interface is used as described above.
Create and Start a New Jail
Create the jail, specifying a name and the loopback and network interfaces to use, along with their <acronym>IP</acronym> addresses. In this example, the jail is named <literal>dnsjail</literal>.
<prompt>#</prompt> <userinput>ezjail-admin create <replaceable>dnsjail</replaceable> '<replaceable>lo1|127.0.1.1</replaceable>,<replaceable>em0</replaceable>|<replaceable>192.168.1.50</replaceable>'</userinput>
Most network services run in jails without problems. A few network services, most notably <citerefentry><refentrytitle>ping</refentrytitle><manvolnum>8</manvolnum></citerefentry>, use <emphasis>raw network sockets</emphasis>. In jails, raw network sockets are disabled by default for security. Services that require them will not work.
Occasionally, a jail genuinely needs raw sockets. For example, network monitoring applications often use <citerefentry><refentrytitle>ping</refentrytitle><manvolnum>8</manvolnum></citerefentry> to check the availability of other computers. When raw network sockets are actually needed in a jail, they can be enabled by editing the <application>ezjail</application> configuration file for the individual jail, <filename>/usr/local/etc/ezjail/<replaceable>jailname</replaceable></filename>. Modify the <literal>parameters</literal> entry:
ComponentTranslation
This translation Translated FreeBSD Doc/books_handbook buildworld
The following strings have the same context and source.
Translated FreeBSD Doc/articles_freebsd-update-server buildworld
Translated FreeBSD Doc/books_porters-handbook buildworld
Translated FreeBSD Doc/articles_releng buildworld
Translated FreeBSD Doc/articles_nanobsd buildworld
Translated FreeBSD Doc/books_faq buildworld

Loading…

No matching activity found.

Browse all component changes

Things to check

Multiple failing checks

The translations in several languages have failing checks

Reset

Glossary

English English
No related strings found in the glossary.

Source information

Source string comment
(itstool) path: para/buildtarget
Flags
read-only
Source string location
book.translate.xml:29099 book.translate.xml:46247 book.translate.xml:46314
String age
a year ago
Source string age
a year ago
Translation file
books/handbook.pot, string 4704