NAME

appjail.conf — Configuration parameters for AppJail

SYNOPSIS

DESCRIPTION

The appjail(1) utility uses some defaults that are safe for most environments, but you can change any parameters described below to adapt it to your needs. appjail.conf is a file that contains the parameters that control the operation of appjail(1). Note that this file is an sh(1) script.

PATH PARAMETERS

PREFIX

Root prefix used by other directories.
Default: /usr/local

LOGDIR

Location of log files.
Default: /var/log/appjail

JAILDIR

Location of jail root directories.
Default: ${DATADIR}/jails

TMPDIR

Location of temporary files. It is highly recommended to use tmpfs(5) as the files written here are ephemeral and are not needed after a system reboot. Additionally, some AppJail operations (e.g. healthcheckers) may be using this directory during their execution, so if a power outage occurs and after the system reboots, those files will be there anyway (garbage).
Default: ${CACHEDIR}/tmp/.appjail

GLOBAL_GIT_CACHEDIR

Location of repositories when using the git method in a Makejail file.
Default: ${CACHEDIR}/git

HOOKSDIR

Location of hooks. This directory must have two subdirectories, pre.d for executables to be run before executing the subcommand, and post.d for executables to be run after executing the subcommand.

SYSTEM DIRECTORIES PARAMETERS

SHAREDIR

Location of shared files.
Default: ${PREFIX}/share/appjail

COMMANDS

Location of AppJail commands.
Default: ${SHAREDIR}/cmd

FILESDIR

Location of files used by AppJail.
Default: ${SHAREDIR}/files

LIBDIR

Location of libraries (scripts that contains functions) used by AppJail and their commands.
Default: ${SHAREDIR}/lib

SCRIPTSDIR

Location of scripts used by AppJail.
Default: ${SHAREDIR}/scripts

UTILDIR

Location of utilities used by AppJail.
Default: ${PREFIX}/libexec/appjail

MAKEJAILDIR

Directory used by appjail-makejail(1) command.
Default: ${SHAREDIR}/makejail

MAKEJAIL_COMMANDS

Location of Makejail commands.
Default: ${MAKEJAILDIR}/cmd

MAKEJAIL_WCOMMANDS

Location of generators for the creation of the initscript.
Default: ${MAKEJAILDIR}/write

DATADIR

Location of files generated by AppJail.
Default: ${PREFIX}/appjail

CACHEDIR

Location of data that can be reused later.
Default: ${DATADIR}/cache

NETWORKDIR

Location of network's files such as their parameters.
Default: ${DATADIR}/networks

RELEASEDIR

Location of releases created using FreeBSD components or similar (e.g.: debootstrap).
Default: ${DATADIR}/releases

COMPONENTSDIR

Location of FreeBSD components ⟨base.txz, lib32.txz, ...⟩
Default: ${CACHEDIR}/components

ZFS PARAMETERS

ENABLE_ZFS

Enable or disable ZFS support. Use 0 ⟨default⟩ to disable it and any other value to enable it.

WARNING: Don't enable or disable this parameter after using AppJail, it must be set before use. See (BUGS/Don't mix ZFS and non-ZFS file systems!) in appjail-tutorial(7) for details.

Default: 0

ZPOOL

ZFS pool name.
Default: zroot

ZROOTFS

Root prefix but for ZFS datasets. It will be concatenated using the ZFS pool name i.e. ${ZPOOL}/${ZROOTFS}, e.g.: zroot/appjail.
Default: appjail

ZOPTS

Optional ZFS parameters for datasets. You must escape characters that can be later interpreted by the shell.
Default: -o compress=lz4

DNS PARAMETERS

SHORTEN_DOMAIN_NAMES

Use shorter domain names instead of full names, that is, if we enable this parameter and we have a jail called jtest that is in the ajnet virtual network and with the suffix .appjail, instead of resolving jtest.ajnet.appjail we can also resolve jtest.
Default: 0

NETWORK_TO_SHORTEN

The SHORTEN_DOMAIN_NAMES parameter only makes sense for a single virtual network; This parameter sets which virtual network AppJail will use for the aforementioned parameter.
Default: ${AUTO_NETWORK_NAME}

HOST_DOMAIN

Domain suffix for hostnames when the template does not specify the parameter to explicitly set a hostname ⟨host.hostname⟩ Also this parameter is used when generating the list of hostnames for each virtual network, again as a domain suffix.
Default: .appjail

TIMEZONE PARAMETERS

DEFAULT_TIMEZONE

Parameter equivalent to the tzdata option in appjail-quick(1). By default this parameter is set to an empty value.

