Create a Debian Buster Jail (native Linux)

This section shows the process to set up a Debian Linux jail. The examples in this section use a jail with the custom name debjail. Remember to replace debjail with your jail’s UUID or NAME!

Warning

This is not recommended for production use. The intention is to show iocage can do almost anything with jails.

Create an empty jail:

# iocage create -e -n debjail exec_start="/bin/true" exec_stop="/bin/true"
  allow_mount_linprocfs=1 allow_mount_devfs=1 allow_raw_sockets=1
  allow_socket_af=1 allow_mount_linsysfs=1 allow_mount=1

Install devfs rules for vnet:

In /etc/devfs.rules:

[devfsrules_jail_linux=6] add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add path 'tun*' unhide
add path 'bpf*' unhide
add path zfs unhide

Install debootstrap on the host:

# pkg install debootstrap

Enable linux(4):

# sysrc linux_enable="YES" # sysrc linux_mounts_enable="NO" # service linux start

Grab the mountpoint for the empty jail, append /root/ to it, and run debootstrap(8):

# iocage get mountpoint debjail

# debootstrap bookworm /iocage/jails/debjail/root/

Apart from Debian releases, like buster or testing, you can also use Ubuntu releases, eg bionic.

Add lines to the jail fstab file:

Use iocage fstab -e [UUID | NAME] to edit the fstab file of debjail directly. Add these lines to the file:

devfs    /iocage/jails/debjail/root/dev         devfs     rw          0 0
tmpfs    /iocage/jails/debjail/root/dev/shm     tmpfs     rw,size=1g,mode=1777 0 0
fdescfs  /iocage/jails/debjail/root/dev/fd      fdescfs   rw,linrdlnk 0 0
linproc  /iocage/jails/debjail/root/proc        linprocfs rw          0 0
linsys   /iocage/jails/debjail/root/sys         linsysfs  rw          0 0

Start the jail and attach to it:

# iocage start debjail

# iocage console debjail

The result is a 64-bit Debian Linux userland.