From owner-freebsd-jail@FreeBSD.ORG Sun Apr 7 09:15:23 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 694E228A; Sun, 7 Apr 2013 09:15:23 +0000 (UTC) (envelope-from cs@innolan.dk) Received: from serv.innomanslan.tf (0126800067.1.fullrate.dk [95.166.204.165]) by mx1.freebsd.org (Postfix) with ESMTP id DE3DA1F3F; Sun, 7 Apr 2013 09:15:22 +0000 (UTC) Received: from [192.168.44.228] (192.168.44.228) by serv.innomanslan.tf (Axigen) with ESMTP id 2F4E25; Sun, 7 Apr 2013 11:15:14 +0200 Message-ID: <51613922.6090408@innolan.dk> Date: Sun, 07 Apr 2013 11:15:14 +0200 From: Carsten Sonne Larsen User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:17.0) Gecko/20130324 Thunderbird/17.0.4 MIME-Version: 1.0 To: freebsd-jail@freebsd.org Subject: Re: Problems with network on host with jail. References: <65534.1365280473.6122751498602086400@ffe16.ukr.net> In-Reply-To: <65534.1365280473.6122751498602086400@ffe16.ukr.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Apr 2013 09:15:23 -0000 Hi Vitaliy, One way could be to install arping from /ports/net/arping and see if you can reach the NIC on the border router from the LAN zone. Cheers, -- On 04/06/2013 22:34, wishmaster wrote: > Hi. > Since I setuped Jail for www stuff in server there are network problems. Router has 3 NIC's in bridge with aliases. > > cloned_interfaces="bridge0" > ifconfig_bridge0="addm rl1 addm rl2 addm rl3 up" > ifconfig_rl1="up -wol" > ifconfig_rl2="up -wol" > ifconfig_rl3="up -wol" > ifconfig_bridge0_alias0="inet 10.11.1.1 netmask 255.255.255.0" > ifconfig_bridge0_alias1="inet 10.12.1.1 netmask 255.255.255.0" > ifconfig_bridge0_alias2="inet 10.13.1.1 netmask 255.255.255.0" > ifconfig_bridge0_alias3="inet 10.14.1.1 netmask 255.255.255.192" > ifconfig_bridge0_alias4="inet 10.15.1.1 netmask 255.255.255.0" > > Also I use PF for filtering traffic. There are a lot of rules. In two words: it is unable to reach any host in LAN and also any IP addresses on router, allowed access to Internet only. In other words Jail in original DMZ zone with IP 10.15.1.1. > > In random time (about one incident per-(2|3)days) the strange situations is occur: I am unable to ping/ftp/http from jail or from LAN any host in Internet. From/to router - it's ok. Restarting PF and jail seems to have no effect, only router's reboot. > > From pftop I see traffic, coming from jail or LAN but in the other way - no. > > Anybody can give me some help in debugging this situation and figure out the problem? > > OS: FreeBSD 9.1-STABLE #0: Fri Feb 22 20:51:16 EET 2013 i386 > > Cheers, > Vitaliy > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" From owner-freebsd-jail@FreeBSD.ORG Mon Apr 8 11:06:47 2013 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id A26681EC for ; Mon, 8 Apr 2013 11:06:47 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 9380035A for ; Mon, 8 Apr 2013 11:06:47 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.6/8.14.6) with ESMTP id r38B6lmV057278 for ; Mon, 8 Apr 2013 11:06:47 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.6/8.14.6/Submit) id r38B6lHg057276 for freebsd-jail@FreeBSD.org; Mon, 8 Apr 2013 11:06:47 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 8 Apr 2013 11:06:47 GMT Message-Id: <201304081106.r38B6lHg057276@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Apr 2013 11:06:47 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/176112 jail [jail] [panic] kernel panic when starting jails o kern/176092 jail [jail] [panic] Starting a jail on my releng/9.1 kernel o kern/174902 jail [jail] jail should provide validator for jail names o kern/174436 jail [jail] Jails with numbers