Prerequisites
# Ensure ZFS is available (recommended)
zpool list
# Create jail dataset
zfs create -o mountpoint=/jails zroot/jails
Method 1: bsdinstall
# Create jail root directory
mkdir -p /jails/myjail
# Run bsdinstall to install base system
bsdinstall jail /jails/myjail
# Follow prompts to select components
Method 2: Manual with fetch
# Download base system
fetch https://download.freebsd.org/releases/amd64/14.0-RELEASE/base.txz
# Extract to jail directory
mkdir -p /jails/myjail
tar -xf base.txz -C /jails/myjail
# Copy resolv.conf
cp /etc/resolv.conf /jails/myjail/etc/
# /etc/jail.conf
# Global settings
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
# Allow ping
allow.raw_sockets;
# Individual jail
myjail {
host.hostname = "myjail.local";
path = "/jails/myjail";
# Networking (shared IP)
ip4.addr = "em0|192.168.1.50/24";
# Or use VNET
# vnet;
# vnet.interface = "epair0b";
}
Start the Jail
# Start jail
service jail start myjail
# Or manually
jail -c myjail
# List running jails
jls
# Enter jail
jexec myjail /bin/sh
Initial Jail Setup
# Inside the jail
jexec myjail /bin/sh
# Set root password
passwd
# Update pkg
pkg update && pkg upgrade
# Set timezone
tzsetup
# Enable sshd (if needed)
sysrc sshd_enable="YES"
service sshd start
Enable Jail at Boot
# In /etc/rc.conf
jail_enable="YES"
jail_list="myjail"
# Start all jails
service jail start
# Stop all jails
service jail stop
Thin Jails (Shared Base)
# Create base template
mkdir -p /jails/templates/base
tar -xf base.txz -C /jails/templates/base
# Create jail skeleton
mkdir -p /jails/templates/skeleton
mkdir -p /jails/templates/skeleton/{etc,home,root,usr/local,var}
# Create thin jail
mkdir -p /jails/thinjail
# Mount base read-only
mount -t nullfs -o ro /jails/templates/base /jails/thinjail
# Mount skeleton read-write
mount -t nullfs /jails/templates/skeleton /jails/thinjail/skeleton
intermediate | Jails | Updated 2025-01-15
- freebsd
- jails
- create
- setup
- containers