FreeBSD Manual Pages
APPJAIL-QUICK(1) General Commands Manual APPJAIL-QUICK(1) NAME appjail-quick -- Create a pre-configured jail SYNOPSIS appjail quick name [options ...] DESCRIPTION The appjail quick utility creates and configures a jail. Basically, it configure the template that the jail uses with options that you specify after its name . Each option has its own responsibility, but in a nut- shell, it writes the template with other AppJail subcommands. Due to this flexibility, appjail quick provides a simple and fast approach to creating and recreating jails. The appjail-makejail(1)'s -o parameter and the appjail-makejail(5)'s OPTION instruction are essentially a wrapper for this command. Each parameter has a data type, can conflict with other options, can be specified multiple times, and can even have dependencies, that is, it needs another parameter to work correctly or even to take effect. DATA TYPES String Any character that is valid according to the option itself is valid. Integer Positive number, or in other words, [0-9]+. Boolean An option with no arguments is considered to be of type boolean. Options A parameter that contains subparameters. OPTIONS alias | alias="interface" Interface assigned to the jail. interface is used as the default interface for other options specified in Requires; If not defined, each option must define the interface to use, but is not a require- ment. It is recommended to configure an interface using this op- tion or at least one for each option listed in Requires, as the jail(8) framework may not perform any action. Type: String Multiple: No Conflicts (any) : - bridge - jng - vnet Requires (any) : - ip4 - ip4_inherit - ip4_disable - ip6 - ip6_inherit - ip6_disable - virtualnet Examples: - alias - alias="appjail0" boot Set the boot flag to the jail, so that appjail-startup(1) can start it, typically at startup. See also appjail-jail(1). Type: Boolean Multiple: No bridge="[type:]interface ... [bridge:bridge]" Create a bridge if it does not exist and attach one or more interfaces. See also appjail-bridge(1). Type: Options Parameters: - type: Interface type. Can be either epair or iface . If epair is used, two if_epair(4) interfaces, sa_interface that should be used by the host, and sb_interface that should be used by the jail, are created. If iface is used, an existing interface will be added as a member of bridge . Note that the MTU is obtained from the first interface (regardless of type) you specify, but you should first specify the iface type first, so that the bridge and other interfaces use the same MTU, a requirement of the if_bridge(4) driver. If an epair type is specified first, then the MTU specified by the DEFAULT_MTU parameter is used. epair is the default. - bridge: Use a different bridge than the one specified by the SHARED_BRIDGE parameter. Conflicts (any) : - alias Multiple: Yes Examples: - bridge="iface:em0 nginx" - bridge="nginx" - bridge="iface:em0 epair:nginx bridge:public" clone+jail="jail@snapshot" Create a new jail by cloning a ZFS snapshot of jail . Type: Options Parameters: - jail: Jail to create a ZFS snapshot for cloning. - snapshot: ZFS snapshot name. Conflicts (any) : - clone+release - copy - empty - import+jail - import+root - tiny+import - zfs+import+jail - zfs+import+root Multiple: No Examples: - clone+jail="jdb@snap1" clone+release="snapshot" Create a new jail by cloning a ZFS snapshot of a release. With this option only the linux+debootstrap and thick jail types can be used. Type: Options Parameters: - snapshot: ZFS snapshot name. Conflicts (any) : - clone+jail - copy - empty - import+jail - import+root - tiny+import - zfs+import+jail - zfs+import+root Multiple: No Examples: - clone+release="140release" container="[boot] [expose] [ext_if:interface] [logopts[:options]] [name:name] [on_if:interface]" Changes the behavior of the from option. Type: Options Parameters: - boot: Start the process in background using appjail-start(1). - expose: Expose the ports specified by the OCI image. - name: Container name. - ext_if, logopts, on_if: See the expose option. Multiple: No Examples: - container="boot expose name:Rick-Deckard" copy="jail" Create a new jail by copying another existing jail . Type: String Conflicts (any) : - clone+jail - clone+release - empty - import+jail - import+root - tiny+import - zfs-import+jail - zfs+import+root Multiple: No Examples: - copy="mysql" copydir="directory" Root directory used by the file and files options. If this option is not set, the directory specified by the DEFAULT_COPYDIR parameter is used. Type: String Multiple: No Examples: - copydir="/tmp/copydir-files" cpuset="cpu-list" Configure processor sets. See also appjail-cpuset(1). Type: String Multiple: No Examples: - cpuset="0-2" - cpuset="1,2,6-9" create_args="parameter=value" Set default parameters for the create stage. See also appjail-enable(1). Type: String Multiple: Yes Examples: - create_args="nginx_conf=/app/nginx.conf" defaultrouter="router" Create a static default route to this jail. Type: String Multiple: No Examples: - defaultrouter="192.168.0.1" defaultrouter6="router" The IPv6 equivalent of defaultrouter. device="rulespec" Add a DEVFS rule. See also appjail-devfs(1). Type: String Multiple: Yes Examples: - device="path bpf unhide" - device="path 'mixer*' unhide" devfs_ruleset=ruleset devfs ruleset number that is enforced for mounting devfs(5) in this jail. We recommend using the device option to dynamically assign a devfs ruleset number. Type: Number Multiple: No Requires (any) : - mount_devfs - linuxfs Examples: - devfs_ruleset=10 dhcp="interface" Configure interface using DHCP. You must unhide the bpf device for this jail for dhclient(8) to work without problems. Type: String Multiple: Yes Requires (any) : - bridge - jng - vnet Examples: - dhcp="sb_nginx" - dhcp="ng0_nginx" empty Create an empty jail. Type: Boolean Multiple: No Conflicts (any) : - clone+jail - clone+release - copy - import+jail - import+root - tiny+import - zfs+import+jail - zfs+import+root expose="hport[:jport] [descr:description] [ext_if:interface] [logopts[:options]] [network:network] [on_if:interface] [proto:protocol]" Perform port forwarding. See also appjail-expose(1). Type: Options Parameters: - hport: Host or external port. hport can be specified using a symbolic name as described in services(5). - jport: Port currently listening to the application within the jail. If not set, hport is used. jport can be specified using a symbolic name as described in services(5). - descr: Service description. - ext_if: Interface to obtain the external IPv4 address. If not set, the interface specified by the EXT_IF parameter is used. - logopts: Firewall-specific logging options. Logging can be enabled without providing any arguments. - network: Network to obtain the jail's IPv4 address. If not set, the default network defined by the default subparameter of the virtualnet option is used. If you don't specify a network using this subparameter or even none is marked as default, an error will be raised. - on_if: Apply rules to packets coming in on, or going out through, this interface. If not set, the interface specified by the ON_IF parameter is used. - proto: Protocol, that is, tcp or udp. The default is tcp. Multiple: Yes Requires (any) : - virtualnet Examples: - expose="80" - expose="8080:80 \"descr:NGINX service\" logopts" file="file" File to copy to jail. copydir affects this parameter: if copydir is /tmp/copydir-files and you specify file to be /etc/rc.conf , the real path is /tmp/copydir-files/etc/rc.conf . This option copies file as is, that is, with metadata such as permissions, owner and group, and will even create the necessary directories before the file, e.g. if file is set to /etc/rc.conf , /etc is created before rc.conf is copied. Type: String Multiple: Yes Examples: - file="/etc/rc.conf" files="file" Reads file assuming each line is a file to be copied. See file for more details. Type: String Multiple: Yes Examples: - files="/tmp/files.lst" from="image" Creates a jail using an OCI image. It also creates a container linked to the jail, so that if an attempt is made to destroy the jail using appjail-jail(1) destroy the container is destroyed. This option also implicitly sets the empty option. By default, the container name is randomly generated unless you specify one using the name suboption of the container option. The volumes and labels specified by the OCI image are also created as AppJail volumes and labels. Since the volume name