Sandboxes (Jail-like Containers)

TrueNAS Sandboxes and Jailmaker are not supported by iXsystems. This is provided solely for users with advanced command-line, containerization, and networking experience.

There is significant risk that using Jailmaker causes conflicts with the built-in Apps framework within SCALE. Do not mix the two features unless you are capable of self-supporting and resolving any issues caused by using this solution.

Beginning with 24.04 (Dragonfish), TrueNAS SCALE includes the systemd-nspawn containerization program in the base system. This allows using tools like the open-source Jailmaker to build and run containers that are very similar to Jails from TrueNAS CORE or LXC containers on Linux. Using the Jailmaker tool allows deploying these containers without modifying the base TrueNAS system. These containers persist across upgrades in 24.04 (Dragonfish) and later SCALE major versions.

1. Log in to the web interface and go to Datasets.

2. Select your root pool and click Add Dataset:

   a. Name the dataset jailmaker.

   b. Leave all other settings at their defaults.

   

   c. Click Save.

3. Open a shell session (SSH preferred) and run these commands as root:

   a. Change to the jailmaker directory: cd /mnt/tank/jailmaker/ . Replace tank with the name of your pool.

   b. Download jailmaker: curl --location --remote-name https://raw.githubusercontent.com/Jip-Hop/jailmaker/main/jlmkr.py .

   c. Make jlmkr.py executable: chmod +x jlmkr.py

4. Create an alias for jailmaker to allow the currently logged in (admin) user to run jlmkr.py without entering the full absolute path.

   a. Run this command as admin: echo "alias jlmkr=\"sudo -E '/mnt/tank/jailmaker/jlmkr.py'\"" >> ~/.zshrc . Replace tank with the name of your pool. By default TrueNAS SCALE uses the zsh shell for admin users, if you are using another shell, replace .zshrc with the file for your shell, such as .bashrc for the bash shell.

   b. To enable the alias immediately, enter source ~/.zshrc . Replace .zshrc with the appropriate file, if needed.

Before making any sandboxes, configure TrueNAS to run the Jailmaker tool when the system starts. This ensures the sandboxes start properly.

1. Log in to the web interface and go to System > Advanced.

2. Find the Init/Shutdown Scripts widget and click Add:

   a. Enter this or a similar note in Description: Jailmaker Startup

   b. Set Type to Command.

   c. Enter this string in Command: /mnt/tank/jailmaker/jlmkr.py startup . Replace tank with the name of your pool.

   d. Set When to Post Init.

   e. Set the Enabled checkbox.

   f. Leave Timeout at the default and click Save. If you intend to create many sandboxes, increase the timeout integer to a longer wait period.

   

With a TrueNAS dataset configured for sandboxes and the Jailmaker script set to run at system startup, you can now create sandboxes. Creating and managing sandboxes is done only in TrueNAS Shell sessions using the jlmkr command.

For full usage documentation, refer to the open-source Jailmaker project. From a TrueNAS Shell session, go to your sandboxes dataset and enter ./jlmkr.py -h for embedded usage notes.

Report any issues encountered when using Jailmaker to the project Issues Tracker.