NAME

appjail-quick — Create a pre-configured jail

SYNOPSIS

DESCRIPTION

The appjail quick utility creates and configures a jail. Basically, it configure the template that the jail uses with options that you specify after its name. Each option has its own responsibility, but in a nutshell, it writes the template with other AppJail subcommands. Due to this flexibility, appjail quick provides a simple and fast approach to creating and recreating jails. The appjail-makejail(1)'s -o parameter and the appjail-makejail(5)'s OPTION instruction are essentially a wrapper for this command.

Each parameter has a data type, can conflict with other options, can be specified multiple times, and can even have dependencies, that is, it needs another parameter to work correctly or even to take effect.

DATA TYPES

String

Any character that is valid according to the option itself is valid.

Integer

Positive number, or in other words, [0-9]+.

Boolean

An option with no arguments is considered to be of type boolean.

Options

A parameter that contains subparameters.

OPTIONS

alias | alias="interface"

Interface assigned to the jail. interface is used as the default interface for other options specified in Requires; If not defined, each option must define the interface to use, but is not a requirement. It is recommended to configure an interface using this option or at least one for each option listed in Requires, as the jail(8) framework may not perform any action.

Type: String
Multiple: No
Conflicts (any):

• bridge
• jng
• vnet

Requires (any):

• ip4
• ip4_inherit
• ip4_disable
• ip6
• ip6_inherit
• ip6_disable
• virtualnet

Examples:

• alias
• alias="appjail0"

boot

Set the boot flag to the jail, so that appjail-startup(1) can start it, typically at startup.

See also appjail-jail(1).

Type: Boolean
Multiple: No

bridge="[type:]interface ... [bridge:bridge]"

Create a bridge if it does not exist and attach one or more interfaces.

See also appjail-network(1).

Type: Options
Parameters:

• type: Interface type. Can be either epair or iface. If epair is used, two if_epair(4) interfaces, sa_interface that should be used by the host, and sb_interface that should be used by the jail, are created. If iface is used, an existing interface will be added as a member of bridge.

  Note that the MTU is obtained from the first interface (regardless of type) you specify, but you should first specify the iface type first, so that the bridge and other interfaces use the same MTU, a requirement of the if_bridge(4) driver. If an epair type is specified first, then the MTU specified by the DEFAULT_MTU parameter is used. epair is the default.

• bridge: Use a different bridge than the one specified by the SHARED_BRIDGE parameter.

Conflicts (any):

• alias

Multiple: Yes
Examples:

• bridge="iface:em0 nginx"
• bridge="nginx"
• bridge="iface:em0 epair:nginx bridge:public"

clone+jail="jail@snapshot"

Create a new jail by cloning a ZFS snapshot of jail.

Type: Options
Parameters:

• jail: Jail to create a ZFS snapshot for cloning.
• snapshot: ZFS snapshot name.

Conflicts (any):

• clone+release
• copy
• empty
• import+jail
• import+root
• tiny+import
• zfs+import+jail
• zfs+import+root

Multiple: No
Examples:

• clone+jail="jdb@snap1"

clone+release="snapshot"

Create a new jail by cloning a ZFS snapshot of a release.

With this option only the linux+debootstrap and thick jail types can be used.

Type: Options
Parameters:

• snapshot: ZFS snapshot name.

Conflicts (any):

• clone+jail
• copy
• empty
• import+jail
• import+root
• tiny+import
• zfs+import+jail
• zfs+import+root

Multiple: No
Examples:

• clone+release="140release"

container="[boot] [expose] [ext_if:interface] [ext_ip:address] [args:args] [logopts[:options]] [name:name] [on_if:interface]"

Changes the behavior of the from option.

Type: Options
Parameters:

• boot: Start the process in background using appjail-start(1).
• expose: Expose the ports specified by the OCI image.
• args: buildah-from(1)'s arguments. This overwrites the arguments defined by the BUILDAH_FROM_ARGS parameter.
• name: Container name.
• ext_if, ext_ip, logopts, on_if: See the expose option.

Multiple: No
Examples:

• container="boot expose name:Rick-Deckard"

copy="jail"

Create a new jail by copying another existing jail.

