Background
This year I decided to return to my roots: FreeBSD. I learned the BSDi system as a simple unprivileged user before I really knew anything about the internet thanks to a local internet service provider including a shell account with all dial-in accounts in the early 90’s. I’m not even sure what year, but it was early college so either ‘91 or ‘92 (AOL Sucks!).
I was never really scared of the command line. I grew up with a Commodore VIC-20. I actually made a pretty penny (for a struggling college student) helping folks trim and set up their DOS AUTOEXEC.BAT and CONFIG.SYS files to play a little game called Doom.
When FreeBSD was released the Internet was new and sometimes news took a while to find its way to interested parties. I purchased first Walnut Creek CD-ROM for FreeBSD it was version 2 - I had missed the first version. It was great - it was everything I had learned as a user on the BSDi system, but I had more control! I had so much more to learn. I learned to build my own kernels - what an amazing time to learn. It was here my interest in computing exploded and I immediately changed my major from pre-engineering to computer science.
From then as I grew into Linux because it was growing at a much quicker rate than the FreeBSD operating system. My first distro was Slackware, and I experimented with Red Hat at the time, but I liked the crunchiness of Slackware better.
I’ve been administrating Ubuntu servers for my own hosting company for the better part of 20 years now, but after the last server upgrade I’ve moved many sites to FreeBSD jails. Formerly I used (and still use!) Linux Containers using Ubuntu’s pretty darn good LXD container manager.
So far the FreeBSD Jail performance is quite acceptable, and the config files and directory structure is much more simple.
I did try to return to my roots back in 2010, but I wasn’t vigilant enough.
Jails
My uninformed and “newb” process of creating a new jail goes as so:
bsdinstall jail /srv/jails/new-hostname
I know that /srv/ isn’t a standard BSD file system directory, but I like its use in Linux, so I use it personally on my servers. I believe the proper place is /usr/jail/new-hostname. It seems to me in The Amazing FreeBSD Manual that there seems to be a bit of administrator/operator choice.
The next step is to create or append the /etc/jail.config
Update 2023-11-01 - it would appear that FreeBSD 14.0 requires identifying the interface as well. New jails in 14 wouldn’t connect without specifying the vnet.
new-hostname {
host.hostname = new-hostname.mydomain.local; # Hostname
ip4.addr = 192.168.1.1; # IP address of the jail
interface="vtnet0";
path = "/srv/jails/new-hostname"; # Path to the jail
mount.devfs; # Mount devfs inside the jail
exec.start = "/bin/sh /etc/rc"; # Start command
exec.stop = "/bin/sh /etc/rc.shutdown"; # Stop command
}
Here you’ll change new-hostname.mydomain.local
to the FQDN of your new jail… don’t forget to customize the ip4.addr or add an ip6.addr if you need to as well.
Just in case you’ll want to sysrc jail_enable="YES"
to be sure that your jail will start properly.
Once you’re ready you can start/stop the jailed server with service jail start new-hostname
and service jail stop new-hostname
At this point you can either just ssh in or execute a shell by jexec new-hostname sh
and “tada” you have a new c shell running as root, or you can replace sh with any shell installed on the jailed server.
If you’d like to see what jails are running/active jls
Final Thoughts
Altough Linux containers seem to start much faster by default (as do Linux boots/startups versus FreeBSD startups), I personally feel the simplicity of the FreeBSD jail system to be much more open and easy to work with manually.
Linux containers (Ubuntu specifically) have a whole slew of automation, snapshotting, and transfer tools. FreeBSD has much of this is handled by FreeBSD’s native OpenZFS.
So far I’m digging my return to FreeBSD, and I can’t wait to learnd ZFS and bhyve!
This short document is just a taste of all the things Jails can do, as referred above The Amazing FreeBSD Manual is your first, last, and best place for reference.