Create an Ubuntu Linux jail on FreeBSD 12.2

 Posted on January 21, 2021  |  2 minutes  |  315 words  |  hackacad

Create a jailed Ubuntu Linux with Bastille on FreeBSD 12.2

Make sure Bastille is installed an configured. If not click here

This is not offically supported, so don’t use it in production!

update 2021/02/11: Auto Installer

You could try the following POC for automated jail creation:

DO NOT USE THIS IN PRODUCTION!

THIS MIGHT BREAK YOUR RUNNING INSTALLATION

git clone -b linux_compat https://github.com/hackacad/bastille
cd bastille && make install
bastille bootstrap bionic
bastille create -L linuxjail bionic (ipaddress) (interface)
bastille console linuxjail

Manual installation

This how-to is based on

Setting up a (Debian) Linux jail on FreeBSD & Ubuntu bionic on FreeBSD with iocage managed jails

Create an empty jail (as of version 0.8 you’ll see some error messages you can ignore)

pkg install -y debootstrap

bastille create -E ubuntu

vim /boot/loader.conf

linprocfs_load=YES
linsysfs_load=YES
tmpfs_load=YES

sysrc linux_enable=YES

and reboot your host

Bootstrap Ubuntu Bionic

debootstrap --foreign --arch=amd64 --no-check-gpg bionic /usr/local/bastille/jails/ubuntu/root/

echo "APT::Cache-Start 251658240;" > /usr/local/bastille/jails/ubuntu/root/etc/apt/apt.conf.d/00aptitude

Create an external home directory

mkdir /usr/local/bastille/jails/ubuntu/home

Edit the fstab as followed

bastille edit ubuntu fstab

devfs           /usr/local/bastille/jails/ubuntu/root/dev      devfs           rw                      0       0
tmpfs           /usr/local/bastille/jails/ubuntu/root/dev/shm  tmpfs           rw,size=1g,mode=1777    0       0
fdescfs         /usr/local/bastille/jails/ubuntu/root/dev/fd   fdescfs         rw,linrdlnk             0       0
linprocfs       /usr/local/bastille/jails/ubuntu/root/proc     linprocfs       rw                      0       0
linsysfs        /usr/local/bastille/jails/ubuntu/root/sys      linsysfs        rw                      0       0
/tmp            /usr/local/bastille/jails/ubuntu/root/tmp      nullfs          rw                      0       0
/home            /usr/local/bastille/jails/ubuntu/home      nullfs          rw                      0       0

Edit the jail.conf bastille edit ubuntu jail.conf

ubuntu {
host.hostname = ubuntu;
mount.fstab = /usr/local/bastille/jails/ubuntu/fstab;
path = /usr/local/bastille/jails/ubuntu/root;

exec.start = '/bin/true';
exec.stop = '/bin/true';
persist;

mount.devfs;

allow.mount;
allow.mount.devfs;

interface = bastille0;
ip4.addr = 10.6.6.6;
}

Start the jail enter the shell via chroot and start playing around…

bastille start ubuntu

(Bastille console won’t work at that point so we fall back to jexec)

jexec ubuntu /bin/bash

dpkg --force-depends -i /var/cache/apt/archives/*.deb

apt update && apt upgrade

apt-get install -y sysvinit-core

Software releases: FreeBSD 12.2-RELEASE Ubuntu 18.04 Bastille 0.8.20210115

Hints:

Some tools which require raw/tcp sockets, like ip addr, netstat, ping etc. simply won’t work.