doc/documentation/content/en/books/handbook/jails/_index.po

# SOME DESCRIPTIVE TITLE
# Copyright (C) YEAR The FreeBSD Project
# This file is distributed under the same license as the FreeBSD Documentation package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: FreeBSD Documentation VERSION\n"
"POT-Creation-Date: 2026-05-09 23:29+0100\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#. type: YAML Front Matter: description
#: documentation/content/en/books/handbook/jails/_index.adoc:1
#, no-wrap
msgid "Jails improve on the concept of the traditional chroot environment in several ways"
msgstr ""

#. type: YAML Front Matter: part
#: documentation/content/en/books/handbook/jails/_index.adoc:1
#, no-wrap
msgid "Part III. System Administration"
msgstr ""

#. type: YAML Front Matter: title
#: documentation/content/en/books/handbook/jails/_index.adoc:1
#, no-wrap
msgid "Chapter 17. Jails and Containers"
msgstr ""

#. type: Title =
#: documentation/content/en/books/handbook/jails/_index.adoc:15
#, no-wrap
msgid "Jails and Containers"
msgstr ""

#. type: Title ==
#: documentation/content/en/books/handbook/jails/_index.adoc:53
#, no-wrap
msgid "Synopsis"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:59
msgid ""
"Since system administration is a difficult task, many tools have been "
"developed to make life easier for the administrator.  These tools often "
"enhance the way systems are installed, configured, and maintained.  One of "
"the tools which can be used to enhance the security of a FreeBSD system is "
"_jails_.  Jails have been available since FreeBSD 4.X and continue to be "
"enhanced in their usefulness, performance, reliability, and security."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:64
msgid ""
"Jails build upon the man:chroot[2] concept, which is used to change the root "
"directory of a set of processes.  This creates a safe environment, separate "
"from the rest of the system.  Processes created in the chrooted environment "
"can not access files or resources outside of it.  For that reason, "
"compromising a service running in a chrooted environment should not allow "
"the attacker to compromise the entire system."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:68
msgid ""
"However, a chroot has several limitations.  It is suited to easy tasks which "
"do not require much flexibility or complex, advanced features.  Over time, "
"many ways have been found to escape from a chrooted environment, making it a "
"less than ideal solution for securing services."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:70
msgid ""
"Jails improve on the concept of the traditional chroot environment in "
"several ways."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:76
msgid ""
"In a traditional chroot environment, processes are only limited in the part "
"of the file system they can access.  The rest of the system resources, "
"system users, running processes, and the networking subsystem are shared by "
"the chrooted processes and the processes of the host system.  Jails expand "
"this model by virtualizing access to the file system, the set of users, and "
"the networking subsystem.  More fine-grained controls are available for "
"tuning the access of a jailed environment.  Jails can be considered as a "
"type of operating system-level virtualization."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:78
msgid "This chapter covers:"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:80
msgid "What a jail is and what purpose it may serve in FreeBSD installations."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:81
msgid "The different types of jail."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:82
msgid "The different ways to configure the network for a jail."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:83
msgid "The jail configuration file."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:84
msgid "How to create the different types of jail."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:85
msgid "How to start, stop, and restart a jail."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:86
msgid ""
"The basics of jail administration, both from inside and outside the jail."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:87
msgid "How to upgrade the different types of jail."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:88
msgid "An incomplete list of the different FreeBSD jail managers."
msgstr ""

#. type: Title ==
#: documentation/content/en/books/handbook/jails/_index.adoc:90
#, no-wrap
msgid "Jail Types"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:94
msgid ""
"Some administrators divide jails into different types, although the "
"underlying technology is the same.  Each administrator will have to assess "
"what type of jail to create in each case depending on the problem they have "
"to solve."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:96
msgid ""
"Below can be found a list of the different types, their characteristics, and "
"considerations for use."
msgstr ""

#. type: Title ===
#: documentation/content/en/books/handbook/jails/_index.adoc:98
#, no-wrap
msgid "Thick Jails"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:105
msgid ""
"A thick jail is a traditional form of FreeBSD Jail.  In a thick jail, a "
"complete copy of the base system is replicated within the jail's "
"environment.  This means that the jail has its own separate instance of the "
"FreeBSD base system, including libraries, executables, and configuration "
"files.  The jail can be thought of as an almost complete standalone FreeBSD "
"installation, but running within the confines of the host system.  This "
"isolation ensures that the processes within the jail are kept separate from "
"those on the host and other jails."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:107
msgid "Advantages of Thick Jails:"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:109
msgid ""
"High degree of isolation: Processes within the jail are isolated from the "
"host system and other jails."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:110
msgid ""
"Independence: Thick jails can have different versions of libraries, "
"configurations, and software than the host system or other jails."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:111
msgid ""
"Security: Since the jail contains its own base system, vulnerabilities or "
"issues affecting the jail environment will not directly impact the host or "
"other jails."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:113
msgid "Disadvantages of Thick Jails:"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:115
msgid ""
"Resource overhead: Because each jail maintains its own separate base system, "
"thick jails consume more resources compared to thin jails."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:116
msgid ""
"Maintenance: Each jail requires its own maintenance and updates for its base "
"system components."
msgstr ""

#. type: Title ==
#: documentation/content/en/books/handbook/jails/_index.adoc:118
#: documentation/content/en/books/handbook/jails/_index.adoc:432
#, no-wrap
msgid "Thin Jails"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:124
msgid ""
"A thin jail shares the base system using OpenZFS snapshots or NullFS mounts "
"from a template.  Only a minimal subset of base system is duplicated for "
"each thin jail, resulting in less resource consumption compared to a thick "
"jail.  However, this also means that thin jails have less isolation and "
"independence compared to thick jails.  Changes in shared components could "
"potentially affect multiple thin jails simultaneously."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:126
msgid ""
"In summary, a FreeBSD Thin Jail is a type of FreeBSD Jail that replicates a "
"substantial portion, but not all, of the base system within the isolated "
"environment."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:128
msgid "Advantages of Thin Jails:"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:132
msgid ""
"Resource Efficiency: Thin jails are more resource-efficient compared to "
"thick jails.  Since they share most of the base system, they consume less "
"disk space and memory.  This makes it possible to run more jails on the same "
"hardware without consuming excessive resources."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:134
msgid ""
"Faster Deployment: Creating and launching thin jails is generally faster "
"compared to thick jails.  This can be particularly advantageous when rapidly "
"deploying multiple instances."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:136
msgid ""
"Unified Maintenance: Since thin jails share the majority of their base "
"system with the host system, updates and maintenance of common base system "
"components (such as libraries and binaries) only need to be done once on the "
"host.  This simplifies the maintenance process compared to maintaining an "
"individual base system for each thick jail."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:138
msgid ""
"Shared Resources: Thin jails can more easily share common resources such as "
"libraries and binaries with the host system.  This can potentially lead to "
"more efficient disk caching and improved performance for applications within "
"the jail."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:140
msgid "Disadvantages of Thin Jails:"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:143
msgid ""
"Reduced Isolation: The primary disadvantage of thin jails is that they offer "
"less isolation compared to thick jails.  Since they share a significant "
"portion of the template's base system, vulnerabilities or issues affecting "
"shared components could potentially impact multiple jails simultaneously."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:144
msgid ""
"Security Concerns: The reduced isolation in thin jails could pose security "
"risks, as a compromise in one jail might have a greater potential to affect "
"other jails or the host system."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:146
msgid ""
"Dependency Conflicts: If multiple thin jails require different versions of "
"the same libraries or software, managing dependencies can become complex.  "
"In some cases, this might require additional effort to ensure compatibility."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:147
msgid ""
"Compatibility Challenges: Applications within a thin jail might encounter "
"compatibility issues if they assume a certain base system environment that "
"differs from the shared components provided by the template."
msgstr ""

