download

Chapter 5Setting Up a JailCreating a jail is almost as easy as doing a buildworld, as explained in Chapter 2,(System Configuration—Keeping it updated), and installing it in a different directoryother than the system's actual root directory.First you need to decide where you want to deploy the jail directory. A good placeto do so would be the /usr/jail subdirectory as there is always plenty of freespace available on the /usr partition. You may want to choose a different directorybased on your system's disk configuration. Define a variable that contains your jailsubdirectory address. If you are running C shell or its variants, run the commandshown here:# setenv D /usr/jails/webserver1If you are using bourne shell, run the following command:# export D=/usr/jails/webserver1In the above example, we chose webserver1 as the jail's home directory name. Thisis also used as the jails' hostname.Then you should rebuild the whole system (assuming you already have systemsources installed in /usr/src) and install it in the jails subdirectory:# mkdir –p $D# cd /usr/src# make buildworld# make installworld DESTDIR=$D# make distribution DESTDIR=$DIn the above example, we have created the jail subdirectory and built a completesystem from the source code and installed the result in the jail's subdirectory. Thisprocess would take a few hours, depending on your host hardware.If you have already built the world, replace you can skip the make buildworld partto save a lot of time. This would also be a good idea when you are creating multiplejails and you don't want to rebuild the whole system for each jail.The make installworld installs the whole system except for /etc subdirectory.This is actually what make distribution does for you. Use this command withcaution—any typing error may lead to overwriting the host system's /etc directoryand will cause loss of your system configuration.You do not need to compile a kernel for your jails as they will use therunning system's kernel.[ 77 ]