FreeBSD Manual Pages
APPJAIL.CONF(5) File Formats Manual APPJAIL.CONF(5) NAME appjail.conf -- Configuration parameters for AppJail SYNOPSIS /usr/local/etc/appjail/appjail.conf DESCRIPTION The appjail(1) utility uses some defaults that are safe for most envi- ronments, but you can change any parameters described below to adapt it to your needs. appjail.conf is a file that contains the parameters that control the operation of appjail(1). Note that this file is an sh(1) script. PATH PARAMETERS PREFIX Root prefix used by other directories. Default: /usr/local LOGDIR Location of log files. Default: /var/log/appjail JAILDIR Location of jail root directories. Default: ${DATADIR}/jails TMPDIR Location of temporary files. It is highly recommended to use tmpfs(5) as the files written here are ephemeral and are not needed after a system reboot. Additionally, some AppJail opera- tions (e.g. healthcheckers) may be using this directory during their execution, so if a power outage occurs and after the sys- tem reboots, those files will be there anyway (garbage). Default: ${CACHEDIR}/tmp/.appjail GLOBAL_GIT_CACHEDIR Location of repositories when using the git method in a Makejail file. Default: ${CACHEDIR}/git HOOKSDIR Location of hooks. This directory must have two subdirectories, pre.d for executables to be run before executing the subcommand, and post.d for executables to be run after executing the subcom- mand. SYSTEM DIRECTORIES PARAMETERS SHAREDIR Location of shared files. Default: ${PREFIX}/share/appjail COMMANDS Location of AppJail commands. Default: ${SHAREDIR}/cmd FILESDIR Location of files used by AppJail. Default: ${SHAREDIR}/files LIBDIR Location of libraries (scripts that contains functions) used by AppJail and their commands. Default: ${SHAREDIR}/lib SCRIPTSDIR Location of scripts used by AppJail. Default: ${SHAREDIR}/scripts UTILDIR Location of utilities used by AppJail. Default: ${PREFIX}/libexec/appjail MAKEJAILDIR Directory used by appjail-makejail(1) command. Default: ${SHAREDIR}/makejail MAKEJAIL_COMMANDS Location of Makejail commands. Default: ${MAKEJAILDIR}/cmd MAKEJAIL_WCOMMANDS Location of generators for the creation of the initscript. Default: ${MAKEJAILDIR}/write DATADIR Location of files generated by AppJail. Default: ${PREFIX}/appjail CACHEDIR Location of data that can be reused later. Default: ${DATADIR}/cache NETWORKDIR Location of network's files such as their parameters. Default: ${DATADIR}/networks RELEASEDIR Location of releases created using FreeBSD components or similar (e.g.: debootstrap). Default: ${DATADIR}/releases COMPONENTSDIR Location of FreeBSD components <base.txz, lib32.txz, ...> Default: ${CACHEDIR}/components ZFS PARAMETERS ENABLE_ZFS Enable or disable ZFS support. Use 0 <default> to disable it and any other value to enable it. WARNING: Don't enable or disable this parameter after using App- Jail, it must be set before use. See (BUGS/Don't mix ZFS and non-ZFS file systems!) in appjail-tutorial(7) for details. Default: 0 ZPOOL ZFS pool name. Default: zroot ZROOTFS Root prefix but for ZFS datasets. It will be concatenated using the ZFS pool name i.e. ${ZPOOL}/${ZROOTFS}, e.g.: zroot/appjail. Default: appjail ZOPTS Optional ZFS parameters for datasets. You must escape characters that can be later interpreted by the shell. Default: -o compress=lz4 DNS PARAMETERS SHORTEN_DOMAIN_NAMES Use shorter domain names instead of full names, that is, if we enable this parameter and we have a jail called jtest that is in the ajnet virtual network and with the suffix .appjail, instead of resolving jtest.ajnet.appjail we can also resolve jtest. Default: 0 NETWORK_TO_SHORTEN The SHORTEN_DOMAIN_NAMES parameter only makes sense for a single virtual network; This parameter sets which virtual network App- Jail will use for the aforementioned parameter. Default: ${AUTO_NETWORK_NAME} HOST_DOMAIN Domain suffix for hostnames when the