dtxdf / appjail Goto Github PK

View Code? Open in Web Editor NEW

122.0 5.0 6.0 3.63 MB

Simple and easy-to-use tool for creating portable jails.

Home Page: https://appjail.readthedocs.io

License: BSD 3-Clause "New" or "Revised" License

Makefile 0.68% Shell 53.97% C 17.13% Roff 28.21%

automation containers deployment freebsd jail manage-freebsd-jails zfs appjail makejail

appjail's Issues

Looks awesome! PkgBase?

I just saw this port. I'm am (was?) in the process of writing a slim script helper to use for jails. In my case, I'm using nomad with raw_exec to orchestrate jails across a cluster of machines.

At first glance, this looks awesome and seems like it supersede my need to write my own script. One thing I haven't seen yet though, that I do use, is PkgBase instead of distribution archives for the jail world. PkgBase lets me create slimmer jails and also gives me an easier option to reduce surface area on the jail.

Did I miss PkgBase or is that something that still needs to be implemented? I haven't looked at the sources yet, but if I can help, I'd be happy to do so.

Add `pot` to the comparison page, maybe

https://github.com/bsdpot/pot

missing doas dependency

it appears installing AppJail does not install doas, which seems to be a dependency.

[bruno@proliant21 ~]$ appjail -h
[00:00:00] [ error ] doas: program not found.

[bruno@proliant21 ~]$ uname -a
FreeBSD proliant21.bschwand.net 14.0-RELEASE-p5 FreeBSD 14.0-RELEASE-p5 #0: Tue Feb 13 23:37:36 UTC 2024
[bruno@proliant21 ~]$ pkg info appjail
appjail-3.0.0
Name : appjail
Version : 3.0.0
Installed on : Wed Feb 14 16:51:47 2024 CET
Origin : sysutils/appjail
Architecture : FreeBSD:14:amd64
Prefix : /usr/local
Categories : sysutils
Licenses : BSD3CLAUSE
Maintainer : [email protected]
WWW : https://github.com/DtxdF/AppJail/
Comment : Simple and easy-to-use tool for creating portable jails
Options :
DEBOOTSTRAP : off
DOAS : off
DOCS : on
GIT : off
Annotations :
FreeBSD_version: 1400097
build_timestamp: 2024-01-09T04:13:30+0000
built_by : poudriere-git-3.4.0
port_checkout_unclean: no
port_git_hash : 756e18783
ports_top_checkout_unclean: no
ports_top_git_hash: 756e18783
repo_type : binary
repository : FreeBSD
Flat size : 1.07MiB

INCLUDE statement in Makejail file fails with file not found error despite file existence

Issue

When trying to use the INCLUDE statement in a Makejail file, an error is thrown suggesting that the file does not exist or could not be read. This occurs even when the file exists, is in the correct relative location, and is readable.

Environment

AppJail version: Installed from the Git repository (87dc020)
Operating System: FreeBSD 13.2-RELEASE

Steps to reproduce

Create a Makejail file with the following content:

INCLUDE options/network.makejail
INCLUDE gh+AppJail-makejails/nginx
COPY usr
SERVICE nginx reload

Create a file named options/network.makejail with the following content:

OPTION overwrite

Run the command appjail makejail -f Makejail -j test

Expected behaviour

The INCLUDE statement should correctly include and process the specified file.

Actual behaviour

The program throws an error indicating that the file specified in the INCLUDE statement does not exist or cannot be read.

[00:00:00] [ info  ] [test] Building test ...
[00:00:00] [ debug ] [test] Main Makejail: Makejail
[00:00:00] [ debug ] [test] Using method:file (args:Makejail) from Makejail.
[00:00:00] [ debug ] [test] Including /root/makejails/Makejail ...
. from options/network.makejailng method:file (args:options/network.makejail
 file does not exist or could not be read.k.makejail

Additional Information

The makejail_include function in the makejail cmd appears to be responsible for handling the INCLUDE statement. The error might originate from this function.

Please let me know if you need any further information.

Documentation online only

Hello,

I don't know if you aware of this or if it's done on purpose but I just wanted to let you know that the documentation isn't downloadable, no pdf or html.
https://readthedocs.org/projects/appjail/downloads/

Though I also noticed you've started to write man pages which is great thank you!
Keep up the good work.

[QUESTION] OCI, CRI support?

