this is obsolete doc -- see http://doc.nethence.com/ instead

DragonflyBSD jail host configuration 

http://pbraun.nethence.com/doc/sysutils_bsd/dragonflybsd.html 

http://pbraun.nethence.com/doc/sysutils_bsd/freebsd.html 

http://pbraun.nethence.com/doc/sysutils_bsd/jail.html 

Host configuration 

On the real system which is going to host the jail guests. 

Disable some daemons, 

cd /etc/

vi rc.conf

add/change, 

inetd_enable=no

rpcbind_enable=no

sendmail_enable=no

sendmail_submit_enable=no

sendmail_outbound_enable=no

sendmail_msp_queue_enable=no

General jail settings, 

jail_enable=yes

jail_list="jailname"

Note. jail_list lists jails to be started with a simple space separator. 

Note. jail_set_hostname_allow is set to yes by default (/etc/defaults/rc.conf) 

Jail guest settings, 

jail_jailname_devfs_enable=yes

jail_jailname_rootdir=/data/guests/jailname

jail_jailname_hostname=jailname.example.local

jail_jailname_interface=alc0

jail_jailname_ip=192.168.0.3

ifconfig_lnc0_alias0="inet 192.168.0.3 netmask 255.255.255.255"

Note. change the ip accordingly 

Note. for ip aliases, the netmask should be /32 

Note. change the network interface name/driver accordinly 

Note. apply those patches to mount devfs for the jail guest (at least it's needed for dfly 2.8.2), 

http://pbraun.nethence.com/code/sysutils_dragonflybsd/jail.patch

http://pbraun.nethence.com/code/sysutils_dragonflybsd/rc.conf.patch

otherwise, without devfs, you wouldn't be able to ping, 

ping: socket: Operation not permitted

nor to ps, 

ps: bad namelist - no kernbase

No services other than ssh, syslog and cron should be running on the host system. Prevent sshd from listening on ip aliases, 

cd /etc/ssh/

vi sshd_config

change, 

ListenAddress 192.168.0.2

apply, 

/etc/rc.d/sshd restart

At last, it's also recommended to file-resolve the jail guests from the host, 

cd /etc/

vi hosts

Note. besides, we're copying that one to guests' config later on. 

Making a jail guest 

Upload and extract the memstick image, 

bunzip2 dfly-x86_64-2.8.2_REL.img.bz2

mkdir -p /mnt/memstick/

vnconfig vn0 dfly-x86_64-2.8.2_REL.img

mount /dev/vn0s1a /mnt/memstick/

cd /mnt/memstick/

Install a jail guest from the host, 

mkdir -p /data/guests/jailname/

cd /data/guests/jailname/

for dir in \

        bin dev etc.hdd root sbin sys tmp usr var; do

        cpdup /mnt/memstick/$dir $dir

done

mv etc.hdd/ etc

ls -ld tmp/

  mkdir -p mnt/ proc/

Note. no need to copy boot/, also, it's therefore easy to recognize a jail guest without that dir. 

Note. it's etc.hdd we want for the harddisk. etc itself is for the cdrom/memstick 

Note. no need to MAKEDEV anymore. devfs does it for you. 

Refs. 

less /mnt/memstick/README 

less /mnt/memstick/README.USB 

Ready to go 

Enable jail on the host and start the jail guest, 

/etc/rc.d/jail restart

Get into the jail guest, 

jls

jexec 1 csh

and proceed with your usual post-installation procedure (http://pbraun.nethence.com/doc/sysutils_bsd/jail_guest.html) but eventually skip those steps;-) 

cd /data/guests/jailname/etc/

cp /etc/hosts .

cp /etc/resolv.conf .

Usage 

To start/stop a jail guest, 

/etc/rc.d/jail stop jailname

/etc/rc.d/jail start jailname

References 

http://www.dragonflybsd.org/docs/handbook/handbook-jails-build/