Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings
/ AppJail Public

Simple and easy-to-use tool for creating portable jails.

License

Notifications You must be signed in to change notification settings

DtxdF/AppJail

Folders and files

NameName
Last commit message
Last commit date

Latest commit

History

698 Commits

Repository files navigation

Table of Contents

AppJail

AppJail is an open-source BSD-3 licensed framework entirely written in sh(1) and C to create isolated, portable and easy to deploy environments using FreeBSD jails that behaves like an application.

Its goals are to simplify life for sysadmins and developers by providing a unified interface that automates the jail workflow by combining the base FreeBSD tools.

AppJail offers simple ways to do complex things.

Features

  • Easy to use.
  • Parallel startup (Healthcheckers, Jails & NAT).
  • UFS and ZFS support.
  • RACCT/RCTL support.
  • PkgBase support.
  • NAT support.
  • Port expose - network port forwarding into jail.
  • IPv4 and IPv6 support.
  • DHCP and SLAAC support.
  • Virtual networks - A jail can be on several virtual networks at the same time.
  • Bridge support.
  • VNET support.
  • Deploy your applications much easier using Makejail!
  • Netgraph support.
  • LinuxJails support.
  • Supports thin and thick jails.
  • TinyJails - Experimental feature to create a very stripped down jail that is very useful to distribute.
  • Startup order control - Using priorities and the boot flag makes management much easier.
  • Jail dependency support.
  • Initscripts - Make your jails interactive!
  • Backup your jails using tarballs or raw images (ZFS only) with a single command.
  • Modular structure - each command is a unique file that has its own responsibility in AppJail. This makes AppJail maintenance much easier.
  • Table interface - many commands have a table-like interface, which is very familiar to many sysadmin tools.
  • No databases - each configuration is separated in each entity (networks, jails, etc.) which makes maintenance much easier.
  • Healthcheckers - Monitor your jails and make sure they are healthy!
  • Images - Your jail in a single file!
  • DEVFS support - Dynamic device management!
  • OCI support - Containers everywhere!
  • ...

Documentation

AppJail Documentation

Comparing AppJail

How does AppJail compare to other FreeBSD jail frameworks?

Support

Need help using AppJail?

Design decisions

Characters Allowed:

  • Jail Name, Network Name, Custom Stage and Volume Name: Although jail names can use any character (except .), AppJail does not use any possible character. Valid regex is ^[a-zA-Z0-9_][a-zA-Z0-9_-]*$.
  • Interface Name: For interface names, the regex is ^[a-zA-Z0-9_][a-zA-Z0-9_.]*$.
  • JNG: For jng, the regex is ^[a-zA-Z_]+[a-zA-Z0-9_]*$ and for its links the regex is ^[0-9a-zA-Z_]+$.

AppJail tries to not modify the host:

Such as making changes to rc.conf(5), sysctl.conf(5), the firewall configuration file, etc. It is preferable that the user is aware of such changes, this simplifies a lot.

AppJail tries not to be interactive

AppJail tries not to play with jails created not by itself

AppJail tries not to automate everything:

Instead of using one command to do a lot of work, it is preferable to combine small commands. A perfect example is appjail makejail which leaves the responsibility to the main commands.

AppJail is not focused on building software:

There are very interesting projects like poudriere or synth that can also create a custom repository. Use that custom repository in a jail created by AppJail to install your ports.

TODO

  • Add support for ipfw and ipfilter.
  • Although Makejails can be retrieved anywhere by the methods described in INCLUDE, a centralized repository to easily retrieve generic Makejails is useful. This can be done on Github or Gitlab. (See https://github.com/AppJail-makejails).
  • Create Makejails for applications. It is a difficult job to do alone, but with many people it is feasible. (Done using the centralized repository, of course this is in progress anyway).
  • rc scripts to start resource limitation rules, nat for jails and to expose ports. appjail quick and appjail-config do this job, but it can be useful to spend less time starting/stopping jails.
  • Implement a supervisor. (Done using a similar way to supervise jails and their services named Healthcheckers).
  • Add option to appjail config to check if the parameters of a template are valid for jail(8). (Done with the new tool, appjail-config)
  • Implement all jail(8) parameters in appjail quick.
  • The jng script is useful, but AppJail must create the Netgraph nodes in the same way as bridges and epairs.
  • Man pages.

Contributing

If you have found a bug, have an idea or need help, use the issue tracker. Of course, PRs are welcome.

Funding

Help me improve AppJail every day!

LiberaPay


https://liberapay.com/AppJail

PayPal


https://paypal.me/DtxdF

Patreon


https://patreon.com/AppJail

BTC


bitcoin:bc1q7u7jpdx7egjhgfxu2hyrgl8awgvx6lsu35dvxc

AltStyle によって変換されたページ (->オリジナル) /