Hi,

I found out about this project from here https://wiki.freebsd.org/Containers , while was searching for a possible "low level container runtime" for FreeBSD, that would be at the same time OCI compatible, so it would work with different "high level container runtimes" like "containerd" or "CRI-o".
As far as i have understood from this project, it is an "low level container runtime"?

Is there any plans on making this utility to support "OCI"/high level "container runtimes"?

Thanks

any jail i try to make using nat options gives error

buckbucks% appjail makejail -f gh+AppJail-makejails/badwolf -j badwolf1 \ /usr/src
-o virtualnet="ajnet:badwolf default"
-o nat
-o copydir=/tmp/files
-o file=/etc/rc.conf
-o x11 \

[00:00:00] [ info ] [badwolf1] Building ...
[00:00:00] [ debug ] [badwolf1] Main Makejail: gh+AppJail-makejails/badwolf
[00:00:01] [ debug ] [badwolf1] Using method:github (args:AppJail-makejails/badwolf) from gh+AppJail-makejails/badwolf.
[00:00:01] [ debug ] [badwolf1] Using global cache directory (git): /usr/local/appjail/cache/git
[00:00:01] [ debug ] [badwolf1] Updating /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072 ...
[00:00:01] [ debug ] [badwolf1] Including /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/Makejail ...
[00:00:01] [ debug ] [badwolf1] Using method:file (args:options/options.makejail) from options/options.makejail.
[00:00:01] [ debug ] [badwolf1] Including /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/options/options.makejail ...
[00:00:02] [ debug ] [badwolf1] Makejail generated:
[00:00:02] [ debug ] [badwolf1] RAW cd -- "/usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072" # Makejail: /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/Makejail
[00:00:02] [ debug ] [badwolf1] RAW cd -- "/usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/options" # Makejail: /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/options/options.makejail
[00:00:02] [ debug ] [badwolf1] OPTION resolv_conf
[00:00:02] [ debug ] [badwolf1] OPTION tzdata
[00:00:02] [ debug ] [badwolf1] OPTION overwrite=force
[00:00:02] [ debug ] [badwolf1] OPTION start
[00:00:02] [ debug ] [badwolf1] RAW cd -- "/usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072" # Makejail: /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/Makejail
[00:00:02] [ debug ] [badwolf1] ARG badwolf_tag=13.3
[00:00:02] [ debug ] [badwolf1] FROM --entrypoint gh+AppJail-makejails/badwolf badwolf:${badwolf_tag}
[00:00:02] [ debug ] [badwolf1] CMD pw useradd -n badwolf -c "Minimalist and privacy-oriented WebKitGTK+ browser" -d /home/badwolf -s /bin/sh
[00:00:02] [ debug ] [badwolf1] CMD mkdir -p /home/badwolf/.local/share/badwolf/webkit-web-extension
[00:00:02] [ debug ] [badwolf1] CMD mkdir -p /home/badwolf/.config/badwolf
[00:00:02] [ debug ] [badwolf1] CMD chown -R badwolf:badwolf /home/badwolf
[00:00:02] [ debug ] [badwolf1] COPY usr
[00:00:02] [ debug ] [badwolf1] STOP
[00:00:02] [ debug ] [badwolf1] STAGE custom:badwolf_open
[00:00:02] [ debug ] [badwolf1] ENV DISPLAY=:0
[00:00:02] [ debug ] [badwolf1] USER badwolf
[00:00:02] [ debug ] [badwolf1] RUN badwolf.sh
[00:00:02] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/RAW (args:cd -- "/usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072" # Makejail: /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/Makejail)
[00:00:02] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/RAW (args:cd -- "/usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/options" # Makejail: /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/options/options.makejail)
[00:00:02] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/build/OPTION (args:resolv_conf)
[00:00:02] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/build/OPTION (args:tzdata)
[00:00:02] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/build/OPTION (args:overwrite=force)
[00:00:02] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/build/OPTION (args:start)
[00:00:02] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/RAW (args:cd -- "/usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072" # Makejail: /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/Makejail)
[00:00:02] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/ARG (args:badwolf_tag=13.3)
