FreeBSD Jails Cheatsheet
#
FreeBSD Jails is a feature of the FreeBSD operating system that allows administrators to partition a FreeBSD system into multiple independent, secure mini-systems called jails. Each jail has its own hostname, IP address, and file system.
Jail Management
#
| Command/Option | Example | Description |
|---|
| jail -c | jail -c path=/path/to/jail mount.devfs devfs_ruleset=4 host.hostname=myjail ip4.addr=192.168.0.10 command=/bin/sh | Create and start a new jail |
| jail -r | jail -r myjail | Remove (stop) a jail |
| jail -l | jail -l | List all running jails |
| jail -m | jail -m name=myjail ip4.addr=192.168.0.11 | Modify an existing jail |
Jail Configuration
#
| Command/Option | Example | Description |
|---|
| /etc/rc.conf | jail_enable="YES" jail_list="myjail" | Enable jails at boot and list jails to start |
| /etc/jail.conf | myjail { host.hostname = "myjail"; path = "/path/to/jail"; ip4.addr = "192.168.0.10"; exec.start = "/bin/sh /etc/rc"; exec.stop = "/bin/sh /etc/rc.shutdown"; } | Define jail parameters in the jail.conf file |
Starting and Stopping Jails
#
| Command/Option | Example | Description |
|---|
| service jail start | service jail start myjail | Start a jail using the service command |
| service jail stop | service jail stop myjail | Stop a jail using the service command |
| service jail restart | service jail restart myjail | Restart a jail using the service command |
Managing Jail Processes
#
| Command/Option | Example | Description |
|---|
| jexec | jexec myjail csh | Execute a command inside a running jail |
| jls | jls | List all running jails and their parameters |
| jkill | jkill -j myjail 1234 | Kill a process running inside a jail by its PID |
Networking in Jails
#
| Command/Option | Example | Description |
|---|
| ifconfig | ifconfig epair create | Create a network interface for use with a jail |
| ifconfig | ifconfig epair0a up | Bring up the network interface |
| ifconfig | ifconfig bridge0 addm epair0a addm epair0b up | Add network interfaces to a bridge for jail networking |
| /etc/jail.conf | myjail { ... vnet; vnet.interface = "epair0b"; } | Configure VNET for a jail in the jail.conf file |
Mounting File Systems in Jails
#
| Command/Option | Example | Description |
|---|
| mount -t nullfs | mount -t nullfs /host/path /path/to/jail/mnt | Mount a directory from the host system inside a jail |
| fstab.myjail | /host/path /path/to/jail/mnt nullfs rw 0 0 | Add a persistent mount entry for a jail in its fstab file |
Advanced Jail Management
#
| Command/Option | Example | Description |
|---|
| jail -c persist | jail -c name=myjail persist | Create a persistent jail that stays even if no processes are running |
| jail -h | jail -h | Display help information for the jail command |
| jail -f | jail -f /etc/jail.conf | Start jails based on the configuration in /etc/jail.conf |
This cheatsheet covers the most commonly used FreeBSD Jails commands and options, helping you to manage jail creation, configuration, networking, file systems, and advanced settings effectively.