Type: String
Conflicts (any):

• clone+jail
• clone+release
• empty
• import+jail
• import+root
• tiny+import
• zfs-import+jail
• zfs+import+root

Multiple: No
Examples:

• copy="mysql"

copydir="directory"

Root directory used by the file and files options. If this option is not set, the directory specified by the DEFAULT_COPYDIR parameter is used.

Type: String
Multiple: No
Examples:

• copydir="/tmp/copydir-files"

cpuset="cpu-list"

Configure processor sets.

See also appjail-cpuset(1).

Type: String
Multiple: No
Examples:

• cpuset="0-2"
• cpuset="1,2,6-9"

create_args="parameter=value"

Set default parameters for the create stage.

See also appjail-enable(1).

Type: String
Multiple: Yes
Examples:

• create_args="nginx_conf=/app/nginx.conf"

defaultrouter="router"

Create a static default route to this jail.

Type: String
Multiple: No
Examples:

• defaultrouter="192.168.0.1"

defaultrouter6="router"

The IPv6 equivalent of defaultrouter.

device="rulespec"

Add a DEVFS rule.

See also appjail-devfs(1).

Type: String
Multiple: Yes
Examples:

• device="path bpf unhide"
• device="path 'mixer*' unhide"

devfs_ruleset=ruleset

devfs ruleset number that is enforced for mounting devfs(5) in this jail.

We recommend using the device option to dynamically assign a devfs ruleset number.

Type: Number
Multiple: No
Requires (any):

• mount_devfs
• linuxfs

Examples:

• devfs_ruleset=10

dhcp="interface"

Configure interface using DHCP.

You must unhide the bpf device for this jail for dhclient(8) to work without problems.

Type: String
Multiple: Yes
Requires (any):

• bridge
• jng
• vnet

Examples:

• dhcp="sb_nginx"
• dhcp="ng0_nginx"

empty

Create an empty jail.

Type: Boolean
Multiple: No
Conflicts (any):

• clone+jail
• clone+release
• copy
• import+jail
• import+root
• tiny+import
• zfs+import+jail
• zfs+import+root

expose="hport[:jport] [descr:description] [ext_if:interface] [ext_ip:address] [logopts[:options]] [network:network] [on_if:interface] [proto:protocol]"

Perform port forwarding.

See also appjail-expose(1).

Type: Options
Parameters:

• hport: Host or external port.

  hport can be specified using a symbolic name as described in services(5).

• jport: Port currently listening to the application within the jail. If not set, hport is used.

  jport can be specified using a symbolic name as described in services(5).

• descr: Service description.
• ext_if: Interface to obtain the external IPv4 address. If not set, the interface specified by the EXT_IF parameter is used.
• ext_ip: Uses the specified IPv4 address instead of the first matching one. The specified IPv4 address must exist on the specified external interface.
• logopts: Firewall-specific logging options. Logging can be enabled without providing any arguments.
• network: Network to obtain the jail's IPv4 address. If not set, the default network defined by the default subparameter of the virtualnet option is used. If you don't specify a network using this subparameter or even none is marked as default, an error will be raised.
• on_if: Apply rules to packets coming in on, or going out through, this interface. If not set, the interface specified by the ON_IF parameter is used.
• proto: Protocol, that is, tcp or udp. The default is tcp.

Multiple: Yes
Requires (any):

• virtualnet

Examples:

• expose="80"
• expose="8080:80 \"descr:NGINX service\" logopts"

file="file"

File to copy to jail.

copydir affects this parameter: if copydir is /tmp/copydir-files and you specify file to be /etc/rc.conf, the real path is /tmp/copydir-files/etc/rc.conf.

This option copies file as is, that is, with metadata such as permissions, owner and group, and will even create the necessary directories before the file, e.g. if file is set to /etc/rc.conf, /etc is created before rc.conf is copied.

Type: String
Multiple: Yes
Examples:

• file="/etc/rc.conf"

files="file"

Reads file assuming each line is a file to be copied. See file for more details.

Type: String
Multiple: Yes
Examples:

• files="/tmp/files.lst"

from="image"

Creates a jail using an OCI image. It also creates a container linked to the jail, so that if an attempt is made to destroy the jail using appjail-jail(1) destroy the container is destroyed.

