XigmaNAS

Moin,
Since many people ask me on how to simplify the Setupprocess of a jail I have a few hints.

1. TheBrig extension have NAS4Free webgui for build and control jails more simple
2. Build jails on folder /jail (only one step from root) is not good idea. This way not will work stable. For example original Freebsd jail environment have path /usr/jail - 2 step from root.

Moin,
1. Using a UI is just a matter of personal flavour.
1.1 Personally I like "The Warden" or ezjail. With the warden its also much more simple to jail a debian linux.
2. orginal FreeBSD has no default path. Please explain why it would not work stable? Using it since years this way.

dech

please , no jails wars here, both aproach are valid, one is better for power user that know what do ( dech ) and other is desinged to facilitate life to non power users (thebrig) alexey.

Moin,
thats no jail war. I just like to know why using /jails as the root for the jails is bad idea.
Also the tool you use for creating jails is just a matter of personal flavour.

dech

dech wrote:Moin,
1. Using a UI is just a matter of personal flavour.
1.1 Personally I like "The Warden" or ezjail. With the warden its also much more simple to jail a debian linux.

TheBrig have some functions as webmin module for jail. You can create and manage jails with webgui, your config stored into nas4free config.xml - so if you have zero problem with upgrade parent system.

2. orginal FreeBSD has no default path. Please explain why it would not work stable? Using it since years this way.

Because Freebsd security limits - sysctl security.jail.enforce_statfs =2 and set it to 0 === mount to /, or 1 === mount to /Folder is not recommended. I checked jail, building on ~ 15 motherboard, when it building on /jail it not start stable. Some users says about such behavior his jails.
See man http://www.freebsd.org/cgi/man.cgi?query=jail&sektion=8
Part examples/
It not have any example with path /jail.
As result security.jail.enforce_statfs =2 - you can not give to work symbolic links and mounts for path / or /Folder

When I created jails on machine with not stable start up bahvior, but jails was building on /mnt/jail or /usr/jail - it was work without problem

raulfg3 wrote:please , no jails wars here, both aproach are valid, one is better for power user that know what do ( dech ) and other is desinged to facilitate life to non power users (thebrig) alexey.

Raul, this is not jail war.
I was have problem with wiki-building jail, and anyone not help me. I begin to learn how it work - and as result we have TheBrig as is. It work on full and embedded version, jail start and shutdown procedures created for very strong way.
Jail is very good idea, but if dech wrote article about it, he need help for another users for understanding and edit article when another user find error

Moin,
yes, your are right with the /jail path. Primary reason I dont notice it cause I use only NFS for my jails. This avoid most of the problems with mounts. When I wrote the wiki article I used nullfs cause people are more familar with this.

dech

If you mount any for / , also over nfs, you need mount it as read only. This is not a way

If you inspect original freebsd etc/rc.d/jail file, you can find strings

# REQUIRE: LOGIN cleanvar
# BEFORE: securelevel

I was send request for change it for nas4free building.

Moin,
the mounts are not in the servers root, they are under /jails/<jailname>/mountpoint