[00:00:03] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/build/FROM (args:--entrypoint gh+AppJail-makejails/badwolf badwolf:${badwolf_tag})
[00:00:03] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/CMD (args:pw useradd -n badwolf -c "Minimalist and privacy-oriented WebKitGTK+ browser" -d /home/badwolf -s /bin/sh)
[00:00:03] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/CMD (args:mkdir -p /home/badwolf/.local/share/badwolf/webkit-web-extension)
[00:00:03] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/CMD (args:mkdir -p /home/badwolf/.config/badwolf)
[00:00:03] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/CMD (args:chown -R badwolf:badwolf /home/badwolf)
[00:00:04] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/COPY (args:usr)
[00:00:04] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/build/STOP (args:)
[00:00:04] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/ENV (args:DISPLAY=:0)
[00:00:04] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/USER (args:badwolf)
[00:00:04] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/RUN (args:badwolf.sh)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/all/ARG (input:/usr/local/appjail/cache/tmp/.appjail/appjail.ZIY2LP6IPL)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/build/FROM (input:/usr/local/appjail/cache/tmp/.appjail/appjail.k8HQvrHx6o)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/build/OPTION (input:/usr/local/appjail/cache/tmp/.appjail/appjail.446F8Cgkh7)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/all/RAW (input:/usr/local/appjail/cache/tmp/.appjail/appjail.FLvI6quf1Y/stages/build/0.RAW)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/all/RAW (input:/usr/local/appjail/cache/tmp/.appjail/appjail.FLvI6quf1Y/stages/build/1.RAW)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/all/RAW (input:/usr/local/appjail/cache/tmp/.appjail/appjail.FLvI6quf1Y/stages/build/6.RAW)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/all/CMD (input:/usr/local/appjail/cache/tmp/.appjail/appjail.FLvI6quf1Y/stages/build/9.CMD)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/all/CMD (input:/usr/local/appjail/cache/tmp/.appjail/appjail.FLvI6quf1Y/stages/build/10.CMD)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/all/CMD (input:/usr/local/appjail/cache/tmp/.appjail/appjail.FLvI6quf1Y/stages/build/11.CMD)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/all/CMD (input:/usr/local/appjail/cache/tmp/.appjail/appjail.FLvI6quf1Y/stages/build/12.CMD)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/all/COPY (input:/usr/local/appjail/cache/tmp/.appjail/appjail.FLvI6quf1Y/stages/build/13.COPY)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/build/STOP (input:/usr/local/appjail/cache/tmp/.appjail/appjail.FLvI6quf1Y/stages/build/14.STOP)
[00:00:05] [ debug ] [badwolf1] Buildscript generated:
[00:00:05] [ debug ] [badwolf1] set -T
[00:00:05] [ debug ] [badwolf1]
[00:00:05] [ debug ] [badwolf1] . "${APPJAIL_CONFIG}"
[00:00:05] [ debug ] [badwolf1] . "${LIBDIR}/load"
[00:00:05] [ debug ] [badwolf1]
[00:00:05] [ debug ] [badwolf1] lib_load "${LIBDIR}/sysexits"
[00:00:05] [ debug ] [badwolf1] lib_load "${LIBDIR}/atexit"
[00:00:05] [ debug ] [badwolf1] lib_load "${LIBDIR}/log"
[00:00:05] [ debug ] [badwolf1] lib_load "${LIBDIR}/check_func"
[00:00:05] [ debug ] [badwolf1]
[00:00:05] [ debug ] [badwolf1] lib_atexit_init
[00:00:05] [ debug ] [badwolf1]
[00:00:05] [ debug ] [badwolf1] trap '' SIGINT
[00:00:05] [ debug ] [badwolf1] set -e
[00:00:05] [ debug ] [badwolf1] badwolf_tag="13.3"
[00:00:05] [ debug ] [badwolf1] lib_load "${LIBDIR}/check_func"
[00:00:05] [ debug ] [badwolf1]
[00:00:05] [ debug ] [badwolf1] while [ $# -gt 0 ]; do
[00:00:05] [ debug ] [badwolf1] case "$1" in
[00:00:05] [ debug ] [badwolf1] --badwolf_tag)
[00:00:05] [ debug ] [badwolf1] badwolf_tag="$2"; shift
[00:00:05] [ debug ] [badwolf1] ;;
[00:00:05] [ debug ] [badwolf1] --)
[00:00:05] [ debug ] [badwolf1] shift
[00:00:05] [ debug ] [badwolf1] break
[00:00:05] [ debug ] [badwolf1] ;;
[00:00:05] [ debug ] [badwolf1] --)
[00:00:05] [ debug ] [badwolf1] lib_err ${EX_USAGE} -- "$1: Invalid option."
[00:00:05] [ debug ] [badwolf1] ;;
[00:00:05] [ debug ] [badwolf1] )
[00:00:05] [ debug ] [badwolf1] break
[00:00:05] [ debug ] [badwolf1] ;;
