Debian GNU/kFreeBSD jail support
This page attempts to detail my whacky adventures in to the world of GNU/kFreeBSD jails. Its current purpose is keeping all this related information in a central location. As more progress is made towards jail integration, this page will serve as a source of news and documentation.
Note: The 'implementation' described here is by no means complete, clean, final or official.
I'll start by posting some of the content from the initial emails to the list.
Steps taken
* Get the source code for the jail binary. In this case I used the fetch script from freebsd-utils (since I was using that as a testing ground).
* This next step should be considered the dirty and hackish part; I pretty much ripped out any BSD login cap related code to get a working build. A much more skilled developer with some PAM experience could probably whip up a replacement for the already small amount of code.
* Now equipped with a usable binary, you can go about your business as if you were setting up a regular FreeBSD jail manually. In my case, the base tarball from the latest GNU/kFreeBSD install disc was used to populate the jail, instead of the traditional FreeBSD source based method.
* One of the most obvious missing pieces is an equivalent to FreeBSD's jail configuration via rc.conf and the necessary init scripts for stopping/starting jails (manually or at boot). At the moment I'm using a custom /etc/init.d/jail script that reads the basic config values (dir, hostname, ip address) from /etc/jail.conf.
* Initial interaction with the environment inside the jail is done through simply executing /bin/sh instead of /etc/init.d/rc. Then apt-get install openssh-server, exit the jail shell and fire it up. Shutting down is a manual process due to the current lack of jexec.
Tasks that need attention
* Possible small modifications to the 'jail' application for PAM integration?
* Packaging of jail and jls - Preliminary unofficial jail-utils has been built.
* I can't recall the exact problem with jexec off hand but it needs some love.
* A stop/start and config script infrastructure. - As suggested, dchroot/schroot might be capable of handlings some of these functions. * Figure out what we need for the J flag to be shown for a jailed process. Stay tuned for progress updates.