USE_TIMEZONE

Enable or disable the tzdata parameter. See appjail-quick(1).
Default: 1

DEVFS PARAMETERS

DEFAULT_DEVFS_RULESET

Default ruleset number to use when the devfs_ruleset parameter is not specified in appjail-quick(1). This only makes sense when the device parameter is not specified, since when it is used a number is automatically assigned.
Default: 5

DEFAULT_MOUNT_DEVFS

Parameter equivalent to the mount_devfs option in appjail-quick(1).
Default: 0

DEVFS_ASSIGN_ALGO

What algorithm to use to assign a ruleset number when using the device parameter in appjail-quick(1):

• fsmn ⟨Find Smallest Missing Number⟩

  This algorithm will select an smallest unused number from a list of numbers. It takes into account the length of the list. If the list has a length of 0, the unused number is 1; if the length is 1, so the list has one element, the algorithm checks if that element is 1, if so, the unused number is 2, if not, is 1. If this check is unsuccessful, the algorithm does an N/2 linear search to compare two numbers starting from 1 up to the length of the list. If nothing matches, the last element plus 1 is the unused number.

• fnfs ⟨Find Number From Start⟩

  This algorithm selects a given number from a list of numbers. If this number is already in use, the number is incremented and the search continues. Once this search is finished, the resulting number is the unused. As fsmn, it takes the length of the list. If the list has a length of 0, the resulting number is the same as the given number.

You don't need to worry about the details, but for the record: both algorithms assume that the list is sorted and that all elements are unique. The list of numbers is the output of the devfs rule showsets command plus the assigned ruleset numbers of other jails.

Use fsmn if you have no problem assigning lower numbers, if you don't edit devfs.rules(5) frequently, or if you have rulesets with a higher number in that file.

Use fnfs is you want a more deterministic way of assigning a ruleset number.

Default: fsmn

DEVFS_FNFS

Initial number used by fnfs.
Default: 1000

JAIL PARAMETERS

VOLUMESDIR

Location of the root directory inside the jail for volumes that don't have a mountpoint explicitly set.
Default: /volumes

DEFAULT_TEMPLATE

Default template that will be used by some operations such as appjail-start(1) or appjail-quick(1).
Default: ${FILESDIR}/default_template.conf

DEFAULT_BOOT

Parameter equivalent to the boot option in appjail-quick(1).
Default: 1

DEFAULT_PACKAGES

Parameter equivalent to the pkg option in appjail-quick(1). By default this parameter is set to an empty value.

DEFAULT_PRIORITY

Parameter equivalent to the priority option in appjail-quick(1).
Default: 0

DEFAULT_START

Parameter equivalent to the start option in appjail-quick(1).
Default: 0

DEFAULT_RESTART

Parameter equivalent to the restart option in appjail-quick(1). This parameter requires option start to be used.
Default: 0

DEFAULT_RUN

Parameter equivalent to the run option in appjail-quick(1). This parameter requires option start to be used.
Default: 0

DEFAULT_LOGIN

Parameter equivalent to the login option in appjail-quick(1). This parameter requires option start to be used.
Default: 0

DEFAULT_LOGIN_USER

Parameter equivalent to the login_user option in appjail-quick(1).
Default: root

DEFAULT_COPYDIR

Parameter equivalent to the copydir option in appjail-quick(1).
Default: /

DEFAULT_OVERWRITE

Parameter equivalent to the overwrite option in appjail-quick(1).
Default: 0

STARTUP PARAMETERS

USE_PARALLEL

Start and stop jails in parallel.

USE_PARALLEL_NATNET

Perform NAT per network in parallel.