[00:00:05] [ debug ] [badwolf1] esac
[00:00:05] [ debug ] [badwolf1]
[00:00:05] [ debug ] [badwolf1] shift
[00:00:05] [ debug ] [badwolf1] done
[00:00:05] [ debug ] [badwolf1] if lib_check_empty "$badwolf_tag"; then
[00:00:05] [ debug ] [badwolf1] lib_err ${EX_DATAERR} "option requires an argument -- badwolf_tag"
[00:00:05] [ debug ] [badwolf1] fi
[00:00:05] [ debug ] [badwolf1] "${APPJAIL_SCRIPT}" image import -a "amd64" -N .ajspec -n "badwolf" -t "${badwolf_tag}" -- "gh+AppJail-makejails/badwolf"
[00:00:05] [ debug ] [badwolf1] "${APPJAIL_SCRIPT}" image jail -a "amd64" -i "badwolf" -t "${badwolf_tag}" -- "${APPJAIL_JAILNAME}" "resolv_conf" "tzdata" "overwrite=force" "start" "virtualnet=ajnet:badwolf default" "nat" "copydir=/tmp/files" "file=/etc/rc.conf" "x11"
[00:00:05] [ debug ] [badwolf1] cd -- "/usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072" # Makejail: /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/Makejail
[00:00:05] [ debug ] [badwolf1] cd -- "/usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/options" # Makejail: /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/options/options.makejail
[00:00:05] [ debug ] [badwolf1] cd -- "/usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072" # Makejail: /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/Makejail
[00:00:05] [ debug ] [badwolf1] "${APPJAIL_SCRIPT}" cmd jexec "${APPJAIL_JAILNAME}" env "badwolf_tag=${badwolf_tag}" sh -c "pw useradd -n badwolf -c "Minimalist and privacy-oriented WebKitGTK+ browser" -d /home/badwolf -s /bin/sh"
[00:00:05] [ debug ] [badwolf1] "${APPJAIL_SCRIPT}" cmd jexec "${APPJAIL_JAILNAME}" env "badwolf_tag=${badwolf_tag}" sh -c "mkdir -p /home/badwolf/.local/share/badwolf/webkit-web-extension"
[00:00:05] [ debug ] [badwolf1] "${APPJAIL_SCRIPT}" cmd jexec "${APPJAIL_JAILNAME}" env "badwolf_tag=${badwolf_tag}" sh -c "mkdir -p /home/badwolf/.config/badwolf"
[00:00:05] [ debug ] [badwolf1] "${APPJAIL_SCRIPT}" cmd jexec "${APPJAIL_JAILNAME}" env "badwolf_tag=${badwolf_tag}" sh -c "chown -R badwolf:badwolf /home/badwolf"
[00:00:05] [ debug ] [badwolf1] cp -a -- "usr" "${APPJAIL_JAILDIR}/"
[00:00:05] [ debug ] [badwolf1] "${APPJAIL_SCRIPT}" stop -- "${APPJAIL_JAILNAME}"
[00:00:06] [ debug ] [badwolf1] Cloning https://github.com/AppJail-makejails/badwolf as /usr/local/appjail/cache/tmp/.appjail/appjail.N2sXFepwFz ...
[00:00:06] [ info ] [badwolf] badwolf (arch:amd64, tag:13.3): already up to date.
[00:00:07] [ debug ] [badwolf1] quick parameters: import+root="input:/usr/local/appjail/cache/images/badwolf/13.3-amd64-image.appjail" portable resolv_conf tzdata overwrite=force start virtualnet=ajnet:badwolf default nat copydir=/tmp/files file=/etc/rc.conf x11
[00:00:07] [ warn ] [badwolf1] Trying to remove badwolf1 ...
[00:00:07] [ warn ] [badwolf1] badwolf1 is not running.
[00:00:07] [ debug ] [badwolf1] Destroy flags:
[00:00:08] [ debug ] [badwolf1] Removing badwolf1 jail...
[00:00:08] [ debug ] [badwolf1] Using zfs-destroy(8) ...
[00:00:09] [ debug ] [badwolf1] Removing files...
[00:00:09] [ debug ] [badwolf1] badwolf1 was removed.
[00:00:09] [ info ] [badwolf1] Creating an empty jail ...
[00:00:09] [ info ] [badwolf1] Importing /usr/local/appjail/cache/images/badwolf/13.3-amd64-image.appjail as badwolf1 ...
[00:00:28] [ info ] [badwolf1] Done.
[00:00:28] [ debug ] [badwolf1] Adding files ("/etc/rc.conf") to the list of files to copy ...
[00:00:28] [ debug ] [badwolf1] (1/1): Checking /etc/rc.conf ...
[00:00:28] [ debug ] [badwolf1] (1/1): Copying etc/rc.conf ...
[00:00:28] [ debug ] [badwolf1] Copying /etc/localtime as /usr/local/appjail/jails/badwolf1/jail/etc/localtime
[00:00:28] [ debug ] [badwolf1] Copying /usr/local/etc/appjail/resolv.conf as /usr/local/appjail/jails/badwolf1/jail/etc/resolv.conf
[00:00:28] [ debug ] [badwolf1] Reserving an IPv4 address for badwolf1 in ajnet ...
[00:00:29] [ debug ] [badwolf1] VNET Interface:e[ab]_badwolf Description:
[00:00:29] [ debug ] [badwolf1] ajnet is the default router.
[00:00:29] [ debug ] [badwolf1] Creating NAT rules ...
[00:00:29] [ debug ] [badwolf1] Setting NAT rule: network:ajnet ext_if:wlan0 logopts:0 () on_if:wlan0
[00:00:30] [ error ] [badwolf1] The nat command requires appjail-nat/jail/ and appjail-nat/network/ anchors to work.
buckbucks%