#. type: Title ===
#: documentation/content/en/books/handbook/jails/_index.adoc:149
#, no-wrap
msgid "Service Jails"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:155
msgid ""
"A service jail shares the complete filesystem tree directly with the host "
"(the jail root path is [.filename]#/#) and as such can access and modify any "
"file on the host, and shares the same user accounts with the host.  By "
"default it has no access to the network or other resources which are "
"restricted in jails, but they can be configured to re-use the network of the "
"host and to remove some of the jail-restrictions.  The use case for service "
"jails is automatic confinement of services/daemons inside a jail with "
"minimal configuration, and without any knowledge of the files needed by such "
"service/daemon.  Service jails exist since FreeBSD 15."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:157
msgid "Advantages of Service Jails:"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:159
msgid ""
"Zero Administration: A service jail ready service needs only one config line "
"in [.filename]#/etc/rc.conf#, a service which is not service jails ready "
"needs two config lines."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:160
msgid ""
"Resource Efficiency: Service jails are more resource efficient than thin "
"jails, as they do not need any additional disk space or network resource."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:161
msgid ""
"Faster Deployment: Creating and launching service jails is generally faster "
"compared to thin jails if only distinct services/daemons shall be jailed and "
"no parallel instances of the same service/daemon is needed."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:163
msgid ""
"Shared Resources: Service jails share all resources such as libraries and "
"binaries with the host system.  This can potentially lead to more efficient "
"disk caching and improved performance for applications within the jail."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:164
msgid ""
"Process Isolation: Service jails isolate a particular service, it can not "
"see processes which are not a child of the service jail, even if they run "
"within the same user account."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:166
msgid "Disadvantages of Service Jails:"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:168
msgid ""
"Reduced Isolation: The primary disadvantage of service jails is that they "
"offer no filesystem isolation compared to thick or thin jails."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:169
msgid ""
"Security Concerns: The reduced isolation in service jails could pose "
"security risks, as a compromise in one jail might have a greater potential "
"to affect everything on the host system."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:173
msgid ""
"Most of the configuration of jails which is discussed below is not needed "
"for service jails.  To understand how jails work, it is recommended to "
"understand those configuration possibilities.  The details about what is "
"needed to configure a service jail is in crossref:jails[service-jails-"
"config, Configuring service jails]."
msgstr ""

#. type: Title ===
#: documentation/content/en/books/handbook/jails/_index.adoc:175
#, no-wrap
msgid "VNET Jails"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:180
msgid ""
"A FreeBSD VNET jail is a virtualized environment that allows for the "
"isolation and control of network resources for processes running within it.  "
"It provides a high level of network segmentation and security by creating a "
"separate network stack for processes within the jail, ensuring that network "
"traffic within the jail is isolated from the host system and other jails."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:183
msgid ""
"In essence, FreeBSD VNET jails add a network configuration mechanism.  This "
"means a VNET jail can be created as a Thick or Thin Jail."
msgstr ""

#. type: Title ===
#: documentation/content/en/books/handbook/jails/_index.adoc:185
#, no-wrap
msgid "Linux Jails"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:190
msgid ""
"A FreeBSD Linux Jail is a feature in the FreeBSD operating system that "
"enables the use of Linux binaries and applications within a FreeBSD jail.  "
"This functionality is achieved by incorporating a compatibility layer that "
"allows certain Linux system calls and libraries to be translated and "
"executed on the FreeBSD kernel.  The purpose of a Linux Jail is to "
"facilitate the execution of Linux software on a FreeBSD system without "
"needing a separate Linux virtual machine or environment."
msgstr ""

#. type: Title ==
#: documentation/content/en/books/handbook/jails/_index.adoc:192
#, no-wrap
msgid "Host Configuration"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:195
msgid ""
"Before creating any jail on the host system it is necessary to perform "
"certain configuration and obtain some information from the host system."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:197
msgid ""
"It will be necessary to configure the man:jail[8] utility, create the "
"necessary directories to configure and install jails, obtain information "
"from the host's network, and check whether the host uses OpenZFS or UFS as "
"its file system."
msgstr ""

#. type: delimited block = 4
#: documentation/content/en/books/handbook/jails/_index.adoc:201
msgid ""
"The FreeBSD version running in the jail can not be newer than the version "
"running in the host."
msgstr ""

#. type: Title ===
#: documentation/content/en/books/handbook/jails/_index.adoc:204
#, no-wrap
msgid "Jail Utility"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:207
msgid "The man:jail[8] utility manages jails."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:209
msgid "To start jails when the system boots, run the following commands:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:214
#, no-wrap
msgid ""
"# sysrc jail_enable=\"YES\"\n"
"# sysrc jail_parallel_start=\"YES\"\n"
msgstr ""

#. type: delimited block = 4
#: documentation/content/en/books/handbook/jails/_index.adoc:219
msgid ""
"With `jail_parallel_start`, all configured jails will be started in the "
"background."
msgstr ""

#. type: Title ===
#: documentation/content/en/books/handbook/jails/_index.adoc:222
#, no-wrap
msgid "Networking"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:225
msgid "Networking for FreeBSD jails can be configured several different ways:"
msgstr ""

#. type: Labeled list
#: documentation/content/en/books/handbook/jails/_index.adoc:226
#, no-wrap
msgid "Host Networking Mode (IP Sharing)"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:230
msgid ""
"In host networking mode, a jail shares the same networking stack as the host "
"system.  When a jail is created in host networking mode it uses the same "
"network interface and IP address.  This means that the jail does not have a "
"separate IP address, and its network traffic is associated with the host's "
"IP."
msgstr ""

#. type: Labeled list
#: documentation/content/en/books/handbook/jails/_index.adoc:231
#, no-wrap
msgid "Virtual Networks (VNET)"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:235
msgid ""
"Virtual Networks are a feature of FreeBSD jails that offer more advanced and "
"flexible networking solutions than a basic networking mode like host "
"networking.  VNET allows the creation of isolated network stacks for each "
"jail, providing them with their own separate IP addresses, routing tables, "
"and network interfaces.  This offers a higher level of network isolation and "
"allows jails to function as if they are running on separate virtual machines."
msgstr ""

#. type: Labeled list
#: documentation/content/en/books/handbook/jails/_index.adoc:236
#, no-wrap
msgid "The netgraph system"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:239
msgid ""
"man:netgraph[4] is a versatile kernel framework for creating custom network "
"configurations.  It can be used to define how network traffic flows between "
"jails and the host system and between different jails."
msgstr ""

#. type: Title ===
#: documentation/content/en/books/handbook/jails/_index.adoc:241
#, no-wrap
msgid "Setting Up the Jail Directory Tree"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:244
msgid "There is no specific place to put the files for the jails."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:247
msgid ""
"Some administrators use [.filename]#/jail#, others [.filename]#/usr/jail#, "
"and still others [.filename]#/usr/local/jails#.  In this chapter "
"[.filename]#/usr/local/jails# will be used."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:249
msgid ""
"Apart from [.filename]#/usr/local/jails# other directories will be created:"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:251
msgid ""
"[.filename]#media# will contain the compressed files of the downloaded "
"userlands."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:252
msgid ""
"[.filename]#templates# will contain the templates when using Thin Jails."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:253
msgid "[.filename]#containers# will contain the jails."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:255
msgid ""
"When using OpenZFS, execute the following commands to create datasets for "
"these directories:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:262
#, no-wrap
msgid ""
"# zfs create -o mountpoint=/usr/local/jails zroot/jails\n"
"# zfs create zroot/jails/media\n"
"# zfs create zroot/jails/templates\n"
"# zfs create zroot/jails/containers\n"
msgstr ""