template does not specify the parameter to explicitly set a hostname <host.hostname> Also this parameter is used when generating the list of hostnames for each virtual network, again as a domain suffix. Default: .appjail TIMEZONE PARAMETERS DEFAULT_TIMEZONE Parameter equivalent to the tzdata option in appjail-quick(1). By default this parameter is set to an empty value. USE_TIMEZONE Enable or disable the tzdata parameter. See appjail-quick(1). Default: 1 DEVFS PARAMETERS DEFAULT_DEVFS_RULESET Default ruleset number to use when the devfs_ruleset parameter is not specified in appjail-quick(1). This only makes sense when the device parameter is not specified, since when it is used a number is automatically assigned. Default: 5 DEFAULT_MOUNT_DEVFS Parameter equivalent to the mount_devfs option in appjail-quick(1). Default: 0 DEVFS_ASSIGN_ALGO What algorithm to use to assign a ruleset number when using the device parameter in appjail-quick(1): - fsmn <Find Smallest Missing Number> This algorithm will select an smallest unused number from a list of numbers. It takes into account the length of the list. If the list has a length of 0, the unused number is 1; if the length is 1, so the list has one element, the algo- rithm checks if that element is 1, if so, the unused number is 2, if not, is 1. If this check is unsuccessful, the al- gorithm does an N/2 linear search to compare two numbers starting from 1 up to the length of the list. If nothing matches, the last element plus 1 is the unused number. - fnfs <Find Number From Start> This algorithm selects a given number from a list of num- bers. If this number is already in use, the number is incre- mented and the search continues. Once this search is fin- ished, the resulting number is the unused. As fsmn, it takes the length of the list. If the list has a length of 0, the resulting number is the same as the given number. You don't need to worry about the details, but for the record: both algorithms assume that the list is sorted and that all ele- ments are unique. The list of numbers is the output of the devfs rule showsets command plus the assigned ruleset numbers of other jails. Use fsmn if you have no problem assigning lower numbers, if you don't edit devfs.rules(5) frequently, or if you have rulesets with a higher number in that file. Use fnfs is you want a more deterministic way of assigning a ruleset number. Default: fsmn DEVFS_FNFS Initial number used by fnfs. Default: 1000 JAIL PARAMETERS VOLUMESDIR Location of the root directory inside the jail for volumes that don't have a mountpoint explicitly set. Default: /volumes DEFAULT_TEMPLATE Default template that will be used by some operations such as appjail-start(1) or appjail-quick(1). Default: ${FILESDIR}/default_template.conf DEFAULT_BOOT Parameter equivalent to the boot option in appjail-quick(1). Default: 1 DEFAULT_PACKAGES Parameter equivalent to the pkg option in appjail-quick(1). By default this parameter is set to an empty value. DEFAULT_PRIORITY Parameter equivalent to the priority option in appjail-quick(1). Default: 0 DEFAULT_START Parameter equivalent to the start option in appjail-quick(1). Default: 0 DEFAULT_RESTART Parameter equivalent to the restart option in appjail-quick(1). This parameter requires option start to be used. Default: 0 DEFAULT_RUN Parameter equivalent to the run option in appjail-quick(1). This parameter requires option start to be used. Default: 0 DEFAULT_LOGIN Parameter equivalent to the login option in appjail-quick(1). This parameter requires option start to be used. Default: 0 DEFAULT_LOGIN_USER Parameter equivalent to the login_user option in appjail-quick(1). Default: root DEFAULT_COPYDIR Parameter equivalent to the copydir option in appjail-quick(1). Default: / DEFAULT_OVERWRITE Parameter equivalent to the overwrite option in appjail-quick(1). Default: 0 STARTUP PARAMETERS USE_PARALLEL Start and stop jails