as names don't work o bin/173469 jail [jail] regression: security.jail.sysvipc_allowed=1 no o kern/169751 jail [jail] reading routing information does not work in ja o bin/167911 jail new jail(8) problem with removal, ifconfg -alias and k o kern/159918 jail [jail] inter-jail communication failure o kern/156111 jail [jail] procstat -b not supported in jail o misc/155765 jail [patch] `buildworld' does not honors WITHOUT_JAIL o conf/154246 jail [jail] [patch] Bad symlink created if devfs mount poin o conf/149050 jail [jail] rcorder ``nojail'' too coarse for Jail+VNET s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail o kern/133265 jail [jail] is there a solution how to run nfs client in ja o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid 17 problems total. From owner-freebsd-jail@FreeBSD.ORG Tue Apr 9 00:51:52 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 93D18E1C for ; Tue, 9 Apr 2013 00:51:52 +0000 (UTC) (envelope-from nbari@inbox.im) Received: from eu.route.mx (eu.route.mx [46.137.95.40]) by mx1.freebsd.org (Postfix) with ESMTP id 397366DE for ; Tue, 9 Apr 2013 00:51:51 +0000 (UTC) Received: (route-mx 13678 invoked from network); 9 Apr 2013 00:45:09 -0000 Received: from unknown (HELO [192.168.1.100]) (nbari@inbox.im@[89.181.202.22]) (envelope-sender ) by eu.route.mx (route-mx) with AES128-SHA encrypted SMTP for ; 9 Apr 2013 00:45:08 -0000 From: Nicolas de Bari Embriz Garcia Rojas Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: Can't find free bpf: No such file or directory Message-Id: <4EB896B5-37B3-4F15-BA3B-811CDDB6541B@inbox.im> Date: Tue, 9 Apr 2013 01:45:07 +0100 To: "freebsd-jail@freebsd.org" Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\)) X-Mailer: Apple Mail (2.1503) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Apr 2013 00:51:52 -0000 Hi, I am using vnet on a jail, but when trying to acquire an IP via DHCP = i get the following message: Can't find free bpf: No such file or directory any ideas of how to make the jail obtain an IP via DHCP when using vent = ? regards.= From owner-freebsd-jail@FreeBSD.ORG Thu Apr 11 12:15:08 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id E25AA784 for ; Thu, 11 Apr 2013 12:15:08 +0000 (UTC) (envelope-from richard@bader-muenchen.de) Received: from gate1.bader-muenchen.de (host-213-179-151-243.customer.m-online.net [213.179.151.243]) by mx1.freebsd.org (Postfix) with ESMTP id 635517EB for ; Thu, 11 Apr 2013 12:15:07 +0000 (UTC) Received: from [127.0.0.1] (vntest1.bader.loc [192.168.16.171]) by gate1.bader-muenchen.de (8.14.5/8.14.5) with ESMTP id r3BBKVJQ020563 for ; Thu, 11 Apr 2013 13:20:32 +0200 (CEST) (envelope-from richard@bader-muenchen.de) Message-ID: <51669C68.8090406@bader-muenchen.de> Date: Thu, 11 Apr 2013 13:20:08 +0200 From: richard bader User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20130328 Thunderbird/17.0.5 MIME-Version: 1.0 To: freebsd-jail@freebsd.org Subject: Re: Can't find free bpf: No such file or directory References: <4EB896B5-37B3-4F15-BA3B-811CDDB6541B@inbox.im> In-Reply-To: <4EB896B5-37B3-4F15-BA3B-811CDDB6541B@inbox.im> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Apr 2013 12:15:08 -0000 have you tried something like this: rc.conf: jail_gate1_devfs_ruleset="devfsrules_jail_gate1" devfe.rules: [devfsrules_jail_gate1=7] add include $devfsrules_hide_all add include $devfsrules_unhide_basic add include $devfsrules_unhide_login add path 'bpf*' unhide From owner-freebsd-jail@FreeBSD.ORG Thu Apr 11 13:45:21 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 71AD9993 for ; Thu, 11 Apr 2013 13:45:21 +0000 (UTC) (envelope-from