#. type: delimited block = 4
#: documentation/content/en/books/handbook/jails/_index.adoc:267
msgid ""
"In this case, `zroot` was used for the parent dataset, but other datasets "
"could have been used."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:270
msgid ""
"When using UFS, execute the following commands to create the directories:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:277
#, no-wrap
msgid ""
"# mkdir /usr/local/jails/\n"
"# mkdir /usr/local/jails/media\n"
"# mkdir /usr/local/jails/templates\n"
"# mkdir /usr/local/jails/containers\n"
msgstr ""

#. type: Title ===
#: documentation/content/en/books/handbook/jails/_index.adoc:280
#, no-wrap
msgid "Jail Configuration Files"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:283
msgid "There are two ways to configure jails."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:286
msgid ""
"The first one is to add an entry for each jail to the file [.filename]#/etc/"
"jail.conf#.  The other option is to create a file for each jail in the "
"directory [.filename]#/etc/jail.conf.d/#."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:289
msgid ""
"In case a host system has few jails, an entry for each jail can be added in "
"the file [.filename]#/etc/jail.conf#.  If the host system has many jails, it "
"is a good idea to have one configuration file for each jail in the "
"[.filename]#/etc/jail.conf.d/# directory."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:291
msgid ""
"The files in [.filename]#/etc/jail.conf.d/# must have `.conf` as their "
"extension and have to be included in [.filename]#/etc/jail.conf#:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:295
#, no-wrap
msgid ".include \"/etc/jail.conf.d/*.conf\";\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:298
msgid "A typical jail entry would look like this:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:306
#, no-wrap
msgid ""
"jailname { <.>\n"
"  # STARTUP/LOGGING\n"
"  exec.start = \"/bin/sh /etc/rc\"; <.>\n"
"  exec.stop = \"/bin/sh /etc/rc.shutdown\"; <.>\n"
"  exec.consolelog = \"/var/log/jail_console_${name}.log\"; <.>\n"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:311
#, no-wrap
msgid ""
"  # PERMISSIONS\n"
"  allow.raw_sockets; <.>\n"
"  exec.clean; <.>\n"
"  mount.devfs; <.>\n"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:315
#, no-wrap
msgid ""
"  # HOSTNAME/PATH\n"
"  host.hostname = \"${name}\"; <.>\n"
"  path = \"/usr/local/jails/containers/${name}\"; <.>\n"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:321
#, no-wrap
msgid ""
"  # NETWORK\n"
"  ip4.addr = 192.168.1.151; <.>\n"
"  ip6.addr = ::ffff:c0a8:197 <.>\n"
"  interface = em0; <.>\n"
"}\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:324
msgid "`jailname` - Name of the jail."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:326
msgid ""
"`exec.start` - Command(s) to run in the jail environment when a jail is "
"created.  A typical command to run is \"/bin/sh /etc/rc\"."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:328
msgid ""
"`exec.stop` - Command(s) to run in the jail environment before a jail is "
"removed.  A typical command to run is \"/bin/sh /etc/rc.shutdown\"."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:329
msgid ""
"`exec.consolelog` - A file to direct command output (stdout and stderr) to."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:331
msgid ""
"`allow.raw_sockets` - Allow creating raw sockets inside the jail.  Setting "
"this parameter allows utilities like man:ping[8] and man:traceroute[8] to "
"operate inside the jail."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:332
msgid "`exec.clean` - Run commands in a clean environment."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:333
msgid ""
"`mount.devfs` - Mount a man:devfs[5] filesystem on the chrooted [.filename]#/"
"dev# directory, and apply the ruleset in the devfs_ruleset parameter to "
"restrict the devices visible inside the jail."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:334
msgid "`host.hostname` - The hostname of the jail."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:336
msgid ""
"`path` - The directory which is to be the root of the jail.  Any commands "
"that are run inside the jail, either by jail or from man:jexec[8], are run "
"from this directory."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:340
msgid ""
"`ip4.addr` - IPv4 address.  There are two configuration possibilities for "
"IPv4.  The first is to establish an IP or a list of IPs as has been done in "
"the example.  The other is to use `ip4` instead and set the `inherit` value "
"to inherit the host's IP address."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:344
msgid ""
"`ip6.addr` - IPv6 address.  There are two configuration possibilities for "
"IPv6.  The first is to establish an IP or a list of IPs as has been done in "
"the example.  The other is to use `ip6` instead and set the `inherit` value "
"to inherit the host's IP address."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:346
msgid ""
"`interface` - A network interface to add the jail's IP addresses.  Usually "
"the host interface."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:348
msgid ""
"More information about configuration variables can be found in man:jail[8] "
"and man:jail.conf[5]."
msgstr ""

#. type: Title ==
#: documentation/content/en/books/handbook/jails/_index.adoc:350
#, no-wrap
msgid "Classic Jail (Thick Jail)"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:354
msgid ""
"These jails resemble a real FreeBSD system.  They can be managed more or "
"less like a normal host system and updated independently."
msgstr ""

#. type: Title ===
#: documentation/content/en/books/handbook/jails/_index.adoc:356
#, no-wrap
msgid "Creating a Classic Jail"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:359
msgid ""
"In principle, a jail only needs a hostname, a root directory, an IP address, "
"and a userland."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:361
msgid ""
"The userland for the jail can be obtained from the official FreeBSD download "
"servers."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:363
msgid "Execute the following command to download the userland:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:367
#: documentation/content/en/books/handbook/jails/_index.adoc:462
#: documentation/content/en/books/handbook/jails/_index.adoc:566
#, no-wrap
msgid "# fetch https://download.freebsd.org/ftp/releases/amd64/amd64/{rel-latest}-RELEASE/base.txz -o /usr/local/jails/media/{rel-latest}-RELEASE-base.txz\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:370
msgid ""
"Once the download is complete, it will be necessary to extract the contents "
"into the jail directory."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:372
msgid ""
"Execute the following commands to extract the userland into the jail's "
"directory:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:377
#, no-wrap
msgid ""
"# mkdir -p /usr/local/jails/containers/classic\n"
"# tar -xf /usr/local/jails/media/{rel-latest}-RELEASE-base.txz -C /usr/local/jails/containers/classic --unlink\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:380
msgid ""
"With the userland extracted in the jail directory, it will be necessary to "
"copy the timezone and DNS server files:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:385
#, no-wrap
msgid ""
"# cp /etc/resolv.conf /usr/local/jails/containers/classic/etc/resolv.conf\n"
"# cp /etc/localtime /usr/local/jails/containers/classic/etc/localtime\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:388
msgid ""
"With the files copied, the next thing to do is update to the latest patch "
"level by executing the following command:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:392
#, no-wrap
msgid "# freebsd-update -b /usr/local/jails/containers/classic/ fetch install\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:396
#: documentation/content/en/books/handbook/jails/_index.adoc:506
msgid ""
"The last step is to configure the jail.  It will be necessary to add an "
"entry to the configuration file [.filename]#/etc/jail.conf# or in "
"[.filename]#jail.conf.d# with the parameters of the jail."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:398
#: documentation/content/en/books/handbook/jails/_index.adoc:508
msgid "An example would be the following:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:406
#, no-wrap
msgid ""
"classic {\n"
"  # STARTUP/LOGGING\n"
"  exec.start = \"/bin/sh /etc/rc\";\n"
"  exec.stop = \"/bin/sh /etc/rc.shutdown\";\n"
"  exec.consolelog = \"/var/log/jail_console_${name}.log\";\n"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:411
#: documentation/content/en/books/handbook/jails/_index.adoc:521
#: documentation/content/en/books/handbook/jails/_index.adoc:675
#, no-wrap
msgid ""
"  # PERMISSIONS\n"
"  allow.raw_sockets;\n"
"  exec.clean;\n"
"  mount.devfs;\n"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:415
#: documentation/content/en/books/handbook/jails/_index.adoc:525
#: documentation/content/en/books/handbook/jails/_index.adoc:890
#, no-wrap
msgid ""
"  # HOSTNAME/PATH\n"
"  host.hostname = \"${name}\";\n"
"  path = \"/usr/local/jails/containers/${name}\";\n"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:420
#, no-wrap
msgid ""
"  # NETWORK\n"
"  ip4.addr = 192.168.1.151;\n"
"  interface = em0;\n"
"}\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:423
#: documentation/content/en/books/handbook/jails/_index.adoc:533
#: documentation/content/en/books/handbook/jails/_index.adoc:698
msgid "Execute the following command to start the jail:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:427
#, no-wrap
msgid "# service jail start classic\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:430
#: documentation/content/en/books/handbook/jails/_index.adoc:541
msgid ""
"More information on how to manage jails can be found in the section "
"crossref:jails[jail-management, Jail Management]."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:438
msgid ""
"Although Thin Jails use the same technology as Thick Jails, the creation "
"procedure is different.  Thin jails can be created using OpenZFS snapshots "
"or using templates and NullFS.  The use of OpenZFS snapshots and templates "
"using NullFS have certain advantages over classic jails, such as being able "
"to create them faster from snapshots or being able to update multiple jails "
"using NullFS."
msgstr ""

