# Minimal jail.conf and jail.conf options



## japoc (Apr 4, 2017)

Hello,

I'd like to create jails using the `jail` built-in utility and the new /etc/jail.conf configuration file. 
However, the manual at https://www.freebsd.org/doc/handbook/jails-build.html still uses the old format of using jail_ variables in 
/etc/rc.conf.

I don't have any jail.conf on my system now, but I guess this is normal.

In the man page of the `jail` command at https://www.freebsd.org/cgi/man.cgi?query=jail.conf&sektion=5&n=1 , they give the following example of a jail.conf, but they don't explain all the options used.


```
# Typical static defaults:
# Use the rc scripts to start and stop jails.  Mount jail's /dev.
exec.start    = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;

# Dynamic wildcard    parameter:
# Base the    path off the jail name.
path = "/var/jail/$name";

# A typical jail.
foo {
 host.hostname = "foo.com";
 ip4.addr =    10.1.1.1, 10.1.1.2, 10.1.1.3;
}

# This jail overrides the defaults    defined    above.
bar {
 exec.start    = '';
 exec.stop = '';
 path = /;
 mount.nodevfs;
 persist;         //    Required because there are no processes
}
```

Does someone know what the exec.clean option means?
Same question for the mount.devfs, what does it mean/do/is used for?

Also in the section for the "bar" jail, how come exec.start and exec.stop are empty? This jail never starts? And what is the mount.nodevfs option?

Thanks for your help.


----------



## SirDice (Apr 4, 2017)

japoc said:


> Does someone know what the exec.clean option means?
> Same question for the mount.devfs, what does it mean/do/is used for?


See jail(8):

```
exec.clean
             Run commands in a clean environment.  The environment is
             discarded except for HOME, SHELL, TERM and USER.  HOME and SHELL
             are set to the target login's default values.  USER is set to the
             target login.  TERM is imported from the current environment.
             The environment variables from the login class capability
             database for the target login are also set.
```


```
mount.devfs
             Mount a devfs(5) filesystem on the chrooted /dev directory, and
             apply the ruleset in the devfs_ruleset parameter (or a default of
             ruleset 4: devfsrules_jail) to restrict the devices visible
             inside the jail.
```



japoc said:


> Also in the section for the "bar" jail, how come exec.start and exec.stop are empty? This jail never starts? And what is the mount.nodevfs option?




```
exec.start
             Command(s) to run in the jail environment when a jail is created.
             A typical command to run is ``sh /etc/rc''.
```


```
exec.stop
             Command(s) to run in the jail environment before a jail is
             removed, and after any exec.prestop commands have completed.  A
             typical command to run is ``sh /etc/rc.shutdown''.
```


----------



## japoc (Apr 4, 2017)

Oh, thanks. I thought I would find the definitions of these jail.conf options in the man page of jail.conf, but they were in the man page of the `jail`command.


----------