must be unique in AppJail, a bit of magic is performed: _ character will be __, / character will be _, the first character is removed, any character other than [a-zA-Z0-9_-] will be -, and the resulting string will be concatenated with the string appjail-<short-hash> where <short-hash> will be a SHA256-HASH of 10 digits created using the mount point of the volume before processing, so for example, if the volume specified by the OCI image is /srv the resulting volume name will be appjail-48d1ecb1ac-srv. The ports defined by this image that are to be exposed are also set, but by default they are not exposed unless the expose suboption of the container option is specified. The jail type will always be thick regardless of the operating system, the release is the one specified by the release option or the default when none is specified, the architecture and the operating system version are also set. For the architecture a "translation" is performed: 386 will be i386, ppc64le|ppc64 will be powerpc and riscv64 will be riscv. If the operating system is freebsd, AppJail will try to get the FreeBSD version using freebsd-version(1) without the patch level, and if this fails AppJail will try to get the version using uname(1) -r without the patch level and if this fails it will use the operating system name as the operating system version. It uses uname(1) -r to get the OS version when it is not freebsd and if it fails, the OS name is used as the alternate version. Type: String Multiple: No Examples: - from="docker.io/dtxdf007/freebsd" fstab="device mountpoint [type] [options] [dump] [pass]" Creates an appjail-fstab(1)'s entry. See also appjail-fstab(1) and fstab(5). Type: Options Parameters: - device: Describes the special device or remote file system to be mounted. - mountpoint: Describes the mount point for the file system. - type: Describes the type of the file system. - options: Describes the mount point options associated with the file system. - dump: This field is used for these file systems by the dump(8) command to determine which file systems need to be dumped. - pass: This field is used by the fsck(8) and quotacheck(8) programs to determine the order in which file system and quota checks are done at reboot time. Multiple: Yes Examples: - fstab="/tmp /tmp" - fstab="/usr/local/www /usr/local/www" - fstab="/dev/da0s1 /mnt msdosfs" healthcheck="[health_cmd:command] [interval:seconds] [kill_after:seconds] [name:name] [recover_cmd:command] [recover_kill_after:seconds] [recover_timeout:seconds] [recover_timeout_signal:signal] [recover_total:number] [retries:number] [start_period:seconds] [timeout:seconds] [timeout_signal:signal]" Creates a healthchecker. See also appjail-healthcheck(1) and appjail.conf(5). Type: Options Parameters: - health_cmd: Command to evaluate the jail's health. Prefix command with host: to run the command from the host or with jail: to run the command from the jail. - interval: Interval to check the jail's health. - kill_after: Send a SIGKILL signal to the process created by health_cmd command after seconds has been reached only if it is still running. - name: Healthchecker name. - recover_cmd: Command to heal the jail if it is considered to be failing. Prefix command with host: to run the command from the host or with jail: to run the command from the jail. - recover_kill_after: Send a SIGKILL signal to the process created by recover_cmd command after seconds has been reached only if it is still running. - recover_timeout: Send the signal specified by recover_timeout_signal to the process created by recover_cmd command after seconds has been reached only if it is still running. - recover_timeout_signal: Signal to send on timeout. - recover_total: The maximum number of attempts reached before the jail is considered unhealthy. - retries: Number of attempts to heal the jail when it is failing and to start the recover_cmd command. - start_period: Delay before running the healthchecker. - timeout: Send the signal specified by timeout_signal to the process created by health_cmd command after seconds has been reached only if it is still running. - timeout_signal: Signal to send on timeout. Multiple: Yes Examples: - healthcheck - healthcheck='"health_cmd:jail:service nginx