# Install Debian GNU/Linux using debootstrap on a FreeBSD Jail  with ZFS



## devildetail (Aug 20, 2013)

Install the tool _Debootstrap_, which installs Debian in a subdirectory of another system.

```
root@morsa:/root # portsnap fetch update 
root@morsa:/root # portmaster sysutils/debootstrap
```

 Configure the file system where we will install the Jail.

```
root@morsa:/root # zfs create -o mountpoint=/jailz fbsdzpool1/jailz
root@morsa:/root # zfs create fbsdzpool1/jailz/deb-master
root@morsa:/root # mkdir /jailz/etc
```

 Load the necessary modules.

```
root@morsa:/root # kldload fdescfs linprocfs linsysfs tmpfs
```

 We enable jail support and compatibility with Linux.

```
root@morsa:/root # echo 'jail_enable="YES"' >> /etc/rc.conf
root@morsa:/root # echo 'linux_enable="YES"' >> /etc/rc.conf
```

 Only if installing Squeeze, change the compatibility level declared 2.6.18.

```
root@morsa:/root #  echo 'compat.linux.osrelease=2.6.18' >> /etc/sysctl.conf
```

 Include in the configuration file /jailz/etc/jail.conf, change the IP address at your convenience:

```
deb-master {
 path = /jailz/deb-master;
 allow.mount;
 mount.devfs;
 host.hostname = deb-master;
 mount.fstab="/jailz/etc/fstab.deb-master";
 ip4.addr = [B]127.0.0.10[/B];
 interface = lo0;
 exec.start = "/etc/init.d/rc 3";
 exec.stop = "/etc/init.d/rc 0";
}
```

 Define the mounting points for the jail in /jail/etc/fstab.dev-master:

```
linsys   /jailz/deb-master/sys         linsysfs  rw          0 0
linproc  /jailz/deb-master/proc        linprocfs rw          0 0
tmpfs    /jailz/deb-master/lib/init/rw tmpfs     rw,mode=777 0 0
```

 With debootstrap install Debian GNU/Linux, Lenny or Squeeze versions, in the path of the jail.

```
root@morsa:/root # debootstrap [B]--foreign --arch=i386[/B] lenny /jailz/deb-master http://archive.debian.org/debian/
I: Retrieving Release
W: Cannot check Release signature; keyring file not available /usr/share/keyring
s/debian-archive-keyring.gpg
I: Retrieving Packages
I: Validating Packages
I: Resolving dependencies of required packages...
I: Resolving dependencies of base packages...
I: Checking component main on http://archive.debian.org/debian...
I: Retrieving libacl1 2.2.47-2
I: Validating libacl1 2.2.47-2
I: Retrieving adduser 3.110
I: Validating adduser 3.110
I: Retrieving apt-utils 0.7.20.2+lenny2
I: Validating apt-utils 0.7.20.2+lenny2
I: Retrieving apt 0.7.20.2+lenny2
[B]....[/B]
I: Extracting login...
I: Extracting passwd...
I: Extracting libslang2...
I: Extracting initscripts...
I: Extracting sysv-rc...
I: Extracting sysvinit-utils...
I: Extracting sysvinit...
I: Extracting tar...
I: Extracting tzdata...
I: Extracting bsdutils...
I: Extracting mount...
I: Extracting util-linux...
I: Extracting zlib1g...
```

 Inside the jail, delete the configuration files sysvinit_*.

```
root@morsa:/jailz/etc # ls /jailz/deb-master/var/cache/apt/archives/sysvinit_*
/jailz/deb-master/var/cache/apt/archives/sysvinit_2.86.ds1-61_i386.deb
root@morsa:/jailz/etc # rm /jailz/deb-master/var/cache/apt/archives/sysvinit_*
```

 We mount the filesystems of the jail, in this case, takes place after installation with debootstrap.

```
root@morsa:/root # mount -t linprocfs none /jailz/deb-master/proc
root@morsa:/root # mount -t devfs none /jailz/deb-master/dev
root@morsa:/root # mount -t linsysfs none /jailz/deb-master/sys
root@morsa:/root # mount -t tmpfs none /jailz/deb-master/lib/init/rw
```

 Run a shell with chroot within the path of the jail.

```
root@morsa:/root # chroot /jailz/deb-master /bin/bash
```

 To complete the configuration of the jail, from the shell started in the chroot environment, run:

```
I have no name!@morsa:/# dpkg --force-depends -Ei /var/cache/apt/archives/*.deb
```

 We left the previous shell and unmount the previously mounted file systems in step 10.

```
root@morsa:/root # umount /jailz/deb-master/proc
root@morsa:/root # umount /jailz/deb-master/dev
root@morsa:/root # umount /jailz/deb-master/sys
root@morsa:/root # umount /jailz/deb-master/lib/init/rw
```

In the likely event that can not be unmounted /jailz/deb-master/dev because the filesystem is busy, run:

```
# fstat | grep deb-master # kill -9 PID (For each process listed in the previous step)
```
 Never start the jail without cleaning the processes and unmounting /jailz/deb-master/dev.

