Let’s start a journey and find some tastes
1. Running FreeBSD in QEMU
1.1. From ISO image
Of course, you must have Qemu, and a FreeBSD image.
Create a disk with qemu-img
.
$ qemu-img create -f raw VM25G.raw 25G
Formatting 'VM25G.raw', fmt=raw size=26843545600
Then you can boot with qemu giving the image as a hard drive and downloaded the iso image as a CD, as we try to install FreeBSD in your desktop/laptop.
qemu-system-x86_64 \
-m 1G
-hda VM25G.raw
-cdrom FreeBSD-14.0-RELEASE-amd64-bootonly.iso
You should see a window opened. You can install FreeBSD at there!
1.2. From QCOW2 image
qemu-system-x86_64 FreeBSD-14.0-RELEASE-amd64.qcow2
If -m
option is not given, it will be 128 MB.
1.3. Running FreeBSD with no graphic
You can boot with -nographic
option if there is a console="comconsole"
line in /boot/loader.conf
.
-
Access to the filesystem and modify it using
guestfs-tools
could be a hassle.
-
Just…
Run a qcow2 image with qemu-system-*
command.
qemu-system-x86_64 FreeBSD-14.0-RELEASE-amd64.qcow2
Then edit it directly by:
echo 'console="comconsole"' >> /boot/loader.conf
Whatever, you can simply append the -nographic
option.
qemu-system-x86_64 FreeBSD-14.0-RELEASE-amd64.qcow2 -nographic
And enjoy!
qemu-img resize then growfs
2. Compile FreeBSD kernel with the Sanitizers
Kernel Address and Memory Sanitizers are useful to catch memory leaks and corruptions, so it makes possible to make a robust and stable kernel. It is also useful for those who want to find vulnerabilities in the kernels, too.
FreeBSD supports the KASAN, the Kernal Address SANitizer, the KMSAN, the Kernel Memory SANitizer, and the KCSAN, the Kernel Concurrency SANitizer. You can fetch the FreeBSD source code from the official git repository, and you can build the FreeBSD kernel with these sanitizers.
If you decided to install the source code of the FreeBSD on installation of the FreeBSD, you should have the source code in /usr/src
.
$ ls /usr/src
CONTRIBUTING.md README.md include stand
COPYRIGHT RELNOTES kerberos5 sys
LOCKS UPDATING lib targets
MAINTAINERS bin libexec tests
Makefile cddl release tools
Makefile.inc1 contrib rescue usr.bin
Makefile.libcompat crypto sbin usr.sbin
Makefile.sys.inc etc secure
ObsoleteFiles.inc gnu share
And you can see there are kernel configurations in /usr/src/sys/amd64/conf
.
$ ls /usr/src/sys/amd64/conf/
DEFAULTS GENERIC-DEBUG GENERIC-KMSAN LINT LINT-NOIP MINIMALUP
FIRECRACKER GENERIC-KASAN GENERIC-MMCCAM LINT-NOINET MINIMAL NOTES
GENERIC GENERIC-KCSAN GENERIC.hints LINT-NOINET6 MINIMAL-DEBUG
You can compile the kernel with the KASAN by invoking make
command, passing the KERNCONF=GENERIC-KASAN
.
$ sudo make buildkernel KERNCONF=GENERIC-KASAN
[Creating objdir /usr/obj/usr/src/amd64.amd64...]
make[1]: "/usr/src/Makefile.inc1" line 337: SYSTEM_COMPILER: Determined that CC=cc matches the source tree. Not bootstrapping a cross-compiler.
make[1]: "/usr/src/Makefile.inc1" line 342: SYSTEM_LINKER: Determined that LD=ld matches the source tree. Not bootstrapping a cross-linker.
--------------------------------------------------------------
>>> Kernel build for GENERIC-KASAN started on Thu Apr 17 12:48:19 UTC 2025
--------------------------------------------------------------
===> MYFUZZCONF
mkdir -p /usr/obj/usr/src/amd64.amd64/sys
--------------------------------------------------------------
>>> stage 1: configuring the kernel
--------------------------------------------------------------
...
