FreeBSD

【FreeBSD】Jail 管理

Posted by 西维蜀黍 on 2021-03-04, Last Modified on 2024-05-07

管理 Jail Instance

$ iocage list
+------+---------+-------+--------------+---------------+
| JID  |  NAME   | STATE |   RELEASE    |      IP4      |
+======+=========+=======+==============+===============+
| 1    | SWJail  | up    | 12.2-RELEASE | 192.168.18.70 |
+------+---------+-------+--------------+---------------+
| None | SWJail2 | down  | 12.2-RELEASE | DHCP          |
+------+---------+-------+--------------+---------------+
| None | SWJail3 | down  | 12.2-RELEASE | 192.168.18.71 |
+------+---------+-------+--------------+---------------+

Jails can be shut down with jexec(8). Use jls(8) to identify the jail’s JID, then use jexec(8) to run the shutdown script in that jail.

# jls
   JID  IP Address      Hostname                      Path
     3  192.168.0.10    www                           /usr/jail/www
# jexec 3 /etc/rc.shutdown

# 启动特定的 Jail 实例,-D 是 debug 模式
$ iocage -D start [NAME]

# 停止
$ iocage stop [NAME]

进入特定的 Jail 实例的 Shell:

$ iocage console [NAME]

创建一个 Jail 实例:

$ iocage create -n SWJailNew2 -r 12.2-RELEASE ip4_addr="em0|192.168.1.10/24"

Configure a Jail (Via Property)

Configuring the properties of an already created jail is best done with the set and get subcommands. Be sure to provide the NAME or UUID of the desired jail when using these subcommands.

Set Jail Property

iocage uses the set subcommand to configure jail properties.

To assign a custom note to a jail with the notes property:

# iocage set notes="This is a test jail." [jail_name]

The full list of jail properties is available in the iocage(8) manual page PROPERTIES section.

Get Jail Property

To view a specific jail property, use the get subcommand:

# iocage get [property_name] [jail_name]

Get all properties:

Display the full list of a jail’s properties:

# iocage get all [jail_name]

Property 选项

# Enable vnet for the jail
$ iocage set vnet=on

# set nat
$ iocage set nat=0 SWJailNew1

# Configure an IP address
$ iocage set ip4_addr="vnet0|192.168.18.73/24" SWJailNew1

# set default gateway 
$ iocage set defaultrouter=192.168.18.1 SWJailNew1

# Enable DHCP
# The dhcp=on property implies creating a VNET virtual network stack and enabling the Berkley Packet Filter. DHCP cannot work without VNET.
$ iocage set dhcp=on SWJailNew1

Reference

FEATURED TAGS
algorithm algorithmproblem architecturalpattern architecture aws c# cachesystem codis compile concurrentcontrol database dataformat datastructure debug design designpattern distributedsystem django docker domain engineering freebsd git golang grafana hackintosh hadoop hardware hexo http hugo ios iot java javaee javascript kafka kubernetes linux linuxcommand linuxio lock macos markdown microservices mysql nas network networkprogramming nginx node.js npm oop openwrt operatingsystem padavan performance programming prometheus protobuf python redis router security shell software testing spring sql systemdesign truenas ubuntu vmware vpn windows wmware wordpress xml zookeeper
FRIENDS

TOC