Jail


Mar. 4, 2025

USC2025+SE2 — Backups for the people!

We have started deploying a new backup server, levering the zfs filesystem together with FreeBSD jails 🤓

Sep. 10, 2023

FreeBSD jails: ZFS inside

So, we’ve seen how to create a native jail using FreeBSD’s toolset, and we’ve fine-tuned a few of its settings, including mounting select directories from the host into the jail.

Is that really enough though? 🙃

ZFS inside

We want zfs inside our jail, period!

But why?

Since we use a dedicated zfs dataset per jail, isn’t that enough? Well, dataset management (and anything disk-related) is handled on the host.

Practically speaking, this means that the root user inside the jail cannot alter dataset properties, nor create new ones.

Sep. 5, 2023

FreeBSD jails: system tuning

So, we’ve seen how to create a native jail using FreeBSD’s toolset. Meaning we have a brand-new system to configure!

Jail characteristics

Some jail-related specificities:

  • each jail runs with the host’s FreeBSD kernel;
  • as a result, a jail cannot run a newer OS version than the host system;
  • network is shared with the host by default, though the creation of vnet jails allows for virtualizing the entire network stack;
  • a number of actions are performed from the host and are either impossible or redundant within each jail; this is obviously the case for anything hardware-related, such as physical disks’ management;
  • one may want to share & centralize a number of operations such as logs;
  • one may want to access some parts of the host’s filesystem from within a jail;

Jail configuration

Basic Setup

Let’s copy /etc/resolv.conf & /etc/localtime from the host into the jail, so that it can issue DNS requests, and most importantly be on time ;)

Aug. 30, 2023

FreeBSD jails: going native

A piece of history

FreeBSD jails were introduced in June 2000. They were the first open-source solution for lightweight virtualization, and proved to be foundational to the container revolution that took off later on, preceding the emergence of linux-vserver in October 2001, or LXC containers at the end of 2008.

The jail technology inspired Sun’s engineers, who refined and further elaborated on its concepts through the development of Solaris Zones in 2004, as this talk by Bryan Cantrill amusingly evokes.

Powered by Hugo.