Version 5 (modified by 14 years ago) ( diff ) | ,
---|
This document will describe the setup of jail(8) and how-to configure all applications to work properly within a jail(8). It has the following design criteria/assumptions:
- /usr/ports is shared throughout all installations (so are all the configuration for the ports then) and every system build all ports himself.
- my sample jail is called
pzwet
and is located in file:/usr/jail/pzwet
Important: Your jail server should not run any public facing services which does 'wildcard' binding to IP addresses, else it will 'claim' the service before your jail can take it. Notice: Jails does NOT have a local loopback device, so you will need to use UNIX sockets on places you would normally use the loopback address.
First make sure to install the jail using the method in the handbook
pzwet# make -C /usr/ports/security/sudo WITH_INSULTS=yes BATCH=yes install clean pzwet# make -C /usr/ports/devel/subversion WITH_MOD_DAV_SVN=yes APACHE_VERSION=22 BATCH=yes install clean pzwet# make -C /usr/ports/ports-mgmt/portaudit BATCH=yes install clean; /usr/local/sbin/portaudit -Fda
Update port INDEX tree and report on pending upgrades every Saturday pzwet# echo '0 3 * * sat root /usr/sbin/portsnap -I cron update && /usr/sbin/pkg_version -vIL=' >> /etc/crontab