NETWORK PARAMETERS

AUTO_NETWORK_ADDR

Network address. This and the below parameters are used by the auto-create subcommand in appjail-network(1) to create a virtual network when none are specified in appjail-quick(1).
Default: 10.0.0.0/10

AUTO_NETWORK_NAME

Network name.
Default: ajnet

AUTO_NETWORK_DESC

Network description.
Default: AppJail network

USE_FIREWALL

Packet filter or firewall to use. pf, ipfw and ipfilter are valid values, but currently only pf is supported.
Default: pf

EXT_IF

External interface. By default, AppJail will automatically get the external interface, but it is highly recommended to set this parameter explicitly to improve performance and stability. Performance improves because AppJail relies on you for this task, so it does not need to get the external interface for each execution. Stability is improved because the external interface may not be valid if e.g. it is unplugged or you have multiple interfaces and you want to choose one of them as the external interface.

ON_IF

Network interface or group name to transmit packets on.
Default: ${EXT_IF}

EXT_IP

Use this value as the specified IPv4 address. This is useful for the appjail-expose(1) and appjail-nat(1) commands. Note that this IPv4 address must exist in the specified external address.

SHARED_BRIDGE

Shared bridge to be created by the attach subcommand in appjail-network(1) and also used by the detach subcommand.
Default: appjail

DEFAULT_MTU

If an epair interface is provided before a non-epair interface, use this MTU. The non-epair interface should be provided before the epair interface, so that AppJail can obtain the MTU and set the bridge MTU correctly. Remember that if_bridge(4) requires that all interfaces have the same MTU; see if_bridge(4) for more details.

If you are not sure which MTU to choose, use 576. See RFC 791 for more details.

This parameter is used by the attach subcommand in appjail-network(1).

Default: 1500

DEFAULT_VIRTUALNET_MTU

Default MTU used by Virtual Networks.

Note that if you have a Virtual Network already created with no MTU defined, this value will be used every time when an if_epair(4) interface is created, so don't change this value when you have already added a member to the bridge with a different MTU, this will result in an error. See if_bridge(4) for details.

Default: 1500

DEFAULT_RESOLV_CONF

Parameter equivalent to the resolv_conf option in appjail-quick(1).
Default: /etc/resolv.conf

USE_RESOLV_CONF

Enable or disable the resolv_conf parameter. See appjail-quick(1).
Default: 1

LOG PARAMETERS

CREATED_FORMAT

date(1) format to display in a human-understandable format for the created keyword in the list or get subcommands of appjail-jail(1).
Default: %Y-%m-%d %H:%M:%S

CONSOLELOG_NAME

Command to run to generate a filename for the exec.consolelog parameter in a template. The slash character can't be used.
Default: date +%Y-%m-%d.log

SESSION_ID_NAME

Command to run to generate a filename for when the ENABLE_LOGGING_OUTPUT parameter is set to a value other than 0. The slash character can't be used.
Default: date +%Y-%m-%d.log

STARTUPLOG_NAME

Command to run to generate a filename for logs generated by the appjail-startup(1) command. The slash character can't be used.
Default: date +%Y-%m-%d.log

CONTAINERLOG_NAME

Command to execute to generate a filename for the logs generated by the background processes in the appjail-oci(1) exec command. The slash character can't be used.
Default: date +%Y-%m-%d.log

BUILDLOG_NAME

Command to run to generate a filename for logs generated by the appjail-fetch(1) command when building the FreeBSD source. The slash character can't be used.
Default: date +%Y-%m-%d_%Hh%Mm%Ss.log

ETCUPDATELOG_NAME

Command to run to generate a filename for logs generated by the appjail-etcupdate(1) command. The slash character can't be used.
Default: date +%Y-%m-%d_%Hh%Mm%Ss.log

ENABLE_LOGGING_OUTPUT

Records the AppJail session, that is, from the first time it is run until it ends.
Default: 0

SCRIPT_TIME

See -t in script(1).
Default: 30

ENABLE_DEBUG

There are four levels of debugging: debug, info, warn and error. Only the debug level can be enabled or disabled.
Default: 1

FETCH PARAMETERS

DEFAULT_FETCH_METHOD

Default appjail-fetch(1) subcommand to be executed when none is provided.
Default: www

DEFAULT_INSTALL_METHOD

Default appjail-jail(1) installation method for creating new jails.
Default: standard

DOWNLOADURL

Site where FreeBSD components will be downloaded. The protocols that can be used depend entirely on the command specified in the WWW_CMD parameter.

