Create an Ubuntu Linux jail on FreeBSD 12.2

2021-01-21 freebsd Word Count: 313 words Read Time: 2 minutes

Create a jailed Ubuntu Linux with Bastille on FreeBSD 12.2

Make sure Bastille is installed and configured. click here

This is not offically supported, so don’t use it in production!

update 2021/02/11: Auto Installer

You could try the following POC for automated jail creation:

DO NOT USE THIS IN PRODUCTION!

THIS MIGHT BREAK YOUR RUNNING INSTALLATION

git clone -b linux_compat https://github.com/hackacad/bastille
cd bastille && make install
bastille bootstrap bionic
bastille create -L linuxjail bionic (ipaddress) (interface)
bastille console linuxjail

Manual installation

This how-to is based on

Setting up a (Debian) Linux jail on FreeBSD & Ubuntu bionic on FreeBSD with iocage managed jails

Create an empty jail (as of version 0.8 you’ll see some error messages you can ignore)

pkg install -y debootstrap

bastille create -E ubuntu

vim /boot/loader.conf

linprocfs_load=YES
linsysfs_load=YES
tmpfs_load=YES

sysrc linux_enable=YES

and reboot your host

Bootstrap Ubuntu Bionic

debootstrap --foreign --arch=amd64 --no-check-gpg bionic /usr/local/bastille/jails/ubuntu/root/

echo "APT::Cache-Start 251658240;" > /usr/local/bastille/jails/ubuntu/root/etc/apt/apt.conf.d/00aptitude

Create an external home directory

mkdir /usr/local/bastille/jails/ubuntu/home

Edit the fstab as followed

bastille edit ubuntu fstab

devfs           /usr/local/bastille/jails/ubuntu/root/dev      devfs           rw                      0       0
tmpfs           /usr/local/bastille/jails/ubuntu/root/dev/shm  tmpfs           rw,size=1g,mode=1777    0       0
fdescfs         /usr/local/bastille/jails/ubuntu/root/dev/fd   fdescfs         rw,linrdlnk             0       0
linprocfs       /usr/local/bastille/jails/ubuntu/root/proc     linprocfs       rw                      0       0
linsysfs        /usr/local/bastille/jails/ubuntu/root/sys      linsysfs        rw                      0       0
/tmp            /usr/local/bastille/jails/ubuntu/root/tmp      nullfs          rw                      0       0
/home            /usr/local/bastille/jails/ubuntu/home      nullfs          rw                      0       0

Edit the jail.conf bastille edit ubuntu jail.conf

ubuntu {
host.hostname = ubuntu;
mount.fstab = /usr/local/bastille/jails/ubuntu/fstab;
path = /usr/local/bastille/jails/ubuntu/root;

exec.start = '/bin/true';
exec.stop = '/bin/true';
persist;

mount.devfs;

allow.mount;
allow.mount.devfs;

interface = bastille0;
ip4.addr = 10.6.6.6;
}

Start the jail enter the shell via chroot and start playing around…

bastille start ubuntu

(Bastille console won’t work at that point so we fall back to jexec)

jexec ubuntu /bin/bash

dpkg --force-depends -i /var/cache/apt/archives/*.deb

apt update && apt upgrade

apt-get install -y sysvinit-core

Software releases: FreeBSD 12.2-RELEASE Ubuntu 18.04 Bastille 0.8.20210115

Hints:

Some tools which require raw/tcp sockets, like ip addr, netstat, ping etc. simply won’t work.