FreeBSD jails: the bare hands way

Many things have changed since my previous post about FreeBSD jails. Warden seems not that much used, and it’s alternative iocage is deprecated. Hence, based on ideas from this post I ventured on a rewarding way of setting jails manually.

Setup

exec.start += "/bin/sh /etc/rc";
exec.stop += "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
mount.fdescfs;
mount.procfs;
allow.raw_sockets = 1;
allow.mount;
allow.mount.zfs;
enforce_statfs = 1;
devfs_ruleset = 4;

path = "/usr/jails/$name";
# snip
torrente {
        host.hostname = "torrente";
        ip4.addr += "re0|192.168.1.247/32";
        ip4.addr += "lo3|10.10.4.30/32";
        # because jail name exists only after jail is started
        exec.poststart = "zfs jail $name tank/staging";
        # because jail name cease to exist during stop
        exec.prestop = "zfs unjail $name tank/staging";
}
cd /usr/jails
zfs create tank/jails/torrente
tar xpvf base.txz -C torrente
cat EOF >>/etc/start_if.lo3
#!/bin/sh
/sbin/ifconfig $1 create
EOF
ifconfig lo3 create
zfs create -o jailed=on tank/staging
cp /etc/resolv.conf  /usr/jails/torrente/etc/resolv.conf
service jail start torrente
jexec torrente mkdir /usr/ports
mount_nullfs /usr/ports /usr/jails/torrente/usr/ports
mount_nullfs /usr/src /usr/jails/torrente/usr/src
jexec torrente sh

su
mkdir /tmp/knl # why?
zfs set mountpoint=/shares/staging tank/staging
pkg install transmission-daemon