# Jail doesn't seem to start



## minimike (Oct 3, 2010)

Hi

I wanna want to create Jails to learn the technology. So I am following the instructions from http://www.freebsd.org/doc/handbook/jails-build.html

So my rc.conf:


```
jail_enable="NO"                                 # Set to NO to disable starting of any jails
jail_list="fbtomcat"                             # Space separated list of names of jails

jail_fbtomcat_rootdir="/var/jails/fbtomcat"      # jail's root directory
jail_fbtomcat_hostname="fbtomcat"                # jail's hostname
jail_fbtomcat_ip="192.168.2.21"                  # jail's IP address
jail_fbtomcat_devfs_enable="YES"                 # mount devfs in the jail
```

Now i wanna I want to start and access the Jail

```
root@ ~src # /etc/rc.d/jail onestart fbtomcat 
Configuring jails:.
Starting jails: fbtomcat.
root@ ~src # jexec -U root fbtomcat /bin/sh
jexec: jail "fbtomcat" not found
```

Ping to the Jail fails too. Currently I don't understand what is going wrong. Can anybody help me? I am using FreeBSD 8.1

best regards 
Darko Hojnik


----------



## da1 (Oct 3, 2010)

Ok, first you have a problem with 
	
	



```
jail_fbtomcat_devfs_enable="YES"
```
 in the way that you didn't specify 
	
	



```
jail_<jname>_devfs_ruleset="<devfs.rules_ID>"
```

Second, "jexec" expects a JID (integer) and not a "name".

ex: `jexec -U root 1 /bin/whatever`
where "1" is the JID of jail XYZ.


----------



## minimike (Oct 3, 2010)

Hello da1

Thank you very much for your help. My first Jail is running now. So i have written 
	
	



```
jail_fbtomcat_devfs_ruleset="devfsrules_jail"
```
 in the rc.conf. And I have fixed some other stuff. So the network is running too.

Currenty I couldn't use ping, nmap and sysinstall inside the Jail. Because I don't have as Root the right permissions for them. Do I have to modify the /etc/devfs.conf? Or where I have to set the propper permissions? And it is possible to hide the output from dmesg and to hide all unused NIC's inside the Jail?

kind regards
Darko Hojnik


----------



## Savagedlight (Oct 4, 2010)

You'd need to allow raw sockets inside the jail for pings and most of the nmap scans to work.
`$ sysctl -d security.jail.allow_raw_sockets`
Keep in mind that this will potentially allow the prison root to do whatever they want with your network.


----------



## minimike (Oct 4, 2010)

```
sysctl -d security.jail.allow_raw_sockets
```

hmm there is no alternative solution for them? I am thinking about to offer some Jails for rent to some of my customers. I am buying big Servers and I am testing what would be better. FreeBSD Jails or Solaris Zones. On FreeBSD I am able to run Debian KfreeBSD in a Jail without emulate something like Linux Zones on Solaris. I do not like the Filesystems, the bad Scheduler and the Managment for memory of current Linuxdistros. So currently I am thinking now, it's the best time to switch completely to Unix.


----------



## da1 (Oct 4, 2010)

minimike said:
			
		

> I am thinking about to offer some Jails for rent to some of my customers.



Maybe "VIMAGE" will help you a bit further ?

Give it a try but keep in mind it is still consider experimental (due to lack of SCTP support alongside VIMAGE).

However, I was able to build a kernel with both VIMAGE and SCTP options (maybe it was fixed).


----------



## minimike (Oct 5, 2010)

Hello da1

thank you for your suggestion. I have tried VIMAGE with Jails. So after my first tests I am really happy with them. I only have problems with bridging, but that will have to takes another thread

kind regards
Darko Hojnik


----------

