# FreeBSD EzJail EC2



## arp (Feb 4, 2016)

Hi Everyone

I'm currently trying to setup Jails via EzJail on a couple of AWS EC2 instances.  One is running 10.1 and the other is 10.2 (both running RELEASE).

When I try to start a Jail I get the following error on both machines:

`ezjail-admin start db`


```
Starting jails: cannot start jail  "db": 

jail: db: mount.fdescfs: /usr/jails/db/dev/fd: No such file or directory

.

/etc/rc.d/jail: WARNING: Per-jail configuration via jail_* variables  is obsolete.  Please consider to migrate to /etc/jail.conf.

Error: Could not start db.

  You need to start it by hand.
```

Note: Nothing more than the Warning is appearing in the logs.

The commands I used to create the Jail were:


```
cloned_interfaces="lo1"
ezjail_enable="YES"
```

`service net if cloneup`
`ezjail-admin update -i -p`
`ezjail-admin create db 'lo1|x.x.x.x'`


The same commands worked correctly on two other machines, one physical and the other a DigitalOcean VPS, both running 10.2 RELEASE.

Any help would be greatly appreciated.


----------



## SirDice (Feb 4, 2016)

Make sure devfs(5) is enabled in the jail too.


----------



## arp (Feb 4, 2016)

SirDice said:


> Make sure devfs(5) is enabled in the jail too.



As far as I can tell it is.  The config for the Jail is as follows:


```
export jail_db_hostname="db"
export jail_db_ip="lo1|127.0.1.1"
export jail_db_rootdir="/usr/jails/db"
export jail_db_exec_start="/bin/sh /etc/rc"
export jail_db_exec_stop=""
export jail_db_mount_enable="YES"
export jail_db_devfs_enable="YES"
export jail_db_devfs_ruleset="devfsrules_jail"
export jail_db_procfs_enable="YES"
export jail_db_fdescfs_enable="YES"
export jail_db_image=""
export jail_db_imagetype=""
export jail_db_attachparams=""
export jail_db_attachblocking=""
export jail_db_forceblocking=""
export jail_db_zfs_datasets=""
export jail_db_cpuset=""
export jail_db_fib=""
export jail_db_parentzfs=""
export jail_db_parameters=""
export jail_db_post_start_script=""
export jail_db_retention_policy=""
```

Is there anywhere else I need to look?


----------



## arp (Feb 5, 2016)

To answer my own question it did indeed have something to do with devfs. The machines in question have chroot enabled on /dev. To get the Jail to start I added the following to /etc/devfs.conf.


```
[devfsrules_jail=5]
add hide
add path run unhide
add path random unhide
```

And adjust the devfs rule in /usr/local/etc/ezjail/db from:


```
export jail_db_devfs_ruleset="devfsrules_jail"
```

To:


```
export jail_db_devfs_ruleset="5"
```


----------

