# 17.4.传统 jail(厚 jail) 这些 jail 类似于一个真正的 FreeBSD 系统。它们在很大程度上可以像普通宿主系统一样进行管理,并且可以独立更新。 ## 17.4.1. 创建经典 jail 原则上,jail 只需要一个主机名、一个根目录、一个 IP 地址,以及一套用户空间。 jail 的用户空间可以从 FreeBSD 官方下载服务器获取。 执行以下命令下载用户空间: ```sh # fetch https://download.freebsd.org/ftp/releases/amd64/amd64/15.0-RELEASE/base.txz -o /usr/local/jails/media/15.0-RELEASE-base.txz ``` 下载完成后,需要将其内容解压到 jail 的目录中。 执行以下命令将用户空间解压到 jail 目录: ```sh # mkdir -p /usr/local/jails/containers/classic # tar -xf /usr/local/jails/media/15.0-RELEASE-base.txz -C /usr/local/jails/containers/classic --unlink ``` 将用户空间解压到 jail 目录后,需要复制时区和 DNS 服务器的配置文件: ```sh # cp /etc/resolv.conf /usr/local/jails/containers/classic/etc/resolv.conf # cp /etc/localtime /usr/local/jails/containers/classic/etc/localtime ``` 文件复制完成后,下一步是通过以下命令更新到最新的补丁级别: ```sh # freebsd-update -b /usr/local/jails/containers/classic/ fetch install ``` 最后一步是配置 jail。需要在 **/etc/jail.conf** 文件中,或者在 **jail.conf.d** 目录中,添加包含该 jail 参数的配置条目。 示例如下: ```ini classic { # 启动与日志 exec.start = "/bin/sh /etc/rc"; exec.stop = "/bin/sh /etc/rc.shutdown"; exec.consolelog = "/var/log/jail_console_${name}.log"; # 权限设置 allow.raw_sockets; exec.clean; mount.devfs; # 主机名与路径 host.hostname = "${name}"; path = "/usr/local/jails/containers/${name}"; # 网络配置 ip4.addr = 192.168.1.151; interface = em0; } ``` 执行以下命令启动该 jail: ```sh # service jail start classic ``` 关于如何管理 jail 的更多信息,参见 [Jail 管理](https://docs.freebsd.org/en/books/handbook/jails/#jail-management) 一节。 --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://book.bsdcn.org/hanbook/di-17-zhang-jail-yu-rong-qi/17.4.-chuan-tong-jail-hou-jail.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.