This option also implicitly sets the empty option.

By default, the container name is randomly generated unless you specify one using the name suboption of the container option.

The volumes and labels specified by the OCI image are also created as AppJail volumes and labels. Since the volume name must be unique in AppJail, a bit of magic is performed: _ character will be __, / character will be _, the first character is removed, any character other than [a-zA-Z0-9_-] will be -, and the resulting string will be concatenated with the string appjail-<short-hash> where <short-hash> will be a SHA256-HASH of 10 digits created using the mount point of the volume before processing, so for example, if the volume specified by the OCI image is /srv the resulting volume name will be appjail-48d1ecb1ac-srv.

The ports defined by this image that are to be exposed are also set, but by default they are not exposed unless the expose suboption of the container option is specified.

The jail type will always be thick regardless of the operating system, the release is the one specified by the release option or the default when none is specified, the architecture and the operating system version are also set. For the architecture a "translation" is performed: 386 will be i386, ppc64le|ppc64 will be powerpc and riscv64 will be riscv. If the operating system is freebsd, AppJail will try to get the FreeBSD version using freebsd-version(1) without the patch level, and if this fails AppJail will try to get the version using uname(1) -r without the patch level and if this fails it will use the operating system name as the operating system version. It uses uname(1) -r to get the OS version when it is not freebsd and if it fails, the OS name is used as the alternate version.

Type: String
Multiple: No
Examples:

• from="docker.io/dtxdf007/freebsd"

fstab="device mountpoint [type] [options] [dump] [pass]"

Creates an appjail-fstab(1)'s entry.

See also appjail-fstab(1) and fstab(5).

Type: Options
Parameters:

• device: Describes the special device or remote file system to be mounted.
• mountpoint: Describes the mount point for the file system.
• type: Describes the type of the file system.
• options: Describes the mount point options associated with the file system.
• dump: This field is used for these file systems by the dump(8) command to determine which file systems need to be dumped.
• pass: This field is used by the fsck(8) and quotacheck(8) programs to determine the order in which file system and quota checks are done at reboot time.

Multiple: Yes
Examples:

• fstab="/tmp /tmp"
• fstab="/usr/local/www /usr/local/www"
• fstab="/dev/da0s1 /mnt msdosfs"

healthcheck="[health_cmd:command] [interval:seconds] [kill_after:seconds] [name:name] [recover_cmd:command] [recover_kill_after:seconds] [recover_timeout:seconds] [recover_timeout_signal:signal] [recover_total:number] [retries:number] [start_period:seconds] [timeout:seconds] [timeout_signal:signal]"

Creates a healthchecker.

See also appjail-healthcheck(1) and appjail.conf(5).

Type: Options
Parameters:

• health_cmd: Command to evaluate the jail's health. Prefix command with host: to run the command from the host or with jail: to run the command from the jail.
• interval: Interval to check the jail's health.
• kill_after: Send a SIGKILL signal to the process created by health_cmd command after seconds has been reached only if it is still running.
• name: Healthchecker name.
• recover_cmd: Command to heal the jail if it is considered to be failing. Prefix command with host: to run the command from the host or with jail: to run the command from the jail.
• recover_kill_after: Send a SIGKILL signal to the process created by recover_cmd command after seconds has been reached only if it is still running.
• recover_timeout: Send the signal specified by recover_timeout_signal to the process created by recover_cmd command after seconds has been reached only if it is still running.
• recover_timeout_signal: Signal to send on timeout.
• recover_total: The maximum number of attempts reached before the jail is considered unhealthy.
• retries: Number of attempts to heal the jail when it is failing and to start the recover_cmd command.
• start_period: Delay before running the healthchecker.
• timeout: Send the signal specified by timeout_signal to the process created by health_cmd command after seconds has been reached only if it is still running.
• timeout_signal: Signal to send on timeout.

Multiple: Yes
Examples:

• healthcheck
• healthcheck='"health_cmd:jail:service nginx status" "recover_cmd:jail:service nginx restart"'

ifconfig="interface:options"

ifconfig(8) options to pass to the specified interface.

