> For the complete documentation index, see [llms.txt](https://book.bsdcn.org/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://book.bsdcn.org/ask/flat/chapter-33-linux-jails/di-33.4-jie-antix-linux-jail.md). # 33.4 antiX Linux Jail antiX Linux is a lightweight Debian-based distribution that does not use systemd. Instead, it offers multiple init system choices: antiX-23.2 provides SysVinit and runit; antiX-26 defaults to runit while also offering SysVinit, dinit, s6-rc, s6-66, and other init options. SysVinit manages services based on runlevels and init scripts, while runit, dinit, and the s6 family (s6-rc, s6-66) adopt a dependency-based or service supervision service management model that does not rely on the traditional runlevel concept. None of these init systems depend on systemd, making them more compatible in Jail environments. ## Prepare the Base System First install `squashfs-tools` to extract the antiX Linux filesystem image. Install squashfs-tools using pkg: ```sh # pkg install squashfs-tools ``` antiX-23.2 offers four image editions: full, base, core, and net. This example downloads the core edition: ```sh # Download the antiX 23.2 Core ISO image # fetch https://mirrors.tuna.tsinghua.edu.cn/mxlinux-isos/ANTIX/Final/antiX-23.2/antiX-23.2_x64-core.iso # Mount the ISO file as a memory device # mdconfig -a -t vnode -f antiX-23.2_x64-core.iso # Mount the memory device to /mnt with type cd9660 # mount -t cd9660 /dev/md0 /mnt # Create the antiX Jail root directory # mkdir -p /usr/jails/antix # Extract the squashfs filesystem to the Jail root directory # unsquashfs -d /usr/jails/antix /mnt/antiX/linuxfs # Create necessary device nodes # touch /usr/jails/antix/dev/fd # touch /usr/jails/antix/dev/shm # Clean up: unmount the ISO mount point and destroy the md device # umount /mnt # mdconfig -d -u 0 ``` ## Configure Mount Files Create the **/etc/fstab.antix** file with the following content: ```ini devfs /usr/jails/antix/dev devfs rw 0 0 tmpfs /usr/jails/antix/dev/shm tmpfs rw,size=1g,mode=1777 0 0 fdescfs /usr/jails/antix/dev/fd fdescfs rw,linrdlnk 0 0 linprocfs /usr/jails/antix/proc linprocfs rw 0 0 linsysfs /usr/jails/antix/sys linsysfs rw 0 0 /tmp /usr/jails/antix/tmp nullfs rw 0 0 ``` ## Manage the Jail Configuration File Add the following to the **/etc/jail.conf** file (only the antiX section is shown): ```ini antix { # Jail name host.hostname = "antix"; # Set the Jail's hostname mount.fstab = "/etc/fstab.antix"; # fstab file used by the Jail path = "/usr/jails/antix"; # Jail root directory path devfs_ruleset = 4; # devfs mount ruleset enforce_statfs = 1; # Set mount point visibility allow.mount; # Allow mounting file systems allow.mount.devfs; # Allow mounting devfs exec.start = "/etc/init.d/rc 3"; # Command executed when starting the Jail (runlevel 3) exec.stop = "/etc/init.d/rc 0"; # Command executed when stopping the Jail (runlevel 0) persist; # Keep the Jail alive even without processes allow.raw_sockets; # Allow raw sockets interface = "lo1"; # Specify the network interface ip4.addr = 192.168.5.3; # Assign IPv4 address ip6 = "disable"; # Disable IPv6 } ``` Here, `exec.start` is set to **/etc/init.d/rc 3**. As mentioned earlier, Debian uses systemd as its init system, which cannot be used in a Jail. Therefore, the Debian Jail configuration uses **/bin/true** to safely return `true` without performing any action. antiX does not use systemd and instead offers multiple init systems. Here, **/etc/init.d/rc 3** is a SysVinit-style startup command that specifies the antiX Jail to start at runlevel 3. When using other init systems, the startup command differs: runit uses `sv` for service management; dinit uses `dinitctl`; s6-rc uses `s6-rc`; s6-66 uses the `66` frontend tool. This example uses SysVinit. Since antiX does not depend on systemd, the service startup issues caused by systemd limitations in the Debian Jail do not occur here, and services (such as sshd) can be started directly when the Jail starts. ## Allow Network Access Allow network access in the pf firewall, using the same method as described earlier: ```sh # pfctl -t jails -T add 192.168.5.3 # Add IP address 192.168.5.3 to the jails table in the pf firewall ``` ## Update the antiX Linux System Set up boot-time auto-start, then start the Jail: ```sh # sysrc jail_list+=antix # Add the antix Jail to the system boot startup list # jail -c antix # Or use service jail start antix ``` Now enter the Jail: ```sh # jexec antix /bin/bash # On the host machine (FreeBSD) root@antix:/# echo "nameserver 223.5.5.5" > /etc/resolv.conf # Inside the Jail, note the prompt change; set up DNS resolution first, using Alibaba Cloud public DNS here root@antix:/# echo 'APT::Cache-Start "90000000";' >> /etc/apt/apt.conf # APT::Cache-Start sets the apt cache size; the default of about 20 MB is too small, increase as suggested root@antix:/# apt update # You can modify files in /etc/apt/sources.list.d/ to use a mirror first; refer to the Debian mirror settings at each mirror site root@antix:/# apt upgrade # Update the system and packages root@antix:/# mandb # If mandb permission errors occur during apt upgrade, run the mandb command multiple times to complete the index update. ``` During apt upgrade, mandb permission-related messages may appear. Running the `mandb` command multiple times can complete the index update. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://book.bsdcn.org/ask/flat/chapter-33-linux-jails/di-33.4-jie-antix-linux-jail.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.