第 9.2 节 jail 配置
创建 jail 目录
放入 FreeBSD 基本系统
方案一
# cd /usr/src
# make buildworld # 编译基本系统
# make installworld DESTDIR=/usr/jail/ # 安装到 jail
# make distribution DESTDIR=/usr/jail/ # 或者用方案二
下载 base.txz 或者从 iso 提取 baes.txz,然后解压到 jail
# tar -xvf base.txz -C /usr/jail/挂载 devfs 文件系统。(不是必须)
# mount -t devfs devfs /usr/jail/dev写入 /etc/rc.conf
/etc/rc.conf# sysrc jail_enable="YES"创建 jail.conf 文件(可以写进 rc.conf 但这样便于管理)
www {
host.hostname =www.example.org; # 主机名
ip4.addr = 192.168.0.10; # IP 地址
path ="/usr/jail"; # jail 位置
devfs_ruleset = "www_ruleset"; # devfs ruleset
mount.devfs; # 挂载 devfs 文件系统到 jail
exec.start = "/bin/sh /etc/rc"; # 启动命令
exec.stop = "/bin/sh /etc/rc.shutdown"; # 关闭命令
}管理
用 jls 查看在线 jail 信息列表
JID IP Address Hostname Path
3 192.168.0.10 www /usr/jail/www中英对照
英语
中文
JID
jail ID
IP Address
IP 地址
Hostname
主机名
Path
jail 路径
启动与停止 jail
# service jail start www
# service jail stop www登录 jail
# jexec 1 tcsh干净关闭 jail
# jexec 3 /etc/rc.shutdown升级 jail
# freebsd-update -b /here/is/the/jail fetch
# freebsd-update -b /here/is/the/jail installping 与网络
开启 ping
写入 /etc/jail.conf
allow.raw_sockets=1;
allow.sysvipc=1;配置完毕请重启 jail。
示例:
# jail -rc test网络
创建 /etc/resolv.conf,并编辑
search lan
nameserver 223.5.5.5 #不要写路由器地址
nameserver 223.6.6.6 #不要写路由器地址故障排除
删除文件没有权限
# chflags -R noschg directoryCertificate verification failed for /C=US/O=Let's Encrypt/CN=E6 0020C1CD593C0000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered
经检查,时间正常。一般发生在 FreeBSD 14.1、14.2 RELEASE 中。
# pkg
The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]: y
Bootstrapping pkg from pkg+https://pkg.FreeBSD.org/FreeBSD:14:amd64/latest, please wait...
Certificate verification failed for /C=US/O=Let's Encrypt/CN=E6
0020C1CD593C0000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:/usr/src/crypto/openssl/crypto/store/store_register.c:237:scheme=file
0020C1CD593C0000:error:80000002:system library:file_open:No such file or directory:/usr/src/crypto/openssl/providers/implementations/storemgmt/file_store.c:267:calling stat(/etc/ssl/certs/4042bcee.0)
0020C1CD593C0000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:/usr/src/crypto/openssl/crypto/store/store_register.c:237:scheme=file
0020C1CD593C0000:error:80000002:system library:file_open:No such file or directory:/usr/src/crypto/openssl/providers/implementations/storemgmt/file_store.c:267:calling stat(/etc/ssl/certs/4042bcee.0)
0020C1CD593C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /C=US/O=Let's Encrypt/CN=E6
0020C1CD593C0000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:/usr/src/crypto/openssl/crypto/store/store_register.c:237:scheme=file
0020C1CD593C0000:error:80000002:system library:file_open:No such file or directory:/usr/src/crypto/openssl/providers/implementations/storemgmt/file_store.c:267:calling stat(/etc/ssl/certs/4042bcee.0)
0020C1CD593C0000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:/usr/src/crypto/openssl/crypto/store/store_register.c:237:scheme=file
0020C1CD593C0000:error:80000002:system library:file_open:No such file or directory:/usr/src/crypto/openssl/providers/implementations/storemgmt/file_store.c:267:calling stat(/etc/ssl/certs/4042bcee.0)
0020C1CD593C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /C=US/O=Let's Encrypt/CN=E6
0020C1CD593C0000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:/usr/src/crypto/openssl/crypto/store/store_register.c:237:scheme=file
0020C1CD593C0000:error:80000002:system library:file_open:No such file or directory:/usr/src/crypto/openssl/providers/implementations/storemgmt/file_store.c:267:calling stat(/etc/ssl/certs/4042bcee.0)
0020C1CD593C0000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:/usr/src/crypto/openssl/crypto/store/store_register.c:237:scheme=file
0020C1CD593C0000:error:80000002:system library:file_open:No such file or directory:/usr/src/crypto/openssl/providers/implementations/storemgmt/file_store.c:267:calling stat(/etc/ssl/certs/4042bcee.0)
0020C1CD593C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /C=US/O=Let's Encrypt/CN=E6
0020C1CD593C0000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:/usr/src/crypto/openssl/crypto/store/store_register.c:237:scheme=file
0020C1CD593C0000:error:80000002:system library:file_open:No such file or directory:/usr/src/crypto/openssl/providers/implementations/storemgmt/file_store.c:267:calling stat(/etc/ssl/certs/4042bcee.0)
0020C1CD593C0000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:/usr/src/crypto/openssl/crypto/store/store_register.c:237:scheme=file
0020C1CD593C0000:error:80000002:system library:file_open:No such file or directory:/usr/src/crypto/openssl/providers/implementations/storemgmt/file_store.c:267:calling stat(/etc/ssl/certs/4042bcee.0)
0020C1CD593C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /C=US/O=Let's Encrypt/CN=E6
0020C1CD593C0000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:/usr/src/crypto/openssl/crypto/store/store_register.c:237:scheme=file
0020C1CD593C0000:error:80000002:system library:file_open:No such file or directory:/usr/src/crypto/openssl/providers/implementations/storemgmt/file_store.c:267:calling stat(/etc/ssl/certs/4042bcee.0)
0020C1CD593C0000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:/usr/src/crypto/openssl/crypto/store/store_register.c:237:scheme=file
0020C1CD593C0000:error:80000002:system library:file_open:No such file or directory:/usr/src/crypto/openssl/providers/implementations/storemgmt/file_store.c:267:calling stat(/etc/ssl/certs/4042bcee.0)
0020C1CD593C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /C=US/O=Let's Encrypt/CN=E6
0020C1CD593C0000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:/usr/src/crypto/openssl/crypto/store/store_register.c:237:scheme=file
0020C1CD593C0000:error:80000002:system library:file_open:No such file or directory:/usr/src/crypto/openssl/providers/implementations/storemgmt/file_store.c:267:calling stat(/etc/ssl/certs/4042bcee.0)
0020C1CD593C0000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:/usr/src/crypto/openssl/crypto/store/store_register.c:237:scheme=file
0020C1CD593C0000:error:80000002:system library:file_open:No such file or directory:/usr/src/crypto/openssl/providers/implementations/storemgmt/file_store.c:267:calling stat(/etc/ssl/certs/4042bcee.0)
0020C1CD593C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
pkg: Attempted to fetch https://pkg.FreeBSD.org/FreeBSD:14:amd64/latest/Latest/pkg.pkg
pkg: Attempted to fetch https://pkg.FreeBSD.org/FreeBSD:14:amd64/latest/Latest/pkg.txz
pkg: Error: Authentication error
A pre-built version of pkg could not be found for your system.
Consider changing PACKAGESITE or installing it from ports: 'ports-mgmt/pkg'解决:
# certctl rehash重新执行 pkg 即可。
原因未知,参见
最后更新于