in parallel. USE_PARALLEL_NATNET Perform NAT per network in parallel. NETWORK PARAMETERS AUTO_NETWORK_ADDR Network address. This and the below parameters are used by the auto-create subcommand in appjail-network(1) to create a virtual network when none are specified in appjail-quick(1). Default: 10.0.0.0/10 AUTO_NETWORK_NAME Network name. Default: ajnet AUTO_NETWORK_DESC Network description. Default: AppJail network USE_FIREWALL Packet filter or firewall to use. pf, ipfw and ipfilter are valid values, but currently only pf is supported. Default: pf EXT_IF External interface. By default, AppJail will automatically get the external interface, but it is highly recommended to set this parameter explicitly to improve performance and stability. Per- formance improves because AppJail relies on you for this task, so it does not need to get the external interface for each exe- cution. Stability is improved because the external interface may not be valid if e.g. it is unplugged or you have multiple inter- faces and you want to choose one of them as the external inter- face. ON_IF Network interface or group name to transmit packets on. Default: ${EXT_IF} EXT_IP Use this value as the specified IPv4 address. This is useful for the appjail-expose(1) and appjail-nat(1) commands. Note that this IPv4 address must exist in the specified external address. SHARED_BRIDGE Shared bridge to be created by the attach subcommand in appjail-network(1) and also used by the detach subcommand. Default: appjail DEFAULT_MTU If an epair interface is provided before a non-epair interface, use this MTU. The non-epair interface should be provided before the epair interface, so that AppJail can obtain the MTU and set the bridge MTU correctly. Remember that if_bridge(4) requires that all interfaces have the same MTU; see if_bridge(4) for more details. If you are not sure which MTU to choose, use 576. See RFC 791 for more details. This parameter is used by the attach subcommand in appjail-network(1). Default: 1500 DEFAULT_VIRTUALNET_MTU Default MTU used by Virtual Networks. Note that if you have a Virtual Network already created with no MTU defined, this value will be used every time when an if_epair(4) interface is created, so don't change this value when you have already added a member to the bridge with a dif- ferent MTU, this will result in an error. See if_bridge(4) for details. Default: 1500 DEFAULT_RESOLV_CONF Parameter equivalent to the resolv_conf option in appjail-quick(1). Default: /etc/resolv.conf USE_RESOLV_CONF Enable or disable the resolv_conf parameter. See appjail-quick(1). Default: 1 LOG PARAMETERS CREATED_FORMAT date(1) format to display in a human-understandable format for the created keyword in the list or get subcommands of appjail-jail(1). Default: %Y-%m-%d %H:%M:%S CONSOLELOG_NAME Command to run to generate a filename for the exec.consolelog parameter in a template. The slash character can't be used. Default: date +%Y-%m-%d.log SESSION_ID_NAME Command to run to generate a filename for when the ENABLE_LOGGING_OUTPUT parameter is set to a value other than 0. The slash character can't be used. Default: date +%Y-%m-%d.log STARTUPLOG_NAME Command to run to generate a filename for logs generated by the appjail-startup(1) command. The slash character can't be used. Default: date +%Y-%m-%d.log CONTAINERLOG_NAME Command to execute to generate a filename for the logs generated by the background processes in the appjail-oci(1) exec command. The slash character can't be used. Default: date +%Y-%m-%d.log BUILDLOG_NAME Command to run to generate a filename for logs generated by the appjail-fetch(1) command when building the FreeBSD source. The slash character can't be used. Default: date +%Y-%m-%d_%Hh%Mm%Ss.log ETCUPDATELOG_NAME Command to run to generate a filename for logs generated by the appjail-etcupdate(1) command. The slash character can't be used. Default: date +%Y-%m-%d_%Hh%Mm%Ss.log ENABLE_LOGGING_OUTPUT Records the AppJail session, that is, from the first time it is run until it ends. Default: 0 SCRIPT_TIME See -t in script(1). Default: 30 ENABLE_DEBUG There are four levels of debugging: debug, info, warn and error. Only the debug level can be enabled or disabled. Default: 1 FETCH PARAMETERS DEFAULT_FETCH_METHOD Default appjail-fetch(1) subcommand to be executed when none is provided. Default: www DEFAULT_INSTALL_METHOD Default appjail-jail(1) installation method for creating new jails. Default: standard DOWNLOADURL Site where FreeBSD components will be downloaded. The protocols that can be used depend entirely on the command specified in the WWW_CMD parameter. The value of this parameter may contain some keywords that have special meaning: - %a <Architecture> - %v <Version> AppJail will quote the keyword's value at runtime and escape any characters that can be interpreted by the shell. If you want to escape a keyword, use %%, e.g. %%v. Default: https://download.freebsd.org/releases/%a/%v COMPONENTS Default components to be downloaded when none are specified. Default: base.txz DEFAULT_RELEASE Default release name when none is specified. Default: default WWW_CMD Command to download FreeBSD components. The value of this parameter may contain some keywords that have special meaning: - %o <Component pathname> - %u <Site where FreeBSD components will be downloaded> - %c <Component filename> AppJail will quote the keyword's value at runtime and escape any characters that can be interpreted by the shell. If you want to escape a keyword, use %%, e.g. %%c. Default: fetch -Rpm -o %o %u/%c MAKEJAIL_FETCH_CMD Command to get a Makejail when using the fetch method in appjail-makejail(1). The value of this parameter may contain some keywords that have special meaning: - %o <Makejail pathname> - %u <Site where the Makejail file will be downloaded> AppJail will quote the keyword's value at runtime and escape any characters that can be interpreted by the shell. If you want to escape a keyword, use %%, e.g. %%u. Default: fetch -Rpm -o %o %u MAKEJAIL_ADD_FETCH_CMD Command to get the tarball file used by the ADD instruction in a Makejail file. The value of this parameter may contain some keywords that have special meaning: - %u <Site where the tarball will be downloaded> AppJail will quote the keyword's value at runtime and escape any characters that can be interpreted by the shell. If you want to escape a keyword, use %%, e.g. %%u. Default: fetch -Rpm -o - %u SOURCE BUILD PARAMETERS SRCDIR Location of FreeBSD source tree. Default: /usr/src TARGET_ARCH Default value for the TARGET and TARGET_ARCH variables. See appjail-fetch(1) and build(7) for details. Default: ${FREEBSD_ARCH} MAKEARGS Default arguments used by make(1) when building the source tree. By default this parameter is set to an empty value. KERNEL Default kernel to compile. Default: GENERIC JOBS Number of jobs. By default, the number of CPUs of the system. IMAGE PARAMETERS IMAGESDIR Location of images. Default: ${CACHEDIR}/images IMAGE_COMPRESS Default algorithm to compress the images. Default: xz IMAGE_ARCH Default target to build the images. If not defined, the output of the -p parameter of the uname(1) command is used. By default this parameter is set to an empty value. IMAGE_TAG Default image tag. Default: latest IMAGE_FETCH_CMD Command to get a ajspec file when using the fetch method in the import subcommand of the appjail-image(1) command. The value of this parameter may contain some keywords that have special meaning: - %o <Image pathname> - %u <Site where the image will be downloaded> AppJail will quote the keyword's value at runtime and escape any characters that can be interpreted by the shell. If you want to escape a keyword, use %%, e.g. %%u. Default: fetch -Rpm -o %o %u IMAGE_ENTRYPOINT If no entrypoint is specified in a Makejail file, use