#. type: Title ===
#: documentation/content/en/books/handbook/jails/_index.adoc:440
#, no-wrap
msgid "Creating a Thin Jail Using OpenZFS Snapshots"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:443
msgid ""
"Due to the good integration between FreeBSD and OpenZFS it is very easy to "
"create new Thin Jails using OpenZFS Snapshots."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:445
msgid ""
"To create a Thin Jail using OpenZFS Snapshots the first step is to create "
"the jail directory tree by following the instructions in crossref:jails[host-"
"configuration-directories, \"Setting up the Jail Directory Tree\"]."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:449
msgid ""
"Next, create a template.  Templates will only be used to create new jails.  "
"For this reason they are created in \"read-only\" mode so that jails are "
"created with an immutable base."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:451
msgid "To create the dataset for the template, execute the following command:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:455
#, no-wrap
msgid "# zfs create -p zroot/jails/templates/{rel-latest}-RELEASE\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:458
#: documentation/content/en/books/handbook/jails/_index.adoc:562
msgid "Then execute the following command to download the userland:"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:465
#: documentation/content/en/books/handbook/jails/_index.adoc:569
msgid ""
"Once the download is complete, it will be necessary to extract the contents "
"in the template directory by executing the following command:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:469
#, no-wrap
msgid "# tar -xf /usr/local/jails/media/{rel-latest}-RELEASE-base.txz -C /usr/local/jails/templates/{rel-latest}-RELEASE --unlink\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:472
msgid ""
"With the userland extracted in the templates directory, it will be necessary "
"to copy the timezone and DNS server files to the template directory by "
"executing the following command:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:477
#, no-wrap
msgid ""
"# cp /etc/resolv.conf /usr/local/jails/templates/{rel-latest}-RELEASE/etc/resolv.conf\n"
"# cp /etc/localtime /usr/local/jails/templates/{rel-latest}-RELEASE/etc/localtime\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:480
msgid ""
"The next thing to do is update to the latest patch level by executing the "
"following command:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:484
#, no-wrap
msgid "# freebsd-update -b /usr/local/jails/templates/{rel-latest}-RELEASE/ fetch install\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:487
msgid "Once the update is finished, the template is ready."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:489
msgid ""
"To create an OpenZFS Snapshot from the template, execute the following "
"command:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:493
#, no-wrap
msgid "# zfs snapshot zroot/jails/templates/{rel-latest}-RELEASE@base\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:496
msgid ""
"Once the OpenZFS Snapshot has been created, infinite jails can be created "
"using the OpenZFS clone function."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:498
msgid "To create a Thin Jail named `thinjail`, execute the following command:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:502
#, no-wrap
msgid "# zfs clone zroot/jails/templates/{rel-latest}-RELEASE@base zroot/jails/containers/thinjail\n"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:516
#: documentation/content/en/books/handbook/jails/_index.adoc:670
#, no-wrap
msgid ""
"thinjail {\n"
"  # STARTUP/LOGGING\n"
"  exec.start = \"/bin/sh /etc/rc\";\n"
"  exec.stop = \"/bin/sh /etc/rc.shutdown\";\n"
"  exec.consolelog = \"/var/log/jail_console_${name}.log\";\n"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:530
#, no-wrap
msgid ""
"  # NETWORK\n"
"  ip4 = inherit;\n"
"  interface = em0;\n"
"}\n"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:537
#: documentation/content/en/books/handbook/jails/_index.adoc:702
#, no-wrap
msgid "# service jail start thinjail\n"
msgstr ""