The value of this parameter may contain some keywords that have special meaning:

• %a ⟨Architecture⟩
• %v ⟨Version⟩

AppJail will quote the keyword's value at runtime and escape any characters that can be interpreted by the shell. If you want to escape a keyword, use %%, e.g. %%v.

Default: https://download.freebsd.org/releases/%a/%v

COMPONENTS

Default components to be downloaded when none are specified.
Default: base.txz

DEFAULT_RELEASE

Default release name when none is specified.
Default: default

WWW_CMD

Command to download FreeBSD components.

The value of this parameter may contain some keywords that have special meaning:

• %o ⟨Component pathname⟩
• %u ⟨Site where FreeBSD components will be downloaded⟩
• %c ⟨Component filename⟩

AppJail will quote the keyword's value at runtime and escape any characters that can be interpreted by the shell. If you want to escape a keyword, use %%, e.g. %%c.

Default: fetch -Rpm -o %o %u/%c

MAKEJAIL_FETCH_CMD

Command to get a Makejail when using the fetch method in appjail-makejail(1).

The value of this parameter may contain some keywords that have special meaning:

• %o ⟨Makejail pathname⟩
• %u ⟨Site where the Makejail file will be downloaded⟩

AppJail will quote the keyword's value at runtime and escape any characters that can be interpreted by the shell. If you want to escape a keyword, use %%, e.g. %%u.

Default: fetch -Rpm -o %o %u

MAKEJAIL_ADD_FETCH_CMD

Command to get the tarball file used by the ADD instruction in a Makejail file.

The value of this parameter may contain some keywords that have special meaning:

• %u ⟨Site where the tarball will be downloaded⟩

AppJail will quote the keyword's value at runtime and escape any characters that can be interpreted by the shell. If you want to escape a keyword, use %%, e.g. %%u.

Default: fetch -Rpm -o - %u

SOURCE BUILD PARAMETERS

SRCDIR

Location of FreeBSD source tree.
Default: /usr/src

TARGET_ARCH

Default value for the TARGET and TARGET_ARCH variables. See appjail-fetch(1) and build(7) for details.
Default: ${FREEBSD_ARCH}

MAKEARGS

Default arguments used by make(1) when building the source tree. By default this parameter is set to an empty value.

KERNEL

Default kernel to compile.
Default: GENERIC

JOBS

Number of jobs. By default, the number of CPUs of the system.

IMAGE PARAMETERS

IMAGESDIR

Location of images.
Default: ${CACHEDIR}/images

IMAGE_COMPRESS

Default algorithm to compress the images.
Default: xz

IMAGE_ARCH

Default target to build the images. If not defined, the output of the -p parameter of the uname(1) command is used. By default this parameter is set to an empty value.

IMAGE_TAG

Default image tag.
Default: latest

IMAGE_FETCH_CMD

Command to get a ajspec file when using the fetch method in the import subcommand of the appjail-image(1) command.

The value of this parameter may contain some keywords that have special meaning:

• %o ⟨Image pathname⟩
• %u ⟨Site where the image will be downloaded⟩

AppJail will quote the keyword's value at runtime and escape any characters that can be interpreted by the shell. If you want to escape a keyword, use %%, e.g. %%u.

Default: fetch -Rpm -o %o %u

IMAGE_ENTRYPOINT

If no entrypoint is specified in a Makejail file, use this parameter as the default value. This value will be concatenated like a pathname, e.g. <entrypoint>/<image name>.
Default: gh+AppJail-makejails

IMAGE_DOWNLOAD_METHOD

The appjail-image(1) command will get a list of sources to try to download the image to one of them, if this parameter is set to seq the attempts are made as it is in the list defined in the ajspec file, but if this parameter is set to random, the list is sorted randomly before trying to download the image.
Default: random

DEBOOTSTRAP PARAMETERS

DEBOOTSTRAP_CMD

debootstrap(8) command to bootstrap a basic debian system.

The value of this parameter may contain some keywords that have special meaning:

• %a ⟨Target architecture⟩
• %s ⟨Suite name⟩
• %o ⟨Output directory⟩

AppJail will quote the keyword's value at runtime and escape any characters that can be interpreted by the shell. If you want to escape a keyword, use %%, e.g. %%s.