I have the anchors in my pf.conf:
buckbucks% cat /etc/pf.conf /usr/src
nat-anchor "appjail-nat/jail/"
nat-anchor "appjail-nat/network/"
rdr-anchor "appjail-rdr/*"

anchor "appjail-nat/jail/"
anchor "appjail-nat/network/"
anchor "appjail-rdr/*"
buckbucks% /usr/src
buckbucks%

pf is running i dont know why i keep getting the errors.

The network performance is somehow disastrous.

Just created a server on my Hetzner server located at Germany. I self built the kernel to enable bbr and it's now on 14.0-RELEASE-p6.

cpu             ARM64
ident           HETZNER-CAX

include         "std.arm64"
include         "std.dev"

# TCP BBR
options         TCPHPTS
options         RATELIMIT
makeoptions     WITH_EXTRA_TCP_STACKS=1

# Include SoC specific configuration
include         "std.arm"
include         "std.virt"

I followed your document and set pf, virtual networks and dns up, then I create a jail with appjail quick packager virtualnet=":packager" (nat is enabled on the virtualnet), but when I download ports using gitup I notice extremely slow network speed.

Here's the result if I fetch a 10gb test file outside of jail:

root@fsn00:~ # fetch https://fsn1-speed.hetzner.com/10GB.bin
10GB.bin                                       19% of   10 GB  408 MBps    20s^C
fetch: transfer interrupted

And here's the result inside the jail:

root@packager:~ # fetch https://fsn1-speed.hetzner.com/10GB.bin
10GB.bin                                        0% of   10 GB  249 kBps 11h15m^C
fetch: transfer interrupted

It's 1500x times slower.

I'm new to FreeBSD, so I'm not sure where to start with debugging and digging useful information. If there are some specific details required, please inform me, and I will provide them as promptly as possible.

Linux jail with alias cannot communicate with other FreeBSD jails without alias in the same virtual network.

Hello.

I used a modified version of https://github.com/AppJail-makejails/alpine-linux to deploy alpine linux onto my arm64 machine. Things working great but I cannot access other jail in the same virtual network due to alias, but the application I deployed on the linux jail depend on postgresql which is running on a FreeBSD jail.

I tried to combine alias with multiple virtual network but the jail refuse to start, bridge also seems not working on Linux jail either. I tried lots of combination but no one work.

So is there a way make Linux jail using alias communicate with other jails in the same virtual network? Or we still need more develop to achieve that? Or it's even impossible?

Man pages could be handy.

Hi,

I installed appjail (not the devel package) through pkg on FBSD 13.2 and noticed it comes with a README.md but no manual page.
Do you plan to add man pages in the future release ?
It will be more convenient to read and study, while I appreciate what you've done already with the README.md, one big file is not as comfortable as few man pages are, though multiple examples you've put are well explained it's nice to have them.

I am aware of the amount of work you've already done, I just wanted to say thank you for the item in your todo list related to ipfw , you are right this one need love too.

Anyway congrats for appjail it looks like a great tool to play with, keep up the good work sir :)

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.