status" "recover_cmd:jail:service nginx restart"' ifconfig="interface:options" ifconfig(8) options to pass to the specified interface. Type: Options Parameters: - interface: Target interface. - options: ifconfig(8) options. Multiple: Yes Requires (any) : - bridge - jng - vnet Examples: - ifconfig="sb_nginx:192.168.0.114/24" ifconfig6 The IPv6 equivalent of ifconfig. import+jail="input:file [portable] [compress:algo]" Create a new jail by importing a tarball file into the jail directory. Type: Options Parameters: - input: Tarball file. - portable: Ignored, but used by import+root. - compress: Ignored, but used by zfs+import+jail and zfs+import+root. Multiple: No Examples: - import+jail="input:/tmp/web3.txz" import+root="input:file [portable] [compress:algo]" Create a new jail by importing a tarball file into the root directory of the jail. Type: Options Parameters: - input: Tarball file. - portable: Include only portable files. These are the jail directory, the configuration file describing the jail, the initscript and volumes. This is used by appjail-image(1). - compress: Ignored, but used by zfs+import+root and zfs+import+root. Multiple: No Examples: - import+root="input:/tmp/web3.tgz" initscript="file" Custom InitScript. Note that this option is meaningless in a Makejail, as the InitScript is overwritten when generating one. See also appjail-initscript(5). Type: String Multiple: No Examples: - initscript="/tmp/initscript" ip4="ip4-address" | ip4="interface|ip4-address" IPv4 address assigned to the jail. The IPv4 address is assigned to the interface or to the interface specified by the alias option. See also the alias option for more details. See also jail(8). Type: String Multiple: Yes Conflicts (any) : - ip4_inherit - ip4_disable Requires (any) : - alias ip4_disable Stop the jail from using IPv4 entirely. Type: Boolean Multiple: No Conflicts (any) : - ip4 - ip4_inherit - virtualnet Requires (any) : - alias ip4_inherit Allow unrestricted access to all addresses on the system. Type: Boolean Multiple: No Conflicts (any) : - ip4 - ip4_disable - virtualnet Requires (any) : - alias ip6, ip6_disable, ip6_inherit Counterpart of ip4, ip4_disable and ip4_inherit. jng="name [iface:]interface ... [bridge:bridge]" Use Netgraph with the jng script. This script will create Netgraph nodes such as ng_bridge(4) and ng_eiface(4). The bridge will be named interfacebridge and the nodes ng0_name, ng1_name ... ngN_name. You need to install the jng script before using this option. Run `install -m 555 /usr/share/examples/jails/jng /usr/local/bin/jng' to install it. Type: Options Parameters: - name: Name of links. - iface: An existing interface to use. - bridge: A secondary bridge is created when the bridge name is different from bridge. Multiple: Yes Conflicts (any) : - alias Examples: - jng="myjail jext" label="key[:value]" Add a new label to the jail. See also appjail-label(1). limits="rule [descr:description]" Add a resource limit rule to the jail. See also appjail-limits(1). Type: Options Parameters: - rule: rctl(8)'s rule. - descr: Rule description. Multiple: Yes Examples: - limits="vmemoryuse:deny=1g" linuxfs Mount filesystems required by many Linux distributions to work correctly. You probably want to set the devfs_ruleset option (unless you specify the devices by option with device) to another value because LinuxJail will not work with the default value specified by the DEFAULT_DEVFS_RULESET parameter. The following mount points are used: /dev, /dev/shm, /dev/fd, /proc and /sys. Type: Boolean Multiple: No Conflicts (any) : - mount_devfs login Log in to the jail after starting it with the start option. See also appjail-login(1). Type: Boolean Multiple: No Requires (any) : - start login_user="username" Log in as username with the login option. If not specified, the user specified by the DEFAULT_LOGIN_USER parameter is used. Type: Boolean Multiple: No macaddr="interface:addr" | macaddr="interface:random" | macaddr="interface:static[:prefix]" Changes the MAC address of a given interface. Type: Options Parameters: - interface: Target interface to change MAC address. - addr: Mac Address. Two special values are accepted, that is, random to use a random MAC address, and static, which optionally accepts a MAC address