#. type: Title ===
#: documentation/content/en/books/handbook/jails/_index.adoc:543
#, no-wrap
msgid "Creating a Thin Jail Using NullFS"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:546
msgid ""
"A jail can be created with reduced duplication of system files by using the "
"Thin Jail technique and using NullFS to selectively share specific "
"directories from the host system into the jail."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:548
msgid ""
"The first step is to create the dataset to save the template, execute the "
"following command if using OpenZFS:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:552
#, no-wrap
msgid "# zfs create -p zroot/jails/templates/{rel-latest}-RELEASE-base\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:555
msgid "Or this one if using UFS:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:559
#, no-wrap
msgid "# mkdir /usr/local/jails/templates/{rel-latest}-RELEASE-base\n"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:573
#, no-wrap
msgid "# tar -xf /usr/local/jails/media/{rel-latest}-RELEASE-base.txz -C /usr/local/jails/templates/{rel-latest}-RELEASE-base --unlink\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:576
msgid ""
"Once the userland is extracted in the templates directory, it will be "
"necessary to copy the timezone and DNS server files to the template "
"directory by executing the following command:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:581
#, no-wrap
msgid ""
"# cp /etc/resolv.conf /usr/local/jails/templates/{rel-latest}-RELEASE-base/etc/resolv.conf\n"
"# cp /etc/localtime /usr/local/jails/templates/{rel-latest}-RELEASE-base/etc/localtime\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:584
msgid ""
"With the files moved to the template, the next thing to do is update to the "
"latest patch level by executing the following command:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:588
#, no-wrap
msgid "# freebsd-update -b /usr/local/jails/templates/{rel-latest}-RELEASE-base/ fetch install\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:592
msgid ""
"In addition to the base template, it is also necessary to create a directory "
"where the `skeleton` will be located.  Some directories will be copied from "
"the template to the `skeleton`."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:594
msgid ""
"Execute the following command to create the dataset for the `skeleton` in "
"case of using OpenZFS:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:598
#, no-wrap
msgid "# zfs create -p zroot/jails/templates/{rel-latest}-RELEASE-skeleton\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:601
msgid "Or this one in case of using UFS:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:605
#, no-wrap
msgid "# mkdir /usr/local/jails/templates/{rel-latest}-RELEASE-skeleton\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:609
msgid ""
"Then create the `skeleton` directories.  The `skeleton` directories will "
"hold the local directories of the jails."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:611
msgid "Execute the following commands to create the directories:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:621
#, no-wrap
msgid ""
"# mkdir -p /usr/local/jails/templates/{rel-latest}-RELEASE-skeleton/home\n"
"# mkdir -p /usr/local/jails/templates/{rel-latest}-RELEASE-skeleton/usr\n"
"# mv /usr/local/jails/templates/{rel-latest}-RELEASE-base/etc /usr/local/jails/templates/{rel-latest}-RELEASE-skeleton/etc\n"
"# mv /usr/local/jails/templates/{rel-latest}-RELEASE-base/usr/local /usr/local/jails/templates/{rel-latest}-RELEASE-skeleton/usr/local\n"
"# mv /usr/local/jails/templates/{rel-latest}-RELEASE-base/tmp /usr/local/jails/templates/{rel-latest}-RELEASE-skeleton/tmp\n"
"# mv /usr/local/jails/templates/{rel-latest}-RELEASE-base/var /usr/local/jails/templates/{rel-latest}-RELEASE-skeleton/var\n"
"# mv /usr/local/jails/templates/{rel-latest}-RELEASE-base/root /usr/local/jails/templates/{rel-latest}-RELEASE-skeleton/root\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:624
msgid ""
"The next step is to create the symlinks to the `skeleton` by executing the "
"following commands:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:635
#, no-wrap
msgid ""
"# cd /usr/local/jails/templates/{rel-latest}-RELEASE-base/\n"
"# mkdir skeleton\n"
"# ln -s skeleton/etc etc\n"
"# ln -s skeleton/home home\n"
"# ln -s skeleton/root root\n"
"# ln -s ../skeleton/usr/local usr/local\n"
"# ln -s skeleton/tmp tmp\n"
"# ln -s skeleton/var var\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:638
msgid ""
"With the `skeleton` ready, it will be necessary to copy the data to the jail "
"directory."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:640
msgid ""
"In case of using OpenZFS, OpenZFS snapshots can be used to easily create as "
"many jails as necessary by executing the following commands:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:645
#, no-wrap
msgid ""
"# zfs snapshot zroot/jails/templates/{rel-latest}-RELEASE-skeleton@base\n"
"# zfs clone zroot/jails/templates/{rel-latest}-RELEASE-skeleton@base zroot/jails/containers/thinjail\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:648
msgid ""
"In case of using UFS the man:cp[1] program can be used by executing the "
"following command:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:652
#, no-wrap
msgid "# cp -R /usr/local/jails/templates/{rel-latest}-RELEASE-skeleton /usr/local/jails/containers/thinjail\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:655
msgid ""
"Then create the directory in which the base template and the skeleton will "
"be mounted:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:659
#, no-wrap
msgid "# mkdir -p /usr/local/jails/thinjail-nullfs-base\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:662
msgid ""
"Add a jail entry in [.filename]#/etc/jail.conf# or a file in "
"[.filename]#jail.conf.d# as follows:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:679
#, no-wrap
msgid ""
"  # HOSTNAME/PATH\n"
"  host.hostname = \"${name}\";\n"
"  path = \"/usr/local/jails/${name}-nullfs-base\";\n"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:683
#, no-wrap
msgid ""
"  # NETWORK\n"
"  ip4.addr = 192.168.1.153;\n"
"  interface = em0;\n"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:687
#, no-wrap
msgid ""
"  # MOUNT\n"
"  mount.fstab = \"/usr/local/jails/${name}-nullfs-base.fstab\";\n"
"}\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:690
msgid ""
"Then the create the [.filename]#/usr/local/jails/thinjail-nullfs-base.fstab# "
"file as follows:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:695
#, no-wrap
msgid ""
"/usr/local/jails/templates/{rel-latest}-RELEASE-base  /usr/local/jails/thinjail-nullfs-base/ nullfs   ro          0 0\n"
"/usr/local/jails/containers/thinjail     /usr/local/jails/thinjail-nullfs-base/skeleton nullfs  rw  0 0\n"
msgstr ""

#. type: Title ===
#: documentation/content/en/books/handbook/jails/_index.adoc:705
#, no-wrap
msgid "Creating a VNET Jail"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:708
msgid ""
"FreeBSD VNET Jails have their own distinct networking stack, including "
"interfaces, IP addresses, routing tables, and firewall rules."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:710
msgid ""
"The first step to create a VNET jail is to create the man:bridge[4] by "
"executing the following command:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:714
#, no-wrap
msgid "# ifconfig bridge create\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:717
#: documentation/content/en/books/handbook/jails/_index.adoc:982
#: documentation/content/en/books/handbook/jails/_index.adoc:998
msgid "The output should be similar to the following:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:721
#, no-wrap
msgid "bridge0\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:724
msgid ""
"With the `bridge` created, it will be necessary to attach it to the `em0` "
"interface and bring both of them up by executing the following commands:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:729
#, no-wrap
msgid ""
"# ifconfig bridge0 addm em0 up\n"
"# ifconfig em0 up\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:732
msgid ""
"To make this setting persist across reboots, add the following lines to "
"[.filename]#/etc/rc.conf#:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:739
#, no-wrap
msgid ""
"defaultrouter=\"192.168.1.1\"\n"
"cloned_interfaces=\"bridge0\"\n"
"ifconfig_bridge0=\"inet 192.168.1.150/24 addm em0 up\"\n"
"ifconfig_em0=\"up\"\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:742
msgid ""
"For more information on bridging, see crossref:advanced-networking[network-"
"bridging, Network Bridging]."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:744
msgid "The next step is to create the jail as indicated above."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:748
msgid ""
"Either the crossref:jails[classic-jail, Classic Jail (Thick Jail)] procedure "
"and the crossref:jails[thin-jail, Thin Jails] procedure can be used.  The "
"only thing that will change is the configuration in the [.filename]#/etc/"
"jail.conf# file."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:750
msgid ""
"The path [.filename]#/usr/local/jails/containers/vnet# will be used as an "
"example for the created jail."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:752
msgid "The following is an example configuration for a VNET jail:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:758
#, no-wrap
msgid ""
"vnet {\n"
"  # STARTUP/LOGGING\n"
"  exec.consolelog = \"/var/log/jail_console_${name}.log\";\n"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:764
#, no-wrap
msgid ""
"  # PERMISSIONS\n"
"  allow.raw_sockets;\n"
"  exec.clean;\n"
"  mount.devfs;\n"
"  devfs_ruleset = 5;\n"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:768
#, no-wrap
msgid ""
"  # PATH/HOSTNAME\n"
"  path = \"/usr/local/jails/containers/${name}\";\n"
"  host.hostname = \"${name}\";\n"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:772
#, no-wrap
msgid ""
"  # VNET/VIMAGE\n"
"  vnet;\n"
"  vnet.interface = \"${epair}b\";\n"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:779
#, no-wrap
msgid ""
"  # NETWORKS/INTERFACES\n"
"  $id = \"154\"; <.>\n"
"  $ip = \"192.168.1.${id}/24\";\n"
"  $gateway = \"192.168.1.1\";\n"
"  $bridge = \"bridge0\"; <.>\n"
"  $epair = \"epair${id}\";\n"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:791
#, no-wrap
msgid ""
"  # ADD TO bridge INTERFACE\n"
"  exec.prestart  = \"/sbin/ifconfig ${epair} create up\";\n"
"  exec.prestart += \"/sbin/ifconfig ${epair}a up descr jail:${name}\";\n"
"  exec.prestart += \"/sbin/ifconfig ${bridge} addm ${epair}a up\";\n"
"  exec.start    += \"/sbin/ifconfig ${epair}b ${ip} up\";\n"
"  exec.start    += \"/sbin/route add default ${gateway}\";\n"
"  exec.start\t+= \"/bin/sh /etc/rc\";\n"
"  exec.stop\t= \"/bin/sh /etc/rc.shutdown\";\n"
"  exec.poststop = \"/sbin/ifconfig ${bridge} deletem ${epair}a\";\n"
"  exec.poststop += \"/sbin/ifconfig ${epair}a destroy\";\n"
"}\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:794
msgid "Represents the IP of the Jail, it must be *unique*."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:795
msgid "Refers to the bridge created previously."
msgstr ""