 You need to disable rsyslog inside the jail, because it is not supported by the Linux compatibility module. Therefore, before starting the jail, for each directory in the path /jailz/deb-master/etc/rcX.d (where X takes values from 0 to 6) rename the service startup scripts.

```
# mv S10rsyslog _S10rsyslog
# mv K90rsyslog _K90rsyslog
```

 Start the jail, check that is correctly started and login.

```
root@morsa:/root # jail -f /jailz/etc/jail.conf -c deb-master
deb-master: created
Starting periodic command scheduler: crond.

root@morsa:/root # jls
   JID  IP Address      Hostname                      Path
     1  127.0.0.10      deb-master                   /jailz/deb-master

root@morsa:/root # jexec 1 /bin/bash
deb-master:/# uname -a
Linux deb-master 2.6.16 FreeBSD 9.1-RELEASE-p4 #0: Mon Jun 17 11:42:37 UTC 2013 i686 GNU/Linux
```

 Edit the file /etc/apt/sources.list and correct their content.

```
http://archive.debian.org/debian/ deb lenny main contrib non-free
```

 Update the package list.

```
deb-master:/# apt-get update
Get:1 http://archive.debian.org lenny Release.gpg [1034B]
Get:2 http://archive.debian.org lenny Release [99.6kB]
Get:3 http://archive.debian.org lenny/main Packages [6872kB]
Get:4 http://archive.debian.org lenny/non-free Packages [124kB]
Get:5 http://archive.debian.org lenny/contrib Packages [94.3kB]
Fetched 7191kB in 11s (649kB/s)
Reading package lists... Done
```

 Shutdown the jail, the error messages are due to processes within the jail can not perform certain operations.

```
root@morsa:/root # jail -f /jailz/etc/jail.conf -r deb-master
umount2: Operation not permitted
umount: fbsdzpool1/jailz: must be superuser to umount
umount2: Operation not permitted
umount: fbsdzpool1/ROOT/91_30062013/usr: must be superuser to umount
umount2: Operation not permitted
umount: fbsdzpool1/ROOT/91_30062013/usr: must be superuser to umount
umount2: Operation not permitted
umount: fbsdzpool1/ROOT/91_30062013/var: must be superuser to umount
umount2: Operation not permitted
umount: fbsdzpool1/ROOT/91_30062013/var: must be superuser to umount
failed.
mount: fbsdzpool1/ROOT/91_30062013: unknown device
Will now halt.
ifdown: shutdown usbus0: Invalid argument
ifdown: shutdown ath0: Invalid argument
ifdown: shutdown usbus1: Invalid argument
ifdown: shutdown lo0: Invalid argument
ifdown: shutdown lo0: Invalid argument
ifdown: shutdown eth1: Invalid argument 

deb-master: removed
```

 Make a ZFS snapshot of the jail.

```
root@morsa:/root # zfs snapshot zfs snapshot fbsdzpool1/jailz/deb-master@lenny
```
Now,  we have a base jail, from which we can generate new jails with ZFS clones, then  we added a new entry to /jailz/jail.conf and we created  the file /jailz/etc/fstab.newjail.

```
# zfs clone fbsdzpool1/jailz/deb-master@lenny fbsdzpool1/jailz/newjail
```


----------



## SirDice (Aug 20, 2013)

I really appreciate the effort for posting a HOWTO but could you please review it before submitting it? It took me 20 minutes just to get rid of all the useless [font] references.


----------



## devildetail (Aug 20, 2013)

Sorry,cut and paste is very dangerous.


----------



## trilkk (Oct 17, 2013)

*jail: getpwnam root: no such file or directory*

First of all, thanks for the instructions. However, trying them out, I end up with a Linux environment I can chroot into, but not start a jail in.

Starting the jail fails with the following message:

```
jail: getpwnam root: no such file or directory
```

Digging around, it turns out this is a POSIX call for acquiring a password file entry:
http://linux.die.net/man/3/getpwnam

This would lead to assume that there is something wrong with the root account. It turns out this is somehow correct. The situation can be simulated by mounting linprocfs, linsysfs, devfs and tmpfs manually, then trying to log into the chroot environment:
`> sudo chroot /jails/debian/ /bin/login`
Then try as root:
`hostname login: root`
The login system hangs for a while, then fails:

```
Login incorrect
```

Logging in with `login -f` works, and one can use the shell generated thus to set password for root. This does not affect the outcome though.

I tried around different Debian releases and different values for osrelease, but it seems no matter what I do, it fails the same way.