Type: Options
Parameters:

• interface: Target interface.
• options: ifconfig(8) options.

Multiple: Yes
Requires (any):

• bridge
• jng
• vnet

Examples:

• ifconfig="sb_nginx:192.168.0.114/24"

ifconfig6

The IPv6 equivalent of ifconfig.

import+jail="input:file [portable] [compress:algo]"

Create a new jail by importing a tarball file into the jail directory.

Type: Options
Parameters:

• input: Tarball file.
• portable: Ignored, but used by import+root.
• compress: Ignored, but used by zfs+import+jail and zfs+import+root.

Multiple: No
Examples:

• import+jail="input:/tmp/web3.txz"

import+root="input:file [portable] [compress:algo]"

Create a new jail by importing a tarball file into the root directory of the jail.

Type: Options
Parameters:

• input: Tarball file.
• portable: Include only portable files. These are the jail directory, the configuration file describing the jail, the initscript and volumes. This is used by appjail-image(1).
• compress: Ignored, but used by zfs+import+root and zfs+import+root.

Multiple: No
Examples:

• import+root="input:/tmp/web3.tgz"

initscript="file"

Custom InitScript.

Note that this option is meaningless in a Makejail, as the InitScript is overwritten when generating one.

See also appjail-initscript(5).

Type: String
Multiple: No
Examples:

• initscript="/tmp/initscript"

ip4="ip4-address" | ip4="interface|ip4-address"

IPv4 address assigned to the jail. The IPv4 address is assigned to the interface or to the interface specified by the alias option.

See also the alias option for more details.

See also jail(8).

Type: String
Multiple: Yes
Conflicts (any):

• ip4_inherit
• ip4_disable

Requires (any):

• alias

ip4_disable

Stop the jail from using IPv4 entirely.

Type: Boolean
Multiple: No
Conflicts (any):

• ip4
• ip4_inherit
• virtualnet

Requires (any):

• alias

ip4_inherit

Allow unrestricted access to all addresses on the system.

Type: Boolean
Multiple: No
Conflicts (any):

• ip4
• ip4_disable
• virtualnet

Requires (any):

• alias

ip6, ip6_disable, ip6_inherit

Counterpart of ip4, ip4_disable and ip4_inherit.

jng="name [iface:]interface ... [bridge:bridge]"

Use Netgraph with the jng script. This script will create Netgraph nodes such as ng_bridge(4) and ng_eiface(4). The bridge will be named interfacebridge and the nodes ng0_name, ng1_name ... ngN_name.

You need to install the jng script before using this option. Run ‘install -m 555 /usr/share/examples/jails/jng /usr/local/bin/jng’ to install it.

Type: Options
Parameters:

• name: Name of links.
• iface: An existing interface to use.
• bridge: A secondary bridge is created when the bridge name is different from bridge.

Multiple: Yes
Conflicts (any):

• alias

Examples:

• jng="myjail jext"

label="key[:value]"

Add a new label to the jail.

See also appjail-label(1).

limits="rule [descr:description]"

Add a resource limit rule to the jail.

See also appjail-limits(1).

Type: Options
Parameters:

• rule: rctl(8)'s rule.
• descr: Rule description.

Multiple: Yes
Examples:

• limits="vmemoryuse:deny=1g"

linuxfs

Mount filesystems required by many Linux distributions to work correctly. You probably want to set the devfs_ruleset option (unless you specify the devices by option with device) to another value because LinuxJail will not work with the default value specified by the DEFAULT_DEVFS_RULESET parameter. The following mount points are used: /dev, /dev/shm, /dev/fd, /proc and /sys.

Type: Boolean
Multiple: No
Conflicts (any):

• mount_devfs

login

Log in to the jail after starting it with the start option.

See also appjail-login(1).

Type: Boolean
Multiple: No
Requires (any):

• start

login_user="username"

Log in as username with the login option. If not specified, the user specified by the DEFAULT_LOGIN_USER parameter is used.

Type: Boolean
Multiple: No

macaddr="interface:addr" | macaddr="interface:random" | macaddr="interface:static[:prefix]"

Changes the MAC address of a given interface.

Type: Options
Parameters:

• interface: Target interface to change MAC address.
• addr: Mac Address.

