Universal jail.conf

Starting with FreeBSD 14.0 the jail(8) command supports .include statements. This makes it possible to have a global /etc/jail.conf that includes the site specific configuration and all jails without having to assemble it all into a single file.

It's important avoid to using /etc/jail.conf.d for the jail configurations, because if /etc/jail.conf.d/<name>.conf exists the legacy multi-file hack in the jail rc.d script activates.

The promised universal /etc/jail.conf: 

# Optionally include site specific defaults e.g. the domain to append to jail names.
.include "/usr/local/etc/jail[.]conf";

# Include all files ending in *.conf and all files named jail.conf in subdirectories ending on ".d".
.include "/etc/jail.d/*.conf";
.include "/etc/jail.d/*.d/jail.conf";
.include "/usr/local/etc/jail.d/*.conf";
.include "/usr/local/etc/jail.d/*.d/jail.conf";

With this configuration in place single-file jails can be defined in /etc/jail.d/<name>.conf or /usr/local/etc/jail.d/<name>.conf. More complicated jails that require multiple files e.g. long scripts, certificates, etc. can be defined in a directory with a .d suffix in which only the name jail.conf is reserved for the jail configuration. Furthermore reusable jail.conf(5) snippets can be kept outside the jail.d directories and symlinked into the relevant per jail directory.

crest/universal-jail-conf (last edited 2026-02-09T20:18:34+0000 by crest)