This may reassure you about the future of jails:
And even if I were to stop working on jailmaker, and TrueNAS hasn’t yet come around to implementing a Sandboxes management feature, you’d still be able to run your jails as long as systemd-nspawn is installed on the system.
You don’t even need the jailmaker script at all to run jails, it’s just a convenience wrapper script around systemd-nspawn and related commands. In fact, once you’ve setup your jails you might as well remove jlmkr.py completely and just use systemd-nspawn directly to start your jail. That’s why jlmkr.py prints the command it uses to start the jail:
Starting jail {jail_name} with the following command:
Which looks something like this:
systemd-run --property=KillMode=mixed --property=Type=notify --property=RestartForceExitStatus=133 --property=SuccessExitStatus=133 --property=Delegate=yes --property=TasksMax=infinity --collect --setenv=SYSTEMD_NSPAWN_LOCK=0 --unit=jlmkr-docker --working-directory=./jails/docker ‘–description=My nspawn jail docker [created with jailmaker]’ --property=ExecStartPre=/mnt/ssdev02/jailmaker/jails/docker/.ExecStartPre – systemd-nspawn --keep-unit --quiet --boot --bind-ro=/sys/module --inaccessible=/sys/module/apparmor --machine=docker --directory=rootfs --notify-ready=yes --network-macvlan=enp4s0 --resolv-conf=bind-host ‘–system-call-filter=add_key keyctl bpf’
And there’s at least one other script which use the same approach I came up with, without depending on jailmaker.