Default: debootstrap --foreign --arch=%a --no-check-gpg %s %o

DEBOOTSTRAP_ARCH

Default target architecture used by the debootstrap(8) command.
Default: ${FREEBSD_ARCH}

DEBOOTSTRAP_MIRROR

See debootstrap(8). By default this parameter is set to an empty value.

DEBOOTSTRAP_SCRIPT

See debootstrap(8). By default this parameter is set to an empty value.

APT_CACHE_START

See Cache-Start in apt.conf(5).
Default: 251658240

COLORS PARAMETERS

ENABLE_COLORS

Enable or disable colors. It is highly recommended to use colors to more easily identify errors, warnings, and so on. Use the -R parameter in less(1) if you want to see a log created by AppJail when this parameter is enabled.
Default: 1

ENABLE_RANDOM_COLORS

Some commands set a prefix before displaying a message which is commonly the target name, i.e. jail name, image name, etc. That prefix can be displayed colored with a randomly chosen color by enabling this parameter.
Default: 1

HEALTHCHECKERS PARAMETERS

DEFAULT_HEALTH_TYPE

Default health type when the user doesn't specify one.
Default: host

DEFAULT_RECOVER_TYPE

Default recover type when the user doesn't specify one.
Default: host

DEFAULT_HEALTH_CMD

Default health command when the user doesn't specify one.

The value of this parameter may contain some keywords that have special meaning:

• %j ⟨Jail name⟩

AppJail will quote the keyword's value at runtime and escape any characters that can be interpreted by the shell. If you want to escape a keyword, use %%, e.g. %%j.

Default: appjail status -q %j

DEFAULT_RECOVER_CMD

Default recover command when the user doesn't specify one

The value of this parameter may contain some keywords that have special meaning:

• %j ⟨Jail name⟩

AppJail will quote the keyword's value at runtime and escape any characters that can be interpreted by the shell. If you want to escape a keyword, use %%, e.g. %%j.

Default: appjail restart %j

DEFAULT_HEALTH_INTERVAL

Default interval number to execute the health command
Default: 30

DEFAULT_HEALTH_RETRIES

Default number of attempts before executing the recover command.
Default: 3

DEFAULT_HEALTH_START_PERIOD

Delay before running the healthchecker. If this parameter is set to 0, no delay is performed.
Default: 0

DEFAULT_RECOVER_TOTAL

Default number of attempts before considering the jail as unhealthy.
Default: 3

DEFAULT_HEALTH_TIMEOUT

Duration of the health command before sending the signal specified in the DEFAULT_TIMEOUT_SIGNAL.
Default: 120

DEFAULT_TIMEOUT_SIGNAL

Signal to send once the timeout specified in DEFAULT_HEALTH_TIMEOUT has been reached.
Default: sigterm

DEFAULT_TIMEOUT_KILL_AFTER

Send a SIGKILL signal after sending the signal specified in the DEFAULT_TIMEOUT_SIGNAL parameter.
Default: 180

DEFAULT_RECOVER_TIMEOUT

Duration of the recover command before sending the signal specified in the DEFAULT_RECOVER_TIMEOUT_SIGNAL.
Default: 120

DEFAULT_RECOVER_TIMEOUT_SIGNAL

Signal to send once the timeout specified in DEFAULT_RECOVER_TIMEOUT has been reached.
Default: sigterm

DEFAULT_RECOVER_TIMEOUT_KILL_AFTER

Send a SIGKILL signal after sending the signal specified in the DEFAULT_RECOVER_TIMEOUT_SIGNAL parameter.
Default: 180

COMPRESSION/DECOMPRESSION PARAMETERS

The following parameters are self-explanatory.

Parameters prefixed with TAR apply to operations related with tar(1) such as TAR_ARGS, TAR_COMPRESS_ARGS, TAR_DECOMPRESS_ARGS and TAR_<ALGO>_ARGS.

Parameters such as <ALGO>_ARGS, <ALGO>_COMPRESS_ARGS, <ALGO>_COMPRESS_CMD, <ALGO>_DECOMPRESS_ARGS and <ALGO>_DECOMPRESS_CMD apply to compression and decompression-related operations that use <ALGO>_COMPRESS_CMD for compress and <ALGO>_DECOMPRESS_CMD for decompress, i.e. export and import ZFS images.