  Two special values are accepted, that is, random to use a random MAC address, and static, which optionally accepts a MAC address prefix of 8 bytes in length.

  The special value static generates a MAC address using the jail name and if prefix is defined, it will be used as a prefix of the MAC address.

Multiple: Yes
Requires (any):

• bridge
• jng
• vnet

Examples:

• macaddr="sb_nginx:aa-bb-cc-dd-ee-ff"
• macaddr="sb_apache:aa:bb:cc:aa:10:fe"
• macaddr="sb_jtest:random"
• macaddr="em1:static"
• macaddr="em0:static:ab:cd:ef"

mount_devfs

Mount a devfs(5) filesystem on the chrooted /dev directory, and apply the ruleset specified by devfs_ruleset option to restrict the devices visible inside the jail.

If you don't specify devfs_ruleset, but do specify the device option, appjail quick will assign a ruleset number automatically.

Type: Boolean
Multiple: No
Conflicts (any):

• linuxfs

nat | nat="[ext_if:interface] [ext_ip:address] [logopts[:options]] [network:network] [on_if:interface]"

Mask the jail's IPv4 address using the ext_if's interface on the on_if's interface.

Type: Options
Parameters:

• ext_if: Interface to obtain the external IPv4 address. If not set, the interface specified by the EXT_IF parameter is used.
• ext_ip: Uses the specified IPv4 address instead of the first matching one. The specified IPv4 address must exist on the specified external interface.
• logopts: Firewall-specific logging options. Logging can be enabled without providing any arguments.
• network: Network to obtain the jail's IPv4 address. If not set, the default network defined by the default subparameter of the virtualnet option is used. If you don't specify a network using this subparameter or even none is marked as default, an error will be raised.
• on_if: Apply rules to packets coming in on, or going out through, this interface. If not set, the interface specified by the ON_IF parameter is used.

Multiple: Yes
Requires (any):

• virtualnet

network="name address [description]"

Create a new network if it does not exist.

Type: Options
Parameters:

• name: Network name.
• address: Network address.
• description Description of the network.

Multiple: Yes
Examples:

• network="dns 172.0.0.0/10 \"DNS network\""

noboot

Don't use the boot option.

Type: Boolean
Multiple: No

nomount_devfs

Don't use the mount_devfs option.

Type: Boolean
Multiple: No

nonat | nonat="[ext_if:interface] [network:network] [on_if:interface]"

Don't perform NAT on the jail with the given parameters.

Type: Options
Multiple: Yes
Parameters:

• ext_if: Interface to obtain the external IPv4 address. If not set, the interface specified by the EXT_IF parameter is used.
• network: Network to obtain the jail's IPv4 address. If not set, the default network defined by the default subparameter of the virtualnet option is used. If you don't specify a network using this subparameter or even none is marked as default, an error will be raised.
• on_if: Apply rules to packets coming in on, or going out through, this interface. If not set, the interface specified by the ON_IF parameter is used.

nologin

Don't use the login option.

Type: Boolean
Multiple: No

nooverwrite

Don't use the overwrite option.

Type: Boolean
Multiple: No

noresolv_conf

Don't use the resolv_conf option.

Type: Boolean
Multiple: No

norestart

Don't use the restart option.

Type: Boolean
Multiple: No

norun

Don't use the run option.

Type: Boolean
Multiple: No

nostart

Don't use the start option.

Type: Boolean
Multiple: No

notzdata

Don't use the tzdata option.

Type: Boolean
Multiple: No

osarch="architecture"

Specify the architecture to use in the jail. If this option is not set, the architecture specified by the FREEBSD_ARCH parameter is used.

Type: String
Multiple: No

osversion="version"

Specify the version of the operating system to use in the jail. If this option is not set, the version specified by the FREEBSD_VERSION parameter is used.

Type: String
Multiple: No

overwrite | overwrite="force|recursive|force+recursive"

Stop and destroy the jail if it exists. With force, appjail quick will forcibly unmount datasets and with recursive, appjail quick will recursively destroy all dependents, including cloned file systems outside the target hierarchy. To use both options, use force+recursive.

force, recursive and force+recursive do nothing when ZFS is not enabled.