prefix of 8 bytes in length. The special value static generates a MAC address using the jail name and if prefix is defined, it will be used as a prefix of the MAC address. Multiple: Yes Requires (any) : - bridge - jng - vnet Examples: - macaddr="sb_nginx:aa-bb-cc-dd-ee-ff" - macaddr="sb_apache:aa:bb:cc:aa:10:fe" - macaddr="sb_jtest:random" - macaddr="em1:static" - macaddr="em0:static:ab:cd:ef" mount_devfs Mount a devfs(5) filesystem on the chrooted /dev directory, and apply the ruleset specified by devfs_ruleset option to restrict the devices visible inside the jail. If you don't specify devfs_ruleset, but do specify the device option, appjail quick will assign a ruleset number automatically. Type: Boolean Multiple: No Conflicts (any) : - linuxfs nat | nat="[ext_if:interface] [logopts[:options]] [network:network] [on_if:interface]" Mask the jail's IPv4 address using the ext_if's interface on the on_if's interface. Type: Options Parameters: - ext_if: Interface to obtain the external IPv4 address. If not set, the interface specified by the EXT_IF parameter is used. - logopts: Firewall-specific logging options. Logging can be enabled without providing any arguments. - network: Network to obtain the jail's IPv4 address. If not set, the default network defined by the default subparameter of the virtualnet option is used. If you don't specify a network using this subparameter or even none is marked as default, an error will be raised. - on_if: Apply rules to packets coming in on, or going out through, this interface. If not set, the interface specified by the ON_IF parameter is used. Multiple: Yes Requires (any) : - virtualnet network="name address [description]" Create a new network if it does not exist. Type: Options Parameters: - name: Network name. - address: Network address. - description Description of the network. Multiple: Yes Examples: - network="dns 172.0.0.0/10 \"DNS network\"" noboot Don't use the boot option. Type: Boolean Multiple: No nomount_devfs Don't use the mount_devfs option. Type: Boolean Multiple: No nonat | nonat="[ext_if:interface] [network:network] [on_if:interface]" Don't perform NAT on the jail with the given parameters. Type: Options Multiple: Yes Parameters: - ext_if: Interface to obtain the external IPv4 address. If not set, the interface specified by the EXT_IF parameter is used. - network: Network to obtain the jail's IPv4 address. If not set, the default network defined by the default subparameter of the virtualnet option is used. If you don't specify a network using this subparameter or even none is marked as default, an error will be raised. - on_if: Apply rules to packets coming in on, or going out through, this interface. If not set, the interface specified by the ON_IF parameter is used. nologin Don't use the login option. Type: Boolean Multiple: No nooverwrite Don't use the overwrite option. Type: Boolean Multiple: No noresolv_conf Don't use the resolv_conf option. Type: Boolean Multiple: No norestart Don't use the restart option. Type: Boolean Multiple: No norun Don't use the run option. Type: Boolean Multiple: No nostart Don't use the start option. Type: Boolean Multiple: No notzdata Don't use the tzdata option. Type: Boolean Multiple: No osarch="architecture" Specify the architecture to use in the jail. If this option is not set, the architecture specified by the FREEBSD_ARCH parameter is used. Type: String Multiple: No osversion="version" Specify the version of the operating system to use in the jail. If this option is not set, the version specified by the FREEBSD_VERSION parameter is used. Type: String Multiple: No overwrite | overwrite="force|recursive|force+recursive" Stop and destroy the jail if it exists. With force , appjail quick will forcibly unmount datasets and with recursive , appjail quick will recursively destroy all dependents, including cloned file systems outside the target hierarchy. To use both options, use force+recursive . force, recursive and force+recursive do nothing when ZFS is not enabled. Type: String Multiple: No pkg="package" Install a package. Type: String Multiple: Yes priority="priority" Priority number. If this option is not set, the priority specified by the DEFAULT_PRIORITY parameter is used. See also