TAR_ARGS

By default this parameter is set to an empty value.

TAR_COMPRESS_ARGS

Default: ${TAR_ARGS}

TAR_DECOMPRESS_ARGS

Default: ${TAR_ARGS}

TAR_BZIP_ARGS

Default: ${TAR_COMPRESS_ARGS} --bzip

TAR_GZIP_ARGS

Default: ${TAR_COMPRESS_ARGS} --gzip

TAR_LRZIP_ARGS

You need to install archivers/lrzip to use this algorithm.

Default: ${TAR_COMPRESS_ARGS} --lrzip

TAR_LZ4_ARGS

Default: ${TAR_COMPRESS_ARGS} --lz4

TAR_LZMA_ARGS

Default: ${TAR_COMPRESS_ARGS} --lzma

TAR_LZOP_ARGS

You need to install archivers/lzop to use this algorithm.

Default: ${TAR_COMPRESS_ARGS} --lzop

TAR_XZ_ARGS

Default: ${TAR_COMPRESS_ARGS} --xz

TAR_ZSTD_ARGS

Default: ${TAR_COMPRESS_ARGS} --zstd

BZIP_ARGS

By default this parameter is set to an empty value.

BZIP_COMPRESS_ARGS

Default: ${BZIP_ARGS}

BZIP_COMPRESS_CMD

Default: bzip2 ${BZIP_COMPRESS_ARGS}

BZIP_DECOMPRESS_ARGS

Default: ${BZIP_ARGS}

BZIP_DECOMPRESS_CMD

Default: bzip2 ${BZIP_DECOMPRESS_ARGS} -d

GZIP_ARGS

By default this parameter is set to an empty value.

GZIP_COMPRESS_ARGS

Default: ${GZIP_ARGS}

GZIP_COMPRESS_CMD

Default: gzip ${GZIP_COMPRESS_ARGS}

GZIP_DECOMPRESS_ARGS

Default: ${GZIP_ARGS}

GZIP_DECOMPRESS_CMD

Default: gzip -d ${GZIP_DECOMPRESS_ARGS}

LRZIP_ARGS

By default this parameter is set to an empty value.

You need to install archivers/lrzip to use this algorithm.

LRZIP_COMPRESS_ARGS

Default: ${LRZIP_ARGS}

LRZIP_COMPRESS_CMD

Default: lrzip ${LRZIP_COMPRESS_ARGS}

LRZIP_DECOMPRESS_ARGS

Default: ${LRZIP_ARGS}

LRZIP_DECOMPRESS_CMD

Default: lrzip -d ${LRZIP_DECOMPRESS_ARGS}

LZ4_ARGS

By default this parameter is set to an empty value.

LZ4_COMPRESS_ARGS

Default: ${LZ4_ARGS}

LZ4_COMPRESS_CMD

Default: lz4 ${LZ4_COMPRESS_ARGS}

LZ4_DECOMPRESS_ARGS

Default: ${LZ4_ARGS}

LZ4_DECOMPRESS_CMD

Default: lz4 -d ${LZ4_DECOMPRESS_ARGS}

LZMA_ARGS

By default this parameter is set to an empty value.

LZMA_COMPRESS_ARGS

Default: ${LZMA_ARGS}

LZMA_COMPRESS_CMD

Default: lzma ${LZMA_COMPRESS_ARGS}

LZMA_DECOMPRESS_ARGS

Default: ${LZMA_ARGS}

LZMA_DECOMPRESS_CMD

Default: lzma -d ${LZMA_DECOMPRESS_ARGS}

LZOP_ARGS

By default this parameter is set to an empty value.

You need to install archivers/lzop to use this algorithm.

LZOP_COMPRESS_ARGS

Default: ${LZOP_ARGS}

LZOP_COMPRESS_CMD

Default: lzop ${LZOP_COMPRESS_ARGS}

LZOP_DECOMPRESS_ARGS

Default: ${LZOP_ARGS}

LZOP_DECOMPRESS_CMD

Default: lzop -d ${LZOP_DECOMPRESS_ARGS}

XZ_ARGS

By default this parameter is set to an empty value.