#. type: Title ===
#: documentation/content/en/books/handbook/jails/_index.adoc:797
#, no-wrap
msgid "Creating a Linux Jail"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:803
msgid ""
"FreeBSD can run Linux inside a jail using crossref:linuxemu[linuxemu,Linux "
"Binary Compatibility] and man:debootstrap[8].  Jails do not have a kernel.  "
"They run on the host's kernel.  Therefore it is necessary to enable Linux "
"Binary Compatibility in the host system."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:805
msgid "To enable the Linux ABI at boot time, execute the following command:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:809
#, no-wrap
msgid "# sysrc linux_enable=\"YES\"\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:812
msgid ""
"Once enabled, it can be started without rebooting by executing the following "
"command:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:816
#, no-wrap
msgid "# service linux start\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:821
msgid ""
"The next step will be to create a jail as indicated above, for example in "
"crossref:jails[creating-thin-jail-openzfs-snapshots, Creating a Thin Jail "
"Using OpenZFS Snapshots], but *without* performing the configuration.  "
"FreeBSD Linux jails require a specific configuration that will be detailed "
"below."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:823
msgid ""
"Once the jail has been created as explained above, execute the following "
"command to perform required configuration for the jail and start it:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:844
#, no-wrap
msgid ""
"# jail -cm \\\n"
"    name=ubuntu \\\n"
"    host.hostname=\"ubuntu.example.com\" \\\n"
"    path=\"/usr/local/jails/ubuntu\" \\\n"
"    interface=\"em0\" \\\n"
"    ip4.addr=\"192.168.1.150\" \\\n"
"    exec.start=\"/bin/sh /etc/rc\" \\\n"
"    exec.stop=\"/bin/sh /etc/rc.shutdown\" \\\n"
"    mount.devfs \\\n"
"    devfs_ruleset=4 \\\n"
"    allow.mount \\\n"
"    allow.mount.devfs \\\n"
"    allow.mount.fdescfs \\\n"
"    allow.mount.procfs \\\n"
"    allow.mount.linprocfs \\\n"
"    allow.mount.linsysfs \\\n"
"    allow.mount.tmpfs \\\n"
"    enforce_statfs=1\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:847
msgid ""
"To access the jail, it will be necessary to install package:sysutils/"
"debootstrap[]."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:849
msgid "Execute the following command to access the FreeBSD Linux jail:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:853
#, no-wrap
msgid "# jexec -u root ubuntu\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:856
msgid ""
"Inside the jail, execute the following commands to install package:sysutils/"
"debootstrap[] and prepare the Ubuntu environment:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:861
#, no-wrap
msgid ""
"# pkg install debootstrap\n"
"# debootstrap jammy /compat/ubuntu\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:865
msgid ""
"When the process has finished and the message `Base system installed "
"successfully` is displayed on the console, it will be necessary to stop the "
"jail from the host system by executing the following command:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:869
#, no-wrap
msgid "# service jail onestop ubuntu\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:872
msgid "Then add an entry in [.filename]#/etc/jail.conf# for the Linux jail:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:880
#, no-wrap
msgid ""
"ubuntu {\n"
"  # STARTUP/LOGGING\n"
"  exec.start = \"/bin/sh /etc/rc\";\n"
"  exec.stop = \"/bin/sh /etc/rc.shutdown\";\n"
"  exec.consolelog = \"/var/log/jail_console_${name}.log\";\n"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:886
#, no-wrap
msgid ""
"  # PERMISSIONS\n"
"  allow.raw_sockets;\n"
"  exec.clean;\n"
"  mount.devfs;\n"
"  devfs_ruleset = 4;\n"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:894
#, no-wrap
msgid ""
"  # NETWORK\n"
"  ip4.addr = 192.168.1.155;\n"
"  interface = em0;\n"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:904
#, no-wrap
msgid ""
"  # MOUNT\n"
"  mount += \"devfs     $path/compat/ubuntu/dev     devfs     rw  0 0\";\n"
"  mount += \"tmpfs     $path/compat/ubuntu/dev/shm tmpfs     rw,size=1g,mode=1777  0 0\";\n"
"  mount += \"fdescfs   $path/compat/ubuntu/dev/fd  fdescfs   rw,linrdlnk 0 0\";\n"
"  mount += \"linprocfs $path/compat/ubuntu/proc    linprocfs rw  0 0\";\n"
"  mount += \"linsysfs  $path/compat/ubuntu/sys     linsysfs  rw  0 0\";\n"
"  mount += \"/tmp      $path/compat/ubuntu/tmp     nullfs    rw  0 0\";\n"
"  mount += \"/home     $path/compat/ubuntu/home    nullfs    rw  0 0\";\n"
"}\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:907
msgid "Then the jail can be started as usual with the following command:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:911
#, no-wrap
msgid "# service jail start ubuntu\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:914
msgid "The Ubuntu environment can be accessed using the following command:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:918
#, no-wrap
msgid "# jexec ubuntu chroot /compat/ubuntu /bin/bash\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:921
msgid ""
"More information can be found in the chapter "
"crossref:linuxemu[linuxemu,Linux Binary Compatibility]."
msgstr ""

#. type: Title ===
#: documentation/content/en/books/handbook/jails/_index.adoc:923
#, no-wrap
msgid "Configuring Service Jails"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:930
msgid ""
"A service jail is configured completely via [.filename]#/etc/rc.conf# or "
"man:sysrc[8].  The base system services are service jails ready.  They "
"contain a config line which enables networking or lift other restrictions of "
"jails.  Base system services which do not make sense to run inside jails are "
"configured to not be started as a service jail, even if enabled in "
"[.filename]#/etc/rc.conf#.  Some examples of such a service are services "
"which want to mount or unmount something in the start of stop method, or "
"only configure something like a route, or firewall, or the like."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:932
msgid ""
"Third party services may or may not be service jails ready. To check if a "
"service is service jail ready, the following command can be used:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:936
#, no-wrap
msgid "# grep _svcj_options /path/to/rc.d/servicename\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:939
msgid ""
"If there is no output, the service is not service jail ready, or does not "
"need any additional privileges like for example, network access."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:941
msgid ""
"If the service is not service jail ready, and needs network access, it can "
"be made ready by adding the necessary config to [.filename]#/etc/rc.conf#:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:945
#, no-wrap
msgid "# sysrc servicename_svcj_options=net_basic\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:948
msgid "For all possible `_svcj_options` see the man:rc.conf[5] man-page."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:951
msgid ""
"To enable a service jail for a given service, the service needs to be "
"stopped and the `servicename_svcj` variable needs to be set to YES.  To put "
"man:syslogd[8] into a service jail, use the following sequence of commands:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:957
#, no-wrap
msgid ""
"# service syslogd stop\n"
"# sysrc syslogd_svcj=YES\n"
"# service syslogd start\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:961
msgid ""
"If the `servicename_svcj` variable is changed, the service needs to be "
"stopped before it is changed.  If it is not stopped, the rc framework will "
"not detect the correct state of the service and will not be able to do what "
"is requested."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:964
msgid ""
"Service jails are managed only via man:rc.conf[5]/man:sysrc[8] and the "
"man:service[8] command.  The jail utilities, like man:jls[8] as described in "
"crossref:jails[jail-management,Jail Management] can be used to investigate "
"the operation, but the man:jail[8] command is not supposed to be used to "
"manage them."
msgstr ""

#. type: Title ==
#: documentation/content/en/books/handbook/jails/_index.adoc:966
#, no-wrap
msgid "Jail Management"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:970
msgid ""
"Once the jail is created, there are a number of operations that can be "
"performed, like starting, rebooting or deleting the jail, installing "
"software in it, etc.  In this section the different actions that can be done "
"with jails from the host will be described."
msgstr ""