this para- meter as the default value. This value will be concatenated like a pathname, e.g. <entrypoint>/<image name>. Default: gh+AppJail-makejails IMAGE_DOWNLOAD_METHOD The appjail-image(1) command will get a list of sources to try to download the image to one of them, if this parameter is set to seq the attempts are made as it is in the list defined in the ajspec file, but if this parameter is set to random, the list is sorted randomly before trying to download the image. Default: random DEBOOTSTRAP PARAMETERS DEBOOTSTRAP_CMD debootstrap(8) command to bootstrap a basic debian system. The value of this parameter may contain some keywords that have special meaning: - %a <Target architecture> - %s <Suite name> - %o <Output directory> AppJail will quote the keyword's value at runtime and escape any characters that can be interpreted by the shell. If you want to escape a keyword, use %%, e.g. %%s. Default: debootstrap --foreign --arch=%a --no-check-gpg %s %o DEBOOTSTRAP_ARCH Default target architecture used by the debootstrap(8) command. Default: ${FREEBSD_ARCH} DEBOOTSTRAP_MIRROR See debootstrap(8). By default this parameter is set to an empty value. DEBOOTSTRAP_SCRIPT See debootstrap(8). By default this parameter is set to an empty value. APT_CACHE_START See Cache-Start in apt.conf(5). Default: 251658240 COLORS PARAMETERS ENABLE_COLORS Enable or disable colors. It is highly recommended to use colors to more easily identify errors, warnings, and so on. Use the -R parameter in less(1) if you want to see a log created by AppJail when this parameter is enabled. Default: 1 ENABLE_RANDOM_COLORS Some commands set a prefix before displaying a message which is commonly the target name, i.e. jail name, image name, etc. That prefix can be displayed colored with a randomly chosen color by enabling this parameter. Default: 1 HEALTHCHECKERS PARAMETERS DEFAULT_HEALTH_TYPE Default health type when the user doesn't specify one. Default: host DEFAULT_RECOVER_TYPE Default recover type when the user doesn't specify one. Default: host DEFAULT_HEALTH_CMD Default health command when the user doesn't specify one. The value of this parameter may contain some keywords that have special meaning: - %j <Jail name> AppJail will quote the keyword's value at runtime and escape any characters that can be interpreted by the shell. If you want to escape a keyword, use %%, e.g. %%j. Default: appjail status -q %j DEFAULT_RECOVER_CMD Default recover command when the user doesn't specify one The value of this parameter may contain some keywords that have special meaning: - %j <Jail name> AppJail will quote the keyword's value at runtime and escape any characters that can be interpreted by the shell. If you want to escape a keyword, use %%, e.g. %%j. Default: appjail restart %j DEFAULT_HEALTH_INTERVAL Default interval number to execute the health command Default: 30 DEFAULT_HEALTH_RETRIES Default number of attempts before executing the recover command. Default: 3 DEFAULT_HEALTH_START_PERIOD Delay before running the healthchecker. If this parameter is set to 0, no delay is performed. Default: 0 DEFAULT_RECOVER_TOTAL Default number of attempts before considering the jail as un- healthy. Default: 3 DEFAULT_HEALTH_TIMEOUT Duration of the health command before sending the signal speci- fied in the DEFAULT_TIMEOUT_SIGNAL. Default: 120 DEFAULT_TIMEOUT_SIGNAL Signal to send once the timeout specified in DEFAULT_HEALTH_TIMEOUT has been reached. Default: sigterm DEFAULT_TIMEOUT_KILL_AFTER Send a SIGKILL signal after sending the signal specified in the DEFAULT_TIMEOUT_SIGNAL parameter. Default: 180 DEFAULT_RECOVER_TIMEOUT Duration of the recover command before sending the signal speci- fied in the DEFAULT_RECOVER_TIMEOUT_SIGNAL. Default: 120 DEFAULT_RECOVER_TIMEOUT_SIGNAL Signal to send once the timeout specified in DEFAULT_RECOVER_TIMEOUT has been reached. Default: sigterm