FreeBSD Jail Management

FreeBSD jails is a containerization (lightweight virtualization) technology native to FreeBSD operating system.

This is similar to Docker in the Linux world.

System Commands

• jail(8): create (-c), remove (-r), modify (-m), and exhibit (-e) jails
• jls(8): list (exhibit) jails in human-friendly formats
• jexec(8): execute commands within jails

System Commands Supporting Jails

• sysrc(8): with-j option
• freebsd-update(8): with -j option
• pkg(8): with -j option
• sockstat(8): with -j option
• ps(1): with -J option
• zfs(8): with jail command
• bsdinstall(8): with jail command
• ifconfig(8): with vnet command

The list is quiet extensive and includes FreeBSD commands such a pgrep, pkill, killall and so on.

Configuration Files

• jail.conf(5): configuration parameters for the jail(8) command
• jail: RC jail service startup script
  - jail_status: calls jls -N
  - jail_console: calls jexec login -f root
- jail_config: show jail's configuration file
• rc.conf(5): RC jail service configuration variables

eg. service jail MyJail console

System Calls

Controlling jails from C programming languages including the sys/jail.h header file.

• jail(2): deprecated now in favor of jail_set(2)
• jail_set(2): behind jail -c and jail -m
• jail_get(2): implementing jail -e
• jail_attach(2): attach to an existing jail
• jail_remove(2): implementing jail -r

Library

There’s also libjail, an included C library for jail management calling the system calls above.

• jail(3): front-end interface library to jail system calls

Source Code

In the package jail

• jail.c (Makefile)
• jls.c (Makefile)
• jexec.c (Makefile)
• kern_jail.c: kernel code implementing the jail syscall
• jail.c (Makefile) from libjail: C library for jail management

Knowing these frees us from relying on the third-party software such as such as eazyjail and iocage to manage jails on a FreeBSD system conveniently.

FreeBSD Jails are documented in the Chapter 15 of the FreeBSD Handbook.