Bastille (Jails aka “Containers”)

Bastille is a tool to help use jails and manage them on FreeBSD. To install Bastille enter the following using the super user account.

Installing Bastille

To have Bastille start automatically at boot, as well as its container management enter the following:

Start Bastille service by:

Verify Bastille is setup for ZFS.

FreeBSD on the Raspberry Pi uses the UNIX file system. Bastille is setup to use ZFS by default. To confirm this edit the Bastille configuration file.

You want to search through the file for the following lines and confirm they indicate your pool, and that zfs is enabled. To have Bastille setup to use your zpool for storing its data you must set the bastille prefix to point to your pool/Bastille . ZFS_PREFIX = "your dataset" , this will tell it what your dataset/directory is called, and bastille_zfs_zpool="xenodata", is the name of your pool. At this time, you also want to set the time zone.

Create the Bastille folder in your zpool, and update the permissions. 0750 = User:rwx Group:r-x World:--- (i.e. World: no access)

After confirming these modifications, you want to reboot the Bastille service.

Bootstrap FreeBSD 14.1

The next step is to setup a base installation of FreeBSD for the jail/container. In this example I use FreeBSD 14.2. Not the use of the cache dataset and bastille dataset.

Verify you have successfully added FreeBSD 14.1 to the list of available versions to create jails from. You do this by listing them.

To verify that your bootstrapped version of freeBSD is downloaded and extracted correctly, you can use the verify command argument.

For more detailed documentation you can go to Bastilles documentation.

After several failed attempts at a cloned loop back interface as described in the bastille documentation. I chose to follow the shared network instructions. This allowed me to get access to the internet from my jail very easily.

Setup a Git Server Jail

Creating a jail, is done using the create argument for the bastille command. You pass the name of the jail, git-server in my case, and the release of freeBSD you intend to use., followed by the ipaddress you wish to assign from your virtual network followed by the network interface you wish to use. If you can’t remember what network interface to use, you can use the ifconfig command to list your network interfaces.

Note I used 192.168.1.1. After several failed attempts at a cloned loop back interface as described in the bastille documentation. I chose to follow the shared network instructions. This allowed me to get access to the internet from my jail very easily. I don’t know if the Rasbperry Pi 3B+ has problems with a clonded interface, but the shared network instructions worked for me and my home lab.

Once you have created your jail. You can access it buy using the command.

The first time you start your jail, it doesn’t have pkg installed. So you can