DEFAULT_RECOVER_TIMEOUT_KILL_AFTER Send a SIGKILL signal after sending the signal specified in the DEFAULT_RECOVER_TIMEOUT_SIGNAL parameter. Default: 180 COMPRESSION/DECOMPRESSION PARAMETERS The following parameters are self-explanatory. Parameters prefixed with TAR apply to operations related with tar(1) such as TAR_ARGS, TAR_COMPRESS_ARGS, TAR_DECOMPRESS_ARGS and TAR_<ALGO>_ARGS. Parameters such as <ALGO>_ARGS, <ALGO>_COMPRESS_ARGS, <ALGO>_COMPRESS_CMD, <ALGO>_DECOMPRESS_ARGS and <ALGO>_DECOMPRESS_CMD apply to compression and decompression-related operations that use <ALGO>_COMPRESS_CMD for compress and <ALGO>_DECOMPRESS_CMD for decom- press, i.e. export and import ZFS images. TAR_ARGS By default this parameter is set to an empty value. TAR_COMPRESS_ARGS Default: ${TAR_ARGS} TAR_DECOMPRESS_ARGS Default: ${TAR_ARGS} TAR_BZIP_ARGS Default: ${TAR_COMPRESS_ARGS} --bzip TAR_GZIP_ARGS Default: ${TAR_COMPRESS_ARGS} --gzip TAR_LRZIP_ARGS You need to install archivers/lrzip to use this algorithm. Default: ${TAR_COMPRESS_ARGS} --lrzip TAR_LZ4_ARGS Default: ${TAR_COMPRESS_ARGS} --lz4 TAR_LZMA_ARGS Default: ${TAR_COMPRESS_ARGS} --lzma TAR_LZOP_ARGS You need to install archivers/lzop to use this algorithm. Default: ${TAR_COMPRESS_ARGS} --lzop TAR_XZ_ARGS Default: ${TAR_COMPRESS_ARGS} --xz TAR_ZSTD_ARGS Default: ${TAR_COMPRESS_ARGS} --zstd BZIP_ARGS By default this parameter is set to an empty value. BZIP_COMPRESS_ARGS Default: ${BZIP_ARGS} BZIP_COMPRESS_CMD Default: bzip2 ${BZIP_COMPRESS_ARGS} BZIP_DECOMPRESS_ARGS Default: ${BZIP_ARGS} BZIP_DECOMPRESS_CMD Default: bzip2 ${BZIP_DECOMPRESS_ARGS} -d GZIP_ARGS By default this parameter is set to an empty value. GZIP_COMPRESS_ARGS Default: ${GZIP_ARGS} GZIP_COMPRESS_CMD Default: gzip ${GZIP_COMPRESS_ARGS} GZIP_DECOMPRESS_ARGS Default: ${GZIP_ARGS} GZIP_DECOMPRESS_CMD Default: gzip -d ${GZIP_DECOMPRESS_ARGS} LRZIP_ARGS By default this parameter is set to an empty value. You need to install archivers/lrzip to use this algorithm. LRZIP_COMPRESS_ARGS Default: ${LRZIP_ARGS} LRZIP_COMPRESS_CMD Default: lrzip ${LRZIP_COMPRESS_ARGS} LRZIP_DECOMPRESS_ARGS Default: ${LRZIP_ARGS} LRZIP_DECOMPRESS_CMD Default: lrzip -d ${LRZIP_DECOMPRESS_ARGS} LZ4_ARGS By default this parameter is set to an empty value. LZ4_COMPRESS_ARGS Default: ${LZ4_ARGS} LZ4_COMPRESS_CMD Default: lz4 ${LZ4_COMPRESS_ARGS} LZ4_DECOMPRESS_ARGS Default: ${LZ4_ARGS} LZ4_DECOMPRESS_CMD Default: lz4 -d ${LZ4_DECOMPRESS_ARGS} LZMA_ARGS By default this parameter is set to an empty value. LZMA_COMPRESS_ARGS Default: ${LZMA_ARGS} LZMA_COMPRESS_CMD Default: lzma ${LZMA_COMPRESS_ARGS} LZMA_DECOMPRESS_ARGS Default: ${LZMA_ARGS} LZMA_DECOMPRESS_CMD Default: lzma -d ${LZMA_DECOMPRESS_ARGS} LZOP_ARGS By default this parameter is set to an empty value. You need to install archivers/lzop to use this algorithm. LZOP_COMPRESS_ARGS Default: ${LZOP_ARGS} LZOP_COMPRESS_CMD Default: lzop ${LZOP_COMPRESS_ARGS} LZOP_DECOMPRESS_ARGS Default: ${LZOP_ARGS} LZOP_DECOMPRESS_CMD Default: lzop -d ${LZOP_DECOMPRESS_ARGS} XZ_ARGS By default this parameter is set to an empty value. XZ_COMPRESS_ARGS Default: ${XZ_ARGS} XZ_COMPRESS_CMD Default: xz ${XZ_COMPRESS_ARGS} XZ_DECOMPRESS_ARGS Default: ${XZ_ARGS} XZ_DECOMPRESS_CMD Default: xz -d ${XZ_DECOMPRESS_ARGS} ZSTD_ARGS By default this parameter is set to an empty value. ZSTD_COMPRESS_ARGS Default: ${ZSTD_ARGS} ZSTD_COMPRESS_CMD Default: zstd ${ZSTD_COMPRESS_ARGS} ZSTD_DECOMPRESS_ARGS Default: ${ZSTD_ARGS} ZSTD_DECOMPRESS_CMD Default: zstd -d ${ZSTD_DECOMPRESS_ARGS} COLUMNS PARAMETERS DEFAULT_COLUMNS_VOLUME Default columns for appjail-volume(1) get. Default: name mountpoint type uid gid perm DEFAULT_COLUMNS_LIMITS Default columns for appjail-limits(1) get. Default: nro enabled name rule loaded DEFAULT_COLUMNS_STATS Default columns for appjail-limits(1) stats. DEFAULT_COLUMNS_LABEL Default columns for appjail-label(1) get. Default: name value DEFAULT_COLUMNS_JAIL