Any help would be appreciated.

P.S. It is possible to install Debian Wheezy using the instructions above. To do this, you need to change the osrelease to 2.6.26 first:
`sysctl compat.linux.osrelease=2.6.26`

P.P.S. Rather than remove rsyslog from the startup manually, it is easier to delete the rsyslog package from /var/apt/cache/archives at the same time as deleting sysvinit archive, so it does not get started in the first place:

`rm /jails/debian/var/apt/cache/archives/rsyslog_*`


----------



## devildetail (Oct 18, 2013)

Hi @trilkk,

Some suggestions:

First of all, what is the  FreeBSD version that you are using?, this guide  was developed under FreeBSD 9.1-RELEASE-p4.

Next, to my mind  setting 
	
	



```
compat.linux.osrelease=2.6.26
```
 is rather on the edge. In fact I tested this guide with Lenny and Squeeze but my advice is using Lenny, you con install Oracle 11gR2 on a jailed Lenny but no way with a jailed Squeeze.

In some cases you may need to run the step 12 repeatedly, until no more packages need to be processed. The mount points defined in the fstab for the jail need be tailored for the specific Debian release.

Do you run step 14 as is originally defined, or only with yours variation?.

You can read this post http://forums.freebsd.org/showthread.php?t=10485 regarding this error.


----------



## apple (Oct 19, 2013)

devildetail said:
			
		

> Install Debian GNU/Linux using debootstrap on a FreeBSD Jail  with ZFS.


Detail: Alan Cox, a leading developer of Linux, said there no is GNU/Linux. Reference http://www.linuxjournal.com/node/1000111.


----------



## sossego (Oct 20, 2013)

apple said:
			
		

> Detail: Alan Cox, a leading developer of Linux, said there no is GNU/Linux. Reference http://www.linuxjournal.com/node/1000111.



This falls along the line of politics. One has the right to call it "Debian Linux", "Debian GNU/Linux", or even "Chocolate-Covered-Peanut-Butter-Bar-With-Coconut Debian Linux" if they want. The naming convention of "Debian GNU/Linux" is commonly used in the Debian Community and is considered proper by them. Think of this tutorial as an alternative to the standard Fedora_10 base.


----------



## jef (Oct 20, 2013)

Thanks -- I will be trying this out once I get FreeBSD 10 running and configured a bit more on a spare machine.  I'm definitely interested in seeing how much of _Wheezy _I can get up and running.

BTW, http://www.debian.org/releases/ clearly calls it _Debian GNU/Linux Lenny _ in the "Index of Releases" section.


----------



## trilkk (Oct 20, 2013)

devildetail said:
			
		

> You can read this post http://forums.freebsd.org/showthread.php?t=10485 regarding this error.



Thanks! This solved it. Now I'm able to successfully start the jail.

For the sake of having all necessary information in the same thread, after executing @devildetail's steps, run `/usr/sbin/pwd_mkdb -d /<jaildir>/etc -p /<jaildir>/etc/master.passwd` before starting the jail for the first time.



			
				devildetail said:
			
		

> Hi @trilkk,
> First of all, what is the  FreeBSD version that you are using?, this guide  was developed under FreeBSD 9.1-RELEASE-p4.



This guide is now confirmed to work in FreeBSD 9.2-RELEASE.



			
				devildetail said:
			
		

> Next, to my mind  setting
> 
> ```
> compat.linux.osrelease=2.6.26
> ...



This is indeed the case.

To elaborate, I'm using the jail cross-compiling Linux applications and trying out demoscene stuff. The jail directory is, in my case, actually /compat/linux, which allows me to reuse it to run Linux applications from outside the jail.

It turns out that using Squeeze, getting sound to work for SDL applications is problematic. With Lenny, there are no problems whatsoever. The only problem being the apparent age of Lenny, which means you have to compile parts of the userland manually inside the jail.



			
				devildetail said:
			
		

> Do you run step 14 as is originally defined, or only with yours variation?.



After I reinstanted the jail to use Lenny, I still removed rsyslog manually before running `dpkg`. No problems with this approach.

So instead of step 9, run:
`rm /<jaildir>/var/cache/apt/archives/rsyslog_* /<jaildir>/var/cache/apt/archives/sysvinit_*`


----------



## quintessence (Oct 22, 2013)

Hi,

You have an (copy/paste may be) error in point 10 last row.
Regarding point 7 correct mount should be:

```
root@morsa:/root # mount -t tmpfs none /jailz/deb-master[B]/lib/init/rw[/B]
```
instead:

```
root@morsa:/root # mount -t tmpfs none /jailz/deb-master
```


----------



## BaxterStockman (Nov 3, 2013)

First, let me say thanks to everyone who has contributed in this thread, especially @devildetail and @trilkk. Thanks to your efforts I now have Debian Wheezy running like a champ on my FBSD FreeBSD box.

