Sandboxes (Linux Jails) - Jailmaker Experimental Script

Just a placeholder for continuing the original thread on the old forum, discussing the very useful jailmaker script by Jip-Hop

Old thread here

Download the script from Jip-Hop’s github page

4 Likes

Suggest modifying topic to mention “Sandboxes” and “Jailmaker”

1 Like

You mean like so?

1 Like

Perfect.

Thanks for this placeholder but I decided to create a new thread myself. You can find it here: Linux Jails (sandboxes / containers) with Jailmaker Let’s continue the conversation over there and perhaps lock this thread? :slight_smile:

I put it under Apps and Virtualization because the Sandboxes documentation on the TrueNAS website is also under Apps:

24.04 (Dragonfish)/SCALE Tutorials/Apps/Sandboxes (Jail-like Containers)

2 Likes

I’m not a mod…

image

1 Like
1 Like

I seem to be struggling with Tailscale to get running. I tried to add these to the first block of the jailmaker config but no luck. greeted with the message:

Error response from daemon: invalid CapAdd: capability not supported by your kernel or not available in the current environment: "CAP_SYS_MODULE"

this is in the jail config.

systemd_nspawn_user_args=--network-macvlan=enp4s0
        --resolv-conf=bind-host
        --system-call-filter='add_key keyctl bpf'
        --bind='/mnt/ssd-storage/docker/data:/mnt/data'
        --bind='/mnt/ssd-storage/docker/stacks:/opt/stacks'
        --capability=CAP_NET_ADMIN

Just an FYI for interested parties. I merged ZFS changes into nightlies for electriceel (24.10) and master that should allow idmap namespaces when NFSv4 acltype is in use. It was too late to make cut for 24.10 BETA1 (which will be released soon), but testing / feedback will be appreciated (assuming you are familiar with user namespaces).

1 Like