Improvements to Jail Management via the Warden

Over the past few months, several exciting new features have been added to the Warden™ which greatly improve jail management on FreeBSD & PC-BSD systems. Historically the Warden™ has always organized its collections of jails via a primary IP address. This was functional but not the optimal point of reference when dealing with large quantities of jails on a system. Thanks to some recent cooperation between the PC-BSD & FreeNAS teams, this has been done away with and improved. Now the Warden™ will be able to create jails via Hostname / Nickname, and change and assign IP addresses on the fly. This greatly simplifies jail creation via the command-line, allowing you to create the jail and then set addresses as needed later.

# warden create myjail
# warden set ipv4 myjail
# warden set ipv6 myjail fe80::8a89:a5ff:fe52:ad19

In addition to being able to set both a primary Ipv4 and Ipv6 address, jails can also include a number of other addresses. Any number of aliases for both Ipv4 and Ipv6 can be set, along with the default router for Ipv4 & Ipv6. The Warden is also now configured to automatically use the VNET option, giving each jail its own virtual network stack. This includes giving jails their own network interface and can allow a wider variety of services to run behind a jailed interface. Because of this feature, the Warden will require that your kernel is compiled with the VIMAGE option enabled. Users of PC-BSD & TrueOS rolling-release will be able to update to this kernel via the normal freebsd-update mechanisms. With these new features brings new options which can be set via the command-line:

# warden set myjail alias-ipv4
# warden set myjail bridge-ipv4
# warden set myjail alias-bridge-ipv4

Along with new virtual networking functionality, the Warden also has a few new tricks up its sleeve. For PC-BSD & TrueOS 9.1 and higher users, we have begun building and maintaining our own full package repository using pkgng. When creating standard jails, the Warden will handle automatically boot-strapping the pkgng package and repository. Should this process be unable to complete, such as on a system with no internet connectivity, or be corrupted by a well-meaning end user, it can be re-run at any time:

# warden bspkgng myjail

Another long-requested feature was the ability for the Warden to manage setting various permissions and flags for a jail and handle user-supplied nullfs mounts. These can both be easily configured per-jail by using the “set flags” and “fstab” options respectively.

# warden set myflags myjail allow.raw_sockets=true
# warden fstab myjail

All of these new features and options are also fully exportable. This will allow you the ability to provision a jail on your PC-BSD workstation, either via the command-line or GUI. Once you have finished the initial configuration and testing of your jail, you can then easily export it to a single archive file. This export file can then be taken to another system, such as FreeNAS, and then imported.

# warden export myjail –dir=/exports
# warden import /exports/myjail.wdn

At the time of this writing many of these changes are also being implemented into the Warden’s Graphical Interface. As easy as the command-line flags may be, the GUI takes it a step further, making jail creation and management possible without having to remember or look up a single command.

Figure 1. The jails IPv4 configuration

Figure 2. Setting jail permissions

So what is next for the Warden? Even with these new features still hot off the press, there are other improvements waiting in the wings. One of these will be the ability to create and manage various jail “templates”. This will allow you to build a jail template for a particular FreeBSD release (say you have a product which needs to run on 8.3). By creating the 8.3 template, you will be able to customize it with software or configuration options specific to your needs. Then when it comes time to build jails, you will be given the option of using the latest release or your own jail template. Stay tuned to BSD Magazine for more details on this in a future issue.


Kris Moore is the founder and lead developer of PC-BSD. He lives with his wife and four children in East Tennessee, USA and enjoys building custom PC’s and gaming in his (limited) spare time. He can be reached at:

ESG Labs: TrueNAS Technical Report

iXsystems values privacy for all visitors. Learn more about how we use cookies and how you can control them by reading our Privacy Policy.