Type: String
Multiple: No

pkg="package"

Install a package.

Type: String
Multiple: Yes

priority="priority"

Priority number. If this option is not set, the priority specified by the DEFAULT_PRIORITY parameter is used.

See also appjail-startup(1).

Type: String
Multiple: No

release="release"

Specify the release to use in the jail. If this option is not set, the release specified by the DEFAULT_RELEASE parameter is used.

See also appjail-fetch(1).

Type: String
Multiple: No

resolv_conf | resolv_conf="file"

Copy a resolv.conf(5) file to the jail. If this option is used without arguments, the resolv.conf(5) file specified by the DEFAULT_RESOLV_CONF parameter is used.

Type: String
Multiple: No

restart

Restart the jail after starting it with the start option.

Type: Boolean
Multiple: No

run

Run the cmd stage after starting the jail with the start option.

Type: Boolean
Multiple: No

run_args="parameter=value"

Set default parameters for the cmd stage.

See also appjail-enable(1).

Type: String
Multiple: Yes

run_env="name=value"

Set default environment variables for the cmd stage.

See also appjail-enable(1).

Type: String
Multiple: Yes

slaac="interface"

Configure interface using SLAAC.
Type: String
Multiple: Yes
Requires (any):

• bridge
• jng
• vnet

Examples:

• slaac="sb_mariadb"
• slaac="ng1_httpd"

start

Start the jail after its creation.

Type: Boolean
Multiple: No

start_args="parameter=value"

Set default parameters for the start stage.

See also appjail-enable(1).

Type: String
Multiple: Yes

start_env="name=value"

Set default environment variables for the start stage.

See also appjail-enable(1).

Type: String
Multiple: Yes

stop_args="parameter=value"

Set default parameters for the stop stage.

See also appjail-enable(1).

Type: String
Multiple: Yes

stop_env="name=value"

Set default environment variables for the stop stage.

See also appjail-enable(1).

Type: String
Multiple: Yes

template="template"

Template file. If not specified, the template file specified by the DEFAULT_TEMPLATE parameter is used.

Type: String
Multiple: No

tiny+import="file"

Create a new jail by importing a TinyJail.

Type: String
Multiple: No
Conflicts (any):

• clone+jail
• clone+release
• copy
• empty
• import+jail
• import+root
• zfs+import+jail
• zfs+import+root

tmpdir

Create a directory and an appjail-fstab(5)'s entry to mount /tmp within the jail. The directory is created with permissions ‘1777’.

Type: Boolean
Multiple: No
Conflicts (any):

• x11

type

Type on which the jail is based. The default is thin.

See also appjail-jail(1).

Type: String
Multiple: No
Examples:

• type="thin"
• type="thick"
• type="linux+debootstrap"

tzdata | tzdata="zoneinfo-name"

Copy a tzfile(5) file to the jail. If this option is used without arguments, /etc/localtime is used. If set, a symlink is created inside the jail as /etc/localtime. If this option is not set, the tzfile(5) specified by the DEFAULT_TIMEZONE parameter is used.

Type: String
Multiple: No
Examples:

• tzdata="America/Caracas"

virtualnet="[network]:interface [default] [address:ipv4-address] [interface_desc:description]"

Create a bridge called network and attach interface to it. Additionally, assign an IPv4 address from the network address pool.

Type: Options
Parameters:

• network: Network to use.

  If specified, network must exist previously created using the network option or using the appjail-network(1) command. If not set, appjail quick will create a network using parameters such as AUTO_NETWORK_ADDR, AUTO_NETWORK_NAME, and AUTO_NETWORK_DESC. We recommend leaving this responsibility to appjail quick to automatically create the network, but check if the AUTO_* parameters are okay for your environment and change them if necessary.

• interface: if_epair(4) interface to create.

  There are two special names for the interface name, <name>, to use the jail name, and <random> to use a random hexadecimal string. We recommend <random> instead of <name> as the latter can cause problems when the jail name and interface name are incompatible.

• default: Mark this network as default, so options like expose and nat can use it without explicitly specifying it.
• address: Static IPv4 address that must be valid for network. If not set, an address is assigned automatically.
• interface_desc: Interface description.