XZ_COMPRESS_ARGS

Default: ${XZ_ARGS}

XZ_COMPRESS_CMD

Default: xz ${XZ_COMPRESS_ARGS}

XZ_DECOMPRESS_ARGS

Default: ${XZ_ARGS}

XZ_DECOMPRESS_CMD

Default: xz -d ${XZ_DECOMPRESS_ARGS}

ZSTD_ARGS

By default this parameter is set to an empty value.

ZSTD_COMPRESS_ARGS

Default: ${ZSTD_ARGS}

ZSTD_COMPRESS_CMD

Default: zstd ${ZSTD_COMPRESS_ARGS}

ZSTD_DECOMPRESS_ARGS

Default: ${ZSTD_ARGS}

ZSTD_DECOMPRESS_CMD

Default: zstd -d ${ZSTD_DECOMPRESS_ARGS}

COLUMNS PARAMETERS

DEFAULT_COLUMNS_VOLUME

Default columns for appjail-volume(1) get.
Default: name mountpoint type uid gid perm

DEFAULT_COLUMNS_LIMITS

Default columns for appjail-limits(1) get.
Default: nro enabled name rule loaded

DEFAULT_COLUMNS_STATS

Default columns for appjail-limits(1) stats.

DEFAULT_COLUMNS_LABEL

Default columns for appjail-label(1) get.
Default: name value

DEFAULT_COLUMNS_JAIL

Default columns for appjail-jail(1) get.
Default: status name type version ports network_ip4

DEFAULT_COLUMNS_NETWORK

Default columns for appjail-network(1) get.
Default: name network cidr broadcast gateway minaddr maxaddr addresses description mtu

DEFAULT_COLUMNS_IMAGE

Default columns for appjail-image(1) get.
Default: name

DEFAULT_COLUMNS_NAT_JAIL

Default columns for appjail-nat(1) jail get.
Default: name network rule

DEFAULT_COLUMNS_NAT_NETWORK

Default columns for appjail-nat(1) network get.
Default: boot name rule

DEFAULT_COLUMNS_HEALTHCHECK

Default columns for appjail-healthcheck(1) get.
Default: nro enabled name status health_type health_cmd recover_type recover_cmd

DEFAULT_COLUMNS_FSTAB

Default columns for appjail-fstab(1) get.
Default: nro enabled name device mountpoint type options dump pass

DEFAULT_COLUMNS_DEVFS

Default columns for appjail-devfs(1) get.
Default: nro enabled name rule

DEFAULT_COLUMNS_EXPOSE

Default columns for appjail-expose(1) get.
Default: nro enabled name ports protocol network_name ext_if on_if

MISCELLANEOUS PARAMETERS

AUTO_GIT_UPDATE

If there is a request to clone a repository in a Makejail file and it already exists locally, update it.
Default: 1

BUILDAH_FROM_ARGS

buildah-from(1) arguments. By default this parameter is set to an empty value.

FREEBSD_UPDATE_CONF

Default freebsd-update.conf(5) configuration file when updating or upgrading a FreeBSD jail or release.
Default: /etc/freebsd-update.conf

FREEBSD_ARCH

Default architecture used by some operations, such as fetching FreeBSD components, creating jails, etc. If not defined, the output of the -m parameter of the uname(1) command is used. By default this parameter is set to an empty value.

FREEBSD_VERSION

Default FreeBSD version without the patch level used by some operations, such as fetching FreeBSD components, creating jails, etc. If not defined, AppJail will get a valid version string.

RUNAS

Utility that runs when a non-root user runs appjail(1). See appjail-user(8).
Default: doas

FILES

/usr/local/etc/appjail/appjail.conf /usr/local/etc/appjail/appjail.conf.sample

SEE ALSO

appjail(1) appjail-devfs(1) appjail-fetch(1) appjail-image(1) appjail-makejail(1) appjail-nat(1) appjail-network(1) appjail-quick(1) appjail-volume(1) appjail-zfs(1) tar(1) if_bridge(4) if_epair(4) freebsd-update.conf(5) appjail-tutorial(7) appjail-dns(8)

AUTHORS

Jesús Daniel Colmenares Oviedo <DtxdF@disroot.org>