appjail-startup(1). Type: String Multiple: No release="release" Specify the release to use in the jail. If this option is not set, the release specified by the DEFAULT_RELEASE parameter is used. See also appjail-fetch(1). Type: String Multiple: No resolv_conf | resolv_conf="file" Copy a resolv.conf(5) file to the jail. If this option is used without arguments, the resolv.conf(5) file specified by the DEFAULT_RESOLV_CONF parameter is used. Type: String Multiple: No restart Restart the jail after starting it with the start option. Type: Boolean Multiple: No run Run the cmd stage after starting the jail with the start option. Type: Boolean Multiple: No run_args="parameter=value" Set default parameters for the cmd stage. See also appjail-enable(1). Type: String Multiple: Yes run_env="name=value" Set default environment variables for the cmd stage. See also appjail-enable(1). Type: String Multiple: Yes slaac="interface" Configure interface using SLAAC. Type: String Multiple: Yes Requires (any) : - bridge - jng - vnet Examples: - slaac="sb_mariadb" - slaac="ng1_httpd" start Start the jail after its creation. Type: Boolean Multiple: No start_args="parameter=value" Set default parameters for the start stage. See also appjail-enable(1). Type: String Multiple: Yes start_env="name=value" Set default environment variables for the start stage. See also appjail-enable(1). Type: String Multiple: Yes stop_args="parameter=value" Set default parameters for the stop stage. See also appjail-enable(1). Type: String Multiple: Yes stop_env="name=value" Set default environment variables for the stop stage. See also appjail-enable(1). Type: String Multiple: Yes template="template" Template file. If not specified, the template file specified by the DEFAULT_TEMPLATE parameter is used. Type: String Multiple: No tiny+import="file" Create a new jail by importing a TinyJail. Type: String Multiple: No Conflicts (any) : - clone+jail - clone+release - copy - empty - import+jail - import+root - zfs+import+jail - zfs+import+root tmpdir Create a directory and an appjail-fstab(5)'s entry to mount /tmp within the jail. The directory is created with permissions `1777'. Type: Boolean Multiple: No Conflicts (any) : - x11 type Type on which the jail is based. The default is thin. See also appjail-jail(1). Type: String Multiple: No Examples: - type="thin" - type="thick" - type="linux+debootstrap" tzdata | tzdata="zoneinfo-name" Copy a tzfile(5) file to the jail. If this option is used without arguments, /etc/localtime is used. If set, a symlink is created inside the jail as /etc/localtime . If this option is not set, the tzfile(5) specified by the DEFAULT_TIMEZONE parameter is used. Type: String Multiple: No Examples: - tzdata="America/Caracas" virtualnet="[network]:interface [default] [address:ipv4-address] [interface_desc:description]" Create a bridge called network and attach interface to it. Additionally, assign an IPv4 address from the network address pool. Type: Options Parameters: - network: Network to use. If specified, network must exist previously created using the network option or using the appjail-network(1) command. If not set, appjail quick will create a network using parameters such as AUTO_NETWORK_ADDR, AUTO_NETWORK_NAME, and AUTO_NETWORK_DESC. We recommend leaving this responsibility to appjail quick to automatically create the network, but check if the AUTO_* parameters are okay for your environment and change them if necessary. - interface: if_epair(4) interface to create. There are two special names for the interface name, <name>, to use the jail name, and <random> to use a random hexadecimal string. We recommend <random> instead of <name> as the latter can cause problems when the jail name and interface name are incompatible. - default: Mark this network as default, so options like expose and nat can use it without explicitly specifying it. - address: Static IPv4 address that must be valid for network . If not set, an address is assigned automatically. - interface_desc: Interface description. Multiple: Yes Examples: - virtualnet="web:nginx default \"interface_desc:Interface used by the nginx jail.