It will take some time, in my case, it took 20 minutes with 8 core and 8GB memory. After the build is done, you can install kernel by invoking make installkernel
.
$ sudo make installkernel KERNCONF=GENERIC-KASAN
--------------------------------------------------------------
>>> Install check kernel
--------------------------------------------------------------
--------------------------------------------------------------
>>> Installing kernel GENERIC-KASAN on Thu Apr 17 22:17:42 UTC 2025
--------------------------------------------------------------
...
kldxref /boot/kernel
--------------------------------------------------------------
>>> Installing kernel MYFUZZCONF completed on Thu Apr 17 22:17:52 UTC 2025
--------------------------------------------------------------
Just reboot it. And see the FreeBSD system works correctly.
2.1. What is inside the GENERIC-KASAN?
$ cat sys/amd64/conf/GENERIC-KASAN
include GENERIC
ident GENERIC-KASAN
options KASAN
Inherits the GENERIC file, and appends options KASAN
.
2.2. You cannot apply multiple sanitizers at once
As I said, the FreeBSD supports the KASAN, KMSAN, and KCSAN. But you cannot apply these three sanitizers in one kernel.
options KASAN
options KMSAN
options KCSAN
The FreeBSD make process will fail. The C compiler will say that -fsanitize=address
and -fsanitize=memory
cannot be used at the same time.
3. Tips
These tips are useful if you’re (too) familiar with Linux. Remember, *BSD are different from Linux.
3.1. No --help options in most of commands
I used to type --help
when I have to deal with commands, especially when I forgot how to use that commands.
But in FreeBSD, (almost) all commands may look impolite and indifferent what you’re about to do.
root@freebsd:~ # geom --help
geom: illegal option -- -
usage: geom <class> <command> [options]
geom -p <provider-name>
geom -t
Instead of --help
, use man
command. You can see well-documented manual, and you might see how polite FreeBSD is.
GEOM(8) FreeBSD System Manager's Manual GEOM(8)
NAME
geom – universal control utility for GEOM classes
SYNOPSIS
geom class help
geom class list [-a] [name ...]
geom class status [-ags] [name ...]
geom class load [-v]
geom class unload [-v]
geom -p provider-name
geom -t
DESCRIPTION
The geom utility is used to control various GEOM classes. A class has to
be aware of geom communication methods, but there are also some standard
commands which can be used for existing geom unaware classes. Here is
the list of standard commands:
...
3.2. Does FreeBSD have Docker?
Me: Mom! can we have Docker
Mother of FreeBSD: We already have Docker in FreeBSD.
Docker in FreeBSD: Jail
FreeBSD Jail is more than chroot
command, but invented earlier than Docker.
See FreeBSD Jail for detail.
3.3. No fdisk
In my short experience with FreeBSD, I was struggled managing disks. In Linux, there is a useful tool called fdisk
and its friend cfdisk
, you can list installed disks and manage them, if necessary.
But in FreeBSD, you will see an unwanted message:
root@freebsd:~ # fdisk -l
fdisk: illegal option -- l
usage: fdisk [-BIaipqstu] [-b bootcode] [-1234] [disk]
fdisk -f configfile [-itv] [disk]
Yeah, there is no -l
option in fdisk
command, in FreeBSD.
And what’s more, Do you know fdisk is obsolete?
FDISK(8) FreeBSD System Manager's Manual FDISK(8)
NAME
fdisk – PC slice table maintenance utility
...
DESCRIPTION
This command is obsolete. Users are advised to use gpart(8) instead.
...
Fortunately, we can use geom
or gpart
command.
-
List disks (fdisk -l)
root@freebsd:~ # geom disk list Geom name: cd0 Providers: 1. Name: cd0 Mediasize: 0 (0B) Sectorsize: 2048 Mode: r0w0e0 descr: QEMU QEMU DVD-ROM ident: (null) rotationrate: unknown fwsectors: 0 fwheads: 0 Geom name: ada0 Providers: 1. Name: ada0 Mediasize: 6476660736 (6.0G) Sectorsize: 512 Mode: r3w3e8 descr: QEMU HARDDISK ident: QM00001 rotationrate: unknown fwsectors: 63 fwheads: 16