#. type: Title ===
#: documentation/content/en/books/handbook/jails/_index.adoc:972
#, no-wrap
msgid "List Running Jails"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:975
msgid ""
"To list the jails that are running on the host system, the command "
"man:jls[8] can be used:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:979
#, no-wrap
msgid "# jls\n"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:986
#, no-wrap
msgid ""
"   JID  IP Address      Hostname                      Path\n"
"     1  192.168.250.70  classic                       /usr/local/jails/containers/classic\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:989
msgid ""
"man:jls[8] supports the `--libxo` argument, which through the man:libxo[3] "
"library allows other types of formats to be displayed, such as `JSON`, "
"`HTML`, etc."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:991
msgid "For example, execute the following command to get the `JSON` output:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:995
#, no-wrap
msgid "# jls --libxo=json\n"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:1001
#, no-wrap
msgid "{\"__version\": \"2\", \"jail-information\": {\"jail\": [{\"jid\":1,\"ipv4\":\"192.168.250.70\",\"hostname\":\"classic\",\"path\":\"/usr/local/jails/containers/classic\"}]}}\n"
msgstr ""

#. type: Title ===
#: documentation/content/en/books/handbook/jails/_index.adoc:1004
#, no-wrap
msgid "Start, Restart, and Stop a Jail"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1007
msgid "man:service[8] is used to start, reboot, or stop a jail on the host."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1009
msgid "For example, to start a jail, run the following command:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:1013
#, no-wrap
msgid "# service jail start jailname\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1016
msgid ""
"Change the `start` argument to `restart` or `stop` to perform other actions "
"on the jail."
msgstr ""

#. type: Title ===
#: documentation/content/en/books/handbook/jails/_index.adoc:1018
#, no-wrap
msgid "Destroy a Jail"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1021
msgid ""
"Destroying a jail is not as simple as stopping the jail using man:service[8] "
"and removing the jail directory and [.filename]#/etc/jail.conf# entry."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1025
msgid ""
"FreeBSD takes system security very seriously.  For this reason there are "
"certain files that not even the root user can delete.  This functionality is "
"known as File Flags."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1027
msgid ""
"The first step is to stop the desired jail executing the following command:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:1031
#, no-wrap
msgid "# service jail stop jailname\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1034
msgid ""
"The second step is to remove these flags with man:chflags[1] by executing "
"the following command, in which `classic` is the name of the jail to remove:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:1038
#, no-wrap
msgid "# chflags -R 0 /usr/local/jails/containers/classic\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1041
msgid "The third step is to delete the directory where the jail was:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:1045
#, no-wrap
msgid "# rm -rf /usr/local/jails/containers/classic\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1048
msgid ""
"Finally, it will be necessary to remove the jail entry in [.filename]#/etc/"
"jail.conf# or in [.filename]#jail.conf.d#."
msgstr ""

#. type: Title ===
#: documentation/content/en/books/handbook/jails/_index.adoc:1050
#, no-wrap
msgid "Handle Packages in a Jail"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1053
msgid ""
"The man:pkg[8] tool supports the `-j` argument in order to handle packages "
"installed inside the jail."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1055
msgid ""
"For example, to install package:www/nginx-lite[] in the jail, the next "
"command can be executed *from the host*:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:1059
#, no-wrap
msgid "# pkg -j classic install nginx-lite\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1062
msgid ""
"For more information on working with packages in FreeBSD, see "
"crossref:ports[ports,\"Installing Applications: Packages and Ports\"]."
msgstr ""

#. type: Title ===
#: documentation/content/en/books/handbook/jails/_index.adoc:1064
#, no-wrap
msgid "Access a Jail"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1067
msgid ""
"While it has been stated above that it is best to manage jails from the host "
"system, a jail can be entered with man:jexec[8]."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1069
msgid "The jail can be entered by running man:jexec[8] from the host:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:1073
#, no-wrap
msgid "# jexec -u root jailname\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1076
msgid ""
"When gaining access to the jail, the message configured in man:motd[5] will "
"be displayed."
msgstr ""

#. type: Title ===
#: documentation/content/en/books/handbook/jails/_index.adoc:1078
#, no-wrap
msgid "Execute Commands in a Jail"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1081
msgid ""
"To execute a command from the host system in a jail the man:jexec[8] can be "
"used."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1083
msgid ""
"For example, to stop a service that is running inside a jail, the command "
"will be executed:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:1087
#, no-wrap
msgid "# jexec -l jailname service nginx stop\n"
msgstr ""

#. type: Title ==
#: documentation/content/en/books/handbook/jails/_index.adoc:1090
#, no-wrap
msgid "Jail Upgrading"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1093
msgid ""
"Upgrading FreeBSD Jails ensures that the isolated environments remain "
"secure, up-to-date, and in line with the latest features and improvements "
"available in the FreeBSD ecosystem."
msgstr ""

#. type: Title ===
#: documentation/content/en/books/handbook/jails/_index.adoc:1095
#, no-wrap
msgid "Upgrading a Classic Jail or a Thin Jail using OpenZFS Snapshots"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1100
msgid ""
"Jails *must be updated from the host* operating system.  The default "
"behavior in FreeBSD is to disallow the use of man:chflags[1] in a jail.  "
"This will prevent the update of some files so updating from within the jail "
"will fail."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1102
msgid ""
"To update the jail to the latest patch release of the version of FreeBSD it "
"is running, execute the following commands on the host:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:1107
#, no-wrap
msgid ""
"# freebsd-update -j classic fetch install\n"
"# service jail restart classic\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1111
msgid ""
"To upgrade the jail to a new major or minor version, first upgrade the host "
"system as described in crossref:cutting-edge[freebsdupdate-upgrade,"
"\"Performing Major and Minor Version Upgrades\"].  Once the host has been "
"upgraded and rebooted, the jail can then be upgraded."
msgstr ""

#. type: delimited block = 4
#: documentation/content/en/books/handbook/jails/_index.adoc:1115
msgid ""
"In case of upgrade from one version to another, it is easier to create a new "
"jail than to upgrade completely."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1118
msgid ""
"For example to upgrade from 13.1-RELEASE to 13.2-RELEASE, execute the "
"following commands on the host:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:1126
#, no-wrap
msgid ""
"# freebsd-update -j classic -r 13.2-RELEASE upgrade\n"
"# freebsd-update -j classic install\n"
"# service jail restart classic\n"
"# freebsd-update -j classic install\n"
"# service jail restart classic\n"
msgstr ""

#. type: delimited block = 4
#: documentation/content/en/books/handbook/jails/_index.adoc:1132
msgid ""
"It is necessary to execute the `install` step two times.  The first one "
"upgrades the kernel, and the second one upgrades the rest of the components."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1136
msgid ""
"Then, if it was a major version upgrade, reinstall all installed packages "
"and restart the jail again.  This is required because the ABI version "
"changes when upgrading between major versions of FreeBSD."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1138
msgid "From the host:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:1143
#, no-wrap
msgid ""
"# pkg -j jailname upgrade -f\n"
"# service jail restart jailname\n"
msgstr ""

