Blog Post

Tech Talk: FreeBSD Jails

2023-09-29 FreeBSD, Jails, Security, Virtualization by gyptazy

My tech talks provide in a few iterations a short overview about FreeBSD Jails, how they work, how to set them up from scratch, additional tooling around it and the usage with additional tools/managers as well as some further things like custom networking, firewalling and keeping them up to date with jail audit. These are prepared mostly as lightning talks and may have some optional interactive parts if needed.

What are Jails?

In the ever-evolving landscape of containerization technologies, FreeBSD Jails stand as a venerable and robust solution that has been integral to the FreeBSD operating system for years. While containerization platforms like Docker and Kubernetes have gained significant attention, FreeBSD Jails offer a unique set of features and capabilities that make them a compelling choice for various use cases. In this blog post, we’ll take a deep dive into FreeBSD Jails, exploring what they are, how they work, and the many ways they can benefit your IT infrastructure.

At its core, a FreeBSD Jail is an operating system-level virtualization mechanism that allows you to create isolated environments within a single FreeBSD host. Each jail functions as an independent instance with its own filesystem, processes, users, and network stack. This isolation enables you to run multiple applications or services on the same physical machine without them interfering with each other. It’s like having mini virtual machines, but without the overhead of full virtualization.

Roadmap

Basics: What is it and why?
Duration: 15-30 Minutes
Link: Web / PDF
Note: Covering the basic information, construction, dependencies, types
Deeper insights: How the things work internally
Duration: 30 Minutes
Link: Web / PDF
Note: Insights in the functionality of Jails
Setting up a Jail from scratch manually
Duration: 60-90 Minutes
Link: Web / PDF
Note: This is an interactive tech-talk. Please have FreeBSD 13.1 minimal in place with a running sshd.
Setting up a Jail with tooling/manager (ezjail or ansible-jail)
Duration: 60-90 Minutes
Link: Web / PDF
Note: This is an interactive tech-talk. Please have FreeBSD 13.1 minimal in place with a running sshd. Only a single manager will be covered.
Custom Things of Jails
Duration: 45-60 Minutes
Link: Web / PDF
Note: Interjail communication, VNET, basic PF (firewalling), Jail auditing

Prerequisites

Please have a ready to use minimal FreeBSD 13.2 image with a running SSHd in place that can be reached from your local machine. You can find images ob freebsd.org or just take the following ones:

AMD64: https://download.freebsd.org/releases/amd64/amd64/ISO-IMAGES/13.1/
ARM64: https://download.freebsd.org/releases/arm64/aarch64/ISO-IMAGES/13.1/
Vagrant images: https://app.vagrantup.com/gyptazy/boxes/freebsd13.2-arm64

Sources

Every tech talk can also be found on GitHub and is free to use.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.