Default columns for appjail-jail(1) get. Default: status name type version ports network_ip4 DEFAULT_COLUMNS_NETWORK Default columns for appjail-network(1) get. Default: name network cidr broadcast gateway minaddr maxaddr addresses description mtu DEFAULT_COLUMNS_IMAGE Default columns for appjail-image(1) get. Default: name DEFAULT_COLUMNS_NAT_JAIL Default columns for appjail-nat(1) jail get. Default: name network rule DEFAULT_COLUMNS_NAT_NETWORK Default columns for appjail-nat(1) network get. Default: boot name rule DEFAULT_COLUMNS_HEALTHCHECK Default columns for appjail-healthcheck(1) get. Default: nro enabled name status health_type health_cmd recover_type recover_cmd DEFAULT_COLUMNS_FSTAB Default columns for appjail-fstab(1) get. Default: nro enabled name device mountpoint type options dump pass DEFAULT_COLUMNS_DEVFS Default columns for appjail-devfs(1) get. Default: nro enabled name rule DEFAULT_COLUMNS_EXPOSE Default columns for appjail-expose(1) get. Default: nro enabled name ports protocol network_name ext_if on_if PKGBASE PARAMETERS PKG_CONF_DIR Location of pkg.conf(5) files. Default: ${FILESDIR}/pkgbase/base.conf PKGBASE_PACKAGES Default packages used when none are explicitly specified. By de- fault this parameter is set to an empty value. FINGERPRINTS_DIRECTORY This should be set to a path containing known signatures for the repository. Default: /usr/share/keys/pkg MISCELLANEOUS PARAMETERS AUTO_GIT_UPDATE If there is a request to clone a repository in a Makejail file and it already exists locally, update it. Default: 1 BUILDAH_FROM_ARGS buildah-from(1) arguments. By default this parameter is set to an empty value. FREEBSD_UPDATE_CONF Default freebsd-update.conf(5) configuration file when updating or upgrading a FreeBSD jail or release. Default: /etc/freebsd-update.conf FREEBSD_ARCH Default architecture used by some operations, such as fetching FreeBSD components, creating jails, etc. If not defined, the output of the -m parameter of the uname(1) command is used. By default this parameter is set to an empty value. FREEBSD_VERSION Default FreeBSD version without the patch level used by some op- erations, such as fetching FreeBSD components, creating jails, etc. If not defined, AppJail will get a valid version string. RUNAS Utility that runs when a non-root user runs appjail(1). See appjail-user(8). Default: doas TRY_UMOUNT Attempts to unmount any mounted file systems detected by AppJail in some operations. For example, AppJail tries to check for mounted file systems on appjail-start(1), and warns you if so. In some cases this is a simple warning, but it may not be desirable to mount a file sys- tem on another file system. Or there are even cases where App- Jail does not warn you but issues an error, such as when trying to mount the base directory for thinjails. Default: 1 FILES /usr/local/etc/appjail/appjail.conf /usr/local/etc/appjail/appjail.conf.sample SEE ALSO appjail(1) appjail-devfs(1) appjail-fetch(1) appjail-image(1) appjail-makejail(1) appjail-nat(1) appjail-network(1) appjail-quick(1) appjail-volume(1) appjail-zfs(1) tar(1) if_bridge(4) if_epair(4) freebsd-update.conf(5) appjail-tutorial(7) appjail-dns(8) AUTHORS Jess Daniel Colmenares Oviedo <DtxdF@disroot.org> FreeBSD ports 15.0 September 21, 2025 APPJAIL.CONF(5)
NAME | SYNOPSIS | DESCRIPTION | PATH PARAMETERS | SYSTEM DIRECTORIES PARAMETERS | ZFS PARAMETERS | DNS PARAMETERS | TIMEZONE PARAMETERS | DEVFS PARAMETERS | JAIL PARAMETERS | STARTUP PARAMETERS | NETWORK PARAMETERS | LOG PARAMETERS | FETCH PARAMETERS | SOURCE BUILD PARAMETERS | IMAGE PARAMETERS | DEBOOTSTRAP PARAMETERS | COLORS PARAMETERS | HEALTHCHECKERS PARAMETERS | COMPRESSION/DECOMPRESSION PARAMETERS | COLUMNS PARAMETERS | PKGBASE PARAMETERS | MISCELLANEOUS PARAMETERS | FILES | SEE ALSO | AUTHORS
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=appjail.conf&sektion=5&manpath=FreeBSD+Ports+15.0>