#. type: Title ===
#: documentation/content/en/books/handbook/jails/_index.adoc:1146
#, no-wrap
msgid "Upgrading a Thin Jail Using NullFS"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1151
msgid ""
"Since Thin Jails that use NullFS share the majority of system directories, "
"they are very easy to update.  It is enough to update the template.  This "
"allows updating multiple jails at the same time."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1153
msgid ""
"To update the template to the latest patch release of the version of FreeBSD "
"it is running, execute the following commands on the host:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:1158
#, no-wrap
msgid ""
"# freebsd-update -b /usr/local/jails/templates/13.1-RELEASE-base/ fetch install\n"
"# service jail restart\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1162
msgid ""
"To upgrade the template to a new major or minor version, first upgrade the "
"host system as described in crossref:cutting-edge[freebsdupdate-upgrade,"
"\"Performing Major and Minor Version Upgrades\"].  Once the host has been "
"upgraded and rebooted, the template can then be upgraded."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1164
msgid ""
"For example, to upgrade from 13.1-RELEASE to 13.2-RELEASE, execute the "
"following commands on the host:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:1172
#, no-wrap
msgid ""
"# freebsd-update -b /usr/local/jails/templates/13.1-RELEASE-base/ -r 13.2-RELEASE upgrade\n"
"# freebsd-update -b /usr/local/jails/templates/13.1-RELEASE-base/ install\n"
"# service jail restart\n"
"# freebsd-update -b /usr/local/jails/templates/13.1-RELEASE-base/ install\n"
"# service jail restart\n"
msgstr ""

#. type: Title ==
#: documentation/content/en/books/handbook/jails/_index.adoc:1175
#, no-wrap
msgid "Jail Resource Limits"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1178
msgid ""
"Controlling the resources that a jail uses from the host system is a task to "
"be taken into account by the system administrator."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1180
msgid ""
"Use man:rctl[8] to manage the resources that a jail can use from the host "
"system."
msgstr ""

#. type: delimited block = 4
#: documentation/content/en/books/handbook/jails/_index.adoc:1184
msgid ""
"The `kern.racct.enable` tunable must be enabled at [.filename]#/boot/"
"loader.conf#."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1187
msgid "The syntax to limit the resources of a jail is as follows:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:1191
#, no-wrap
msgid "rctl -a jail:<jailname>:resource:action=amount/percentage\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1194
msgid ""
"For example, to limit the maximum RAM that a jail can access, run the "
"following command:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:1198
#, no-wrap
msgid "# rctl -a jail:classic:memoryuse:deny=2G\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1201
msgid ""
"To make the limitation persistent across reboots of the host system, it will "
"be necessary to add the rule to the [.filename]#/etc/rctl.conf# file as "
"follows:"
msgstr ""

#. type: delimited block . 4
#: documentation/content/en/books/handbook/jails/_index.adoc:1205
#, no-wrap
msgid "jail:classic:memoryuse:deny=2G/jail\n"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1208
msgid ""
"More information on resource limits can be found in the security chapter in "
"the crossref:security[security-resourcelimits,\"Resource Limits section\"]."
msgstr ""

#. type: Title ==
#: documentation/content/en/books/handbook/jails/_index.adoc:1210
#, no-wrap
msgid "Jail Managers and Containers"
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1213
msgid ""
"As previously explained, each type of FreeBSD Jail can be created and "
"configured manually, but FreeBSD also has third-party utilities to make "
"configuration and administration easier."
msgstr ""

#. type: Plain text
#: documentation/content/en/books/handbook/jails/_index.adoc:1215
msgid "Below is an incomplete list of the different FreeBSD Jail managers:"
msgstr ""

#. type: Block title
#: documentation/content/en/books/handbook/jails/_index.adoc:1216
#, no-wrap
msgid "Jail Managers"
msgstr ""

#. type: Table
#: documentation/content/en/books/handbook/jails/_index.adoc:1219
#, no-wrap
msgid "Name"
msgstr ""

#. type: Table
#: documentation/content/en/books/handbook/jails/_index.adoc:1219
#, no-wrap
msgid "License"
msgstr ""

#. type: Table
#: documentation/content/en/books/handbook/jails/_index.adoc:1219
#, no-wrap
msgid "Package"
msgstr ""

#. type: Table
#: documentation/content/en/books/handbook/jails/_index.adoc:1221
#, no-wrap
msgid "Documentation"
msgstr ""

#. type: Table
#: documentation/content/en/books/handbook/jails/_index.adoc:1222
#, no-wrap
msgid "BastilleBSD"
msgstr ""

#. type: Table
#: documentation/content/en/books/handbook/jails/_index.adoc:1223
#: documentation/content/en/books/handbook/jails/_index.adoc:1228
#: documentation/content/en/books/handbook/jails/_index.adoc:1238
#, no-wrap
msgid "BSD-3"
msgstr ""

#. type: Table
#: documentation/content/en/books/handbook/jails/_index.adoc:1224
#, no-wrap
msgid "package:sysutils/bastille[]"
msgstr ""

#. type: Table
#: documentation/content/en/books/handbook/jails/_index.adoc:1226
#, no-wrap
msgid "link:https://bastille.readthedocs.io/en/latest/[Documentation]"
msgstr ""

#. type: Table
#: documentation/content/en/books/handbook/jails/_index.adoc:1227
#, no-wrap
msgid "pot"
msgstr ""

#. type: Table
#: documentation/content/en/books/handbook/jails/_index.adoc:1229
#, no-wrap
msgid "package:sysutils/pot[]"
msgstr ""

#. type: Table
#: documentation/content/en/books/handbook/jails/_index.adoc:1231
#, no-wrap
msgid "link:https://pot.pizzamig.dev/[Documentation]"
msgstr ""

#. type: Table
#: documentation/content/en/books/handbook/jails/_index.adoc:1232
#, no-wrap
msgid "cbsd"
msgstr ""

#. type: Table
#: documentation/content/en/books/handbook/jails/_index.adoc:1233
#: documentation/content/en/books/handbook/jails/_index.adoc:1243
#, no-wrap
msgid "BSD-2"
msgstr ""

#. type: Table
#: documentation/content/en/books/handbook/jails/_index.adoc:1234
#, no-wrap
msgid "package:sysutils/cbsd[]"
msgstr ""

#. type: Table
#: documentation/content/en/books/handbook/jails/_index.adoc:1236
#, no-wrap
msgid "link:https://github.com/cbsd/cbsd[Documentation]"
msgstr ""

#. type: Table
#: documentation/content/en/books/handbook/jails/_index.adoc:1237
#, no-wrap
msgid "AppJail"
msgstr ""

#. type: Table
#: documentation/content/en/books/handbook/jails/_index.adoc:1239
#, no-wrap
msgid "package:sysutils/appjail[], for devel package:sysutils/appjail-devel[]"
msgstr ""

#. type: Table
#: documentation/content/en/books/handbook/jails/_index.adoc:1241
#, no-wrap
msgid "link:https://github.com/DtxdF/AppJail#getting-started[Documentation]"
msgstr ""

#. type: Table
#: documentation/content/en/books/handbook/jails/_index.adoc:1242
#, no-wrap
msgid "iocage"
msgstr ""

#. type: Table
#: documentation/content/en/books/handbook/jails/_index.adoc:1244
#, no-wrap
msgid "package:sysutils/iocage[]"
msgstr ""

#. type: Table
#: documentation/content/en/books/handbook/jails/_index.adoc:1246
#, no-wrap
msgid "link:https://freebsd.github.io/iocage/[Documentation]"
msgstr ""

#. type: Table
#: documentation/content/en/books/handbook/jails/_index.adoc:1247
#, no-wrap
msgid "ezjail"
msgstr ""

#. type: Table
#: documentation/content/en/books/handbook/jails/_index.adoc:1248
#, no-wrap
msgid "link:https://erdgeist.org/beerware.html[Beer Ware]"
msgstr ""

#. type: Table
#: documentation/content/en/books/handbook/jails/_index.adoc:1249
#, no-wrap
msgid "package:sysutils/ezjail[]"
msgstr ""

#. type: Table
#: documentation/content/en/books/handbook/jails/_index.adoc:1251
#, no-wrap
msgid "link:https://erdgeist.org/arts/software/ezjail/[Documentation]"
msgstr ""