\"" - virtualnet="db:mariadb address:10.42.0.17" - virtualnet=":<random> default" - virtualnet=":<name> default" vnet="interface" A network interface to give to a vnet-enabled jail after is it created. The interface will automatically be released when the jail is removed. Type: String Multiple: Yes Conflicts (any) : - alias volume="volume [group:gid] [mountpoint:mountpoint] [owner:uid] [perm:mode] [type:type]" Create a new volume. See also appjail-volume(1). Type: Options Parameters: - volume: Volume name. - group: volume's group ID. - mountpoint: Path within the jail to mount the volume. - owner: volume's user ID. - perm: volume's file mode. - type: File system type. Multiple: Yes x11 Create a directory and an appjail-fstab(5)'s entry to mount /tmp/.X11-unix within the jail. The directory is created with permissions `1777'. Type: Boolean Multiple: No Conflicts (any) : - tmpdir zfs+import+jail="input:file [compress:algo]" Create a new jail by importing a ZFS image into the jail directory. Type: Options Parameters: - input: ZFS image. - compress: Change the compression algorithm. Automatic detection of the algorithm used by the ZFS image is performed, but if it fails or you need to change for some reason, you do so using this subparameter. Multiple: No Conflicts (any) : - clone+jail - clone+release - copy - empty - import+jail - import+root - tiny+import - zfs+import+root zfs+import+root="input:file [compress:algo]" Create a new jail by importing a ZFS image into the root directory of the jail. Type: Options Parameters: - input: ZFS image. - compress: Change the compression algorithm. Automatic detection of the algorithm used by the ZFS image is performed, but if it fails or you need to change for some reason, you do so using this subparameter. Multiple: No Conflicts (any) : - clone+jail - clone+release - copy - empty - import+jail - import+root - tiny+import - zfs+import+jail DIRTY JAIL If you create a jail with appjail quick, the jail is marked as dirty until you finish creating it. Creation implies that all options used implicitly or explicitly are done. Keep this in mind when using options like login, as the jail is dirty until the session ends. See appjail-jail(1) for more details, but basically this means that appjail quick considers that this jail failed in some way and can proceed to remove it without the user's permission. EXAMPLES The following examples show how to use appjail quick and assume that you have some things like the loopback interface used by LinuxJails or that you already have the components downloaded by appjail-fetch(1) to create jails. See appjail-tutorial(7) if you want more information on how to configure these things. Example 1: Basic Usage # appjail quick jtest start overwrite=force Example 2: Virtual Networks # appjail quick jtest overwrite=force start virtualnet=":<random> default" nat Example 3: LinuxJails # appjail quick ubuntu \ start \ overwrite=force \ osversion=jammy \ type=linux+debootstrap \ linuxfs \ device='include $devfsrules_hide_all' \ device='include $devfsrules_unhide_basic' \ device='include $devfsrules_unhide_login' \ device='path shm unhide' \ device="path 'shm/*' unhide" \ template=/usr/local/share/examples/appjail/templates/linux.conf Example 4: LinuxJails & Virtual Networks # appjail quick ubuntu \ start \ overwrite=force \ osversion=jammy \ type=linux+debootstrap \ linuxfs \ device='include $devfsrules_hide_all' \ device='include $devfsrules_unhide_basic' \ device='include $devfsrules_unhide_login' \ device='path shm unhide' \ device="path 'shm/*' unhide" \ template=/usr/local/share/examples/appjail/templates/linux.conf \ virtualnet=":appjail0 default" \ nat \ alias EXIT STATUS The appjail quick utility exits 0 on success, and >0 if an error oc- curs. SEE ALSO appjail(1) appjail-jail(1) appjail-makejail(1) appjail.conf(5) appjail-template(5) appjail-makejail(5) AUTHORS Jess Daniel Colmenares Oviedo <DtxdF@disroot.org> CAVEATS Most of the options described in this document are executed after the jail performs some specific operation, e.g. start or stop it. FreeBSD Ports 14.quarterly March 30, 2024 APPJAIL-QUICK(1)
NAME | SYNOPSIS | DESCRIPTION | DATA TYPES | OPTIONS | DIRTY JAIL | EXAMPLES | EXIT STATUS | SEE ALSO | AUTHORS | CAVEATS
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=appjail-quick&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>