Multiple: Yes
Examples:

• virtualnet="web:nginx default \"interface_desc:Interface used by the nginx jail.\""
• virtualnet="db:mariadb address:10.42.0.17"
• virtualnet=":<random> default"
• virtualnet=":<name> default"

vnet="interface"

A network interface to give to a vnet-enabled jail after is it created. The interface will automatically be released when the jail is removed.

Type: String
Multiple: Yes
Conflicts (any):

• alias

volume="volume [group:gid] [mountpoint:mountpoint] [owner:uid] [perm:mode] [type:type]"

Create a new volume.

See also appjail-volume(1).

Type: Options
Parameters:

• volume: Volume name.
• group: volume's group ID.
• mountpoint: Path within the jail to mount the volume.
• owner: volume's user ID.
• perm: volume's file mode.
• type: File system type.

Multiple: Yes

x11

Create a directory and an appjail-fstab(5)'s entry to mount /tmp/.X11-unix within the jail. The directory is created with permissions ‘1777’.

Type: Boolean
Multiple: No
Conflicts (any):

• tmpdir

zfs+import+jail="input:file [compress:algo]"

Create a new jail by importing a ZFS image into the jail directory.

Type: Options
Parameters:

• input: ZFS image.
• compress: Change the compression algorithm. Automatic detection of the algorithm used by the ZFS image is performed, but if it fails or you need to change for some reason, you do so using this subparameter.

Multiple: No
Conflicts (any):

• clone+jail
• clone+release
• copy
• empty
• import+jail
• import+root
• tiny+import
• zfs+import+root

zfs+import+root="input:file [compress:algo]"

Create a new jail by importing a ZFS image into the root directory of the jail.

Type: Options
Parameters:

• input: ZFS image.
• compress: Change the compression algorithm. Automatic detection of the algorithm used by the ZFS image is performed, but if it fails or you need to change for some reason, you do so using this subparameter.

Multiple: No
Conflicts (any):

• clone+jail
• clone+release
• copy
• empty
• import+jail
• import+root
• tiny+import
• zfs+import+jail

DIRTY JAIL

If you create a jail with appjail quick, the jail is marked as dirty until you finish creating it. Creation implies that all options used implicitly or explicitly are done. Keep this in mind when using options like login, as the jail is dirty until the session ends. See appjail-jail(1) for more details, but basically this means that appjail quick considers that this jail failed in some way and can proceed to remove it without the user's permission.

EXAMPLES

The following examples show how to use appjail quick and assume that you have some things like the loopback interface used by LinuxJails or that you already have the components downloaded by appjail-fetch(1) to create jails. See appjail-tutorial(7) if you want more information on how to configure these things.

# appjail quick jtest start overwrite=force

# appjail quick jtest overwrite=force start virtualnet=":<random> default" nat

# appjail quick ubuntu \
     start \
     overwrite=force \
     osversion=jammy \
     type=linux+debootstrap \
     linuxfs \
     device='include $devfsrules_hide_all' \
     device='include $devfsrules_unhide_basic' \
     device='include $devfsrules_unhide_login' \
     device='path shm unhide' \
     device="path 'shm/*' unhide" \
     template=/usr/local/share/examples/appjail/templates/linux.conf

# appjail quick ubuntu \
     start \
     overwrite=force \
     osversion=jammy \
     type=linux+debootstrap \
     linuxfs \
     device='include $devfsrules_hide_all' \
     device='include $devfsrules_unhide_basic' \
     device='include $devfsrules_unhide_login' \
     device='path shm unhide' \
     device="path 'shm/*' unhide" \
     template=/usr/local/share/examples/appjail/templates/linux.conf \
     virtualnet=":appjail0 default" \
     nat \
     alias

EXIT STATUS

The appjail quick utility exits 0 on success, and >0 if an error occurs.

SEE ALSO

appjail(1) appjail-jail(1) appjail-makejail(1) appjail.conf(5) appjail-template(5) appjail-makejail(5)

AUTHORS

Jesús Daniel Colmenares Oviedo <DtxdF@disroot.org>

CAVEATS

Most of the options described in this document are executed after the jail performs some specific operation, e.g. start or stop it.