在网上见到无穷个版本的jail创建方法,也不知道哪个比较对,把自己摆弄的过程记下来吧,有什么不对或需要补充的请告知,拜求鸟~~~
1.首先为你的jail创建一个目录
mkdir /usr/jail/qatest1
2.编译源代码并安装
cd /usr/src
make world DESTDIR=/usr/jail/qatest1
make installworld DESTDIR=/usr/jail/qatest1
3.安装配置文件
cd /usr/src/etc
make distribution DESTDIR=/usr/jail/qatest1
4.在主机绑定IP
vi /etc/rc.conf
添加:
ifconfig_em1_alias0="inet 10.88.15.211 netmask 255.255.255.0"
jail_enable="YES"
jail_list="qatest1"
jail_qatest1_rootdir="/usr/jail/qatest1"
jail_qatest1_hostname="qatest1.sina.com"
jail_qatest1_ip="10.88.15.211"
jail_qatest1_exec="/bin/sh /etc/rc"
jail_qatest1_devfs_enable="YES"
jail_qatest1_skel_enable="YES"
5.为jail添加用户
jail /usr/jail/qatest1 qatest1.sina.com 10.88.15.211 /bin/csh
进去后adduser
6.增加一些jail的配置
创建一个/etc/rc.conf文件,内容如下:
rpc_bind_enable="NO"
sshd_enable="YES"
hostname="qatest1.sina.com"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
ntpd_enable="YES"
ntpd_sync_on_start="YES"
named_enable="YES"
把主机的resolv.conf拷过来
把主机的posts映射过来:
mount_nullfs /usr/ports /usr/jail/qatest1/usr/ports
开启创建IMCP包的权限:
sysctl -a security.jail.allow_raw_sockets=1
启动和停止jail的方法(在主机上):/etc/rc.d/jail start/stop qatest1