I just wanted to note a couple of issues and observations:

First, in Wheezy you should no longer mount a tmpfs at /lib/init/rw.  Instead, the tmpfs should be mounted at /run. You can get the details at the /run entry in the Debian Wiki.

Second, I ran into a problem with dpkg and apt-get where I couldn't install or upgrade any packages because /var/lib/dpkg/status was missing 'Version' and 'Description' entries for dpkg. The error was:


```
dpkg: error: parsing file '/var/lib/dpkg/status' near line 2357
missing version
```

I fixed this by inserting the version value for dpkg given from running `dpkg -l | grep dpkg` for 'Version' and a dummy entry 'Description' -- any string will do for that, it seems; I used something like 'something something go crazy'. After making the edits, I ran `apt-get -f install` to fix some broken packages, and now package management seems to be working entirely as it should.

Also, I've set 
	
	



```
compat.linux.osrelease=2.6.32
```
, which I suppose is even more on the bleeding edge than 2.6.26. Nonetheless, so far the jail works a treat -- but I'll be sure to note here any relevant issues I may encounter.

Again, thanks for everyone's efforts and insight.


----------



## sossego (Nov 23, 2013)

Now, what do I do to have lo0 connect to the Internet from within the jail?


----------



## BaxterStockman (Nov 24, 2013)

Somebody more knowledgeable please step in here, but are you sure you want lo0 to connect to the Internet?  I thought loopback interfaces were generally used solely for TCP/IP stuff that's limited to localhost itself, not for connecting to the outside world.  Are you asking about lo0 because it's the only interface that shows up when you run `ifconfig`?

If your issue is Internet access, as such, and not lo0 specifically, my guess is that you've got to edit /etc/resolv.conf.  It seems that the standard practice is to just copy it from the host OS into the jail.


----------



## devildetail (Nov 27, 2013)

*Re: Install Debian GNU/Linux using debootstrap on a FreeBSD*

I use the lo0 is for educational purposes. You can find examples of configuring a virtual network interface in this forum: https://forums.freebsd.org/viewtopic.php?&t=36507.

Anyway, to get Internet access with the lo0 interface you can use the following method:


```
root@morsa:/root # kldload pf
root@morsa:/root # echo 'pf_enable="YES"' >> /etc/rc.conf
root@morsa:/root # echo "nat on wlan0 from 127.0.0.10 to any -> (wlan0)" >> /etc/pf.conf
```


----------



## sossego (Nov 30, 2013)

*Re: Install Debian GNU/Linux using debootstrap on a FreeBSD*

Thanks, cat.

Edited.


----------



## srobert (Mar 1, 2015)

Thanks for the how-to.  Now that I've got Debian Squeeze installed in a jail, is there a how-to for setting up devices?  I'd like to be able to access a USB printer from the Linux jail.


----------



## ondra_knezour (Mar 1, 2015)

Try following this thread https://forums.freebsd.org/threads/enable-sound-inside-jail.23361/


----------



## debguy (Jun 26, 2018)

>  "With debootstrap install Debian GNU/Linux, Lenny or Squeeze versions, in the path of the jail."

unfortunatley i don't think anyone can use your TIPS

i suggest most people aren't going to know what debootstrap is.  (i made a script that installs debian fresh over a debian partition without CDROM, so i know)

Debian admins "particalized" and broke (lost parts, they will say by accident) of Squeeze probably lenny too by now.

they are on a "limbo" site that requires using jigdo to download them in a perverted form, reassemble, then to make CD of them.  the ISO .. GONE, deleted - rather - they  carefully removed them from public access

------------------------------

i suggest you make a "small chroot" (not full install), and a bootable flash or at least a flash sized image people can use (a pre-made chroot).  much like people provide VM images - just offer the image for download on some GPL download site.

i don't think people will be able to follow scripted directions to get squeeze inside a chroot.  it's been been tampered with / no longer available in that way unfortunately.

(i do not suggest doing this: but x-lfs-2010 is a linux from scratch (not LFS brand) that runs something close to squeeze but a little newer.  to compile it requires getting squeeze bins, because, gotta start from somewhere.  so if others wish to make LFS from scratch with simple script - i have to upload all the (just several) .deb bin packages required because debian admins have removed them from public pretty much.)


----------



## bryn1u (Jun 27, 2018)

Hey,


> Only if installing Squeeze, change the compatibility level declared 2.6.18.




```
root@morsa:/root #  echo 'compat.linux.osrelease=2.6.18' >> /etc/sysctl.conf
```

Where can i find and how newer version of level declared then 2.6.18 ?
For now the newest version of Debian is stretch so what kind of level is available ? Where can i find that info.
By the way, great tutorial.


----------