nbari@inbox.im) Received: from ca2.route.mx (ca2.route.mx [72.55.175.69]) by mx1.freebsd.org (Postfix) with ESMTP id 27553C39 for ; Thu, 11 Apr 2013 13:45:20 +0000 (UTC) Received: (route-mx 47505 invoked from network); 11 Apr 2013 13:38:36 -0000 Received: from unknown (HELO nbari-z200.diz.la) (nbari@inbox.im@route.mx) (envelope-sender ) by ca2.route.mx (route-mx) with CAMELLIA256-SHA encrypted SMTP for ; 11 Apr 2013 13:38:36 -0000 Message-ID: <5166BCD9.5050704@inbox.im> Date: Thu, 11 Apr 2013 14:38:33 +0100 From: Nicolas de Bari Embriz Garcia Rojas User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:17.0) Gecko/20130405 Thunderbird/17.0.5 MIME-Version: 1.0 To: richard bader Subject: Re: Can't find free bpf: No such file or directory References: <4EB896B5-37B3-4F15-BA3B-811CDDB6541B@inbox.im> <51669C68.8090406@bader-muenchen.de> In-Reply-To: <51669C68.8090406@bader-muenchen.de> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Apr 2013 13:45:21 -0000 Hi, many thanks it is working now, what I did, was to add: add path 'bpf*' unhide to the /etc/defaults/devfs.rules, later did a /etc/rc.d/devfs restart and got it work. This is how now looks the devfsrules_jail section on devfs.rules # Devices usually found in a jail. [devfsrules_jail=4] add include $devfsrules_hide_all add include $devfsrules_unhide_basic add include $devfsrules_unhide_login add path zfs unhide add path 'bpf*' unhide On 04/11/2013 12:20, richard bader wrote: > have you tried something like this: > > > rc.conf: > > jail_gate1_devfs_ruleset="devfsrules_jail_gate1" > > devfe.rules: > > [devfsrules_jail_gate1=7] > add include $devfsrules_hide_all > add include $devfsrules_unhide_basic > add include $devfsrules_unhide_login > add path 'bpf*' unhide > > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" From owner-freebsd-jail@FreeBSD.ORG Thu Apr 11 18:48:09 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id CDD29A02 for ; Thu, 11 Apr 2013 18:48:09 +0000 (UTC) (envelope-from erdgeist@erdgeist.org) Received: from elektropost.org (elektropost.org [217.13.206.130]) by mx1.freebsd.org (Postfix) with ESMTP id 2E2D312DC for ; Thu, 11 Apr 2013 18:48:08 +0000 (UTC) Received: (qmail 24284 invoked from network); 11 Apr 2013 18:48:07 -0000 Received: from elektropost.org (HELO elektropost.org) (erdgeist@erdgeist.org) by elektropost.org with CAMELLIA256-SHA encrypted SMTP; 11 Apr 2013 18:48:07 -0000 Message-ID: <51670567.5070602@erdgeist.org> Date: Thu, 11 Apr 2013 20:48:07 +0200 From: Dirk Engling User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130328 Thunderbird/17.0.5 MIME-Version: 1.0 To: freebsd-jail@freebsd.org Subject: jail(8) vs. rc.d/jail features - fstab, zfs, vnet X-Enigmail-Version: 1.5.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Apr 2013 18:48:09 -0000 Dear jail hackers, in my ongoing quest to understand the direction jail development is heading, I noticed that per-jail-fstabs are not (anymore?, yet?) supported by the new jail(8)-rc.d/jail2-combo. Are there official plans to drop the support? A nice new jail+zfs feature is the "zfs jail" command, allowing to attach a zfs to a jail. The way[tm] to properly use this feature is to first create a prison, attach the zfs file system(s) to the jid and only then run the exec.start command. So either jail(8) needs to be zfs aware and execute the zfs jail command(s) by itself, or a exec.postprestart command that is being passed the prison id of the new jail needs to be run in system context. (For shutting down and unjail-ing vice versa). The same goes with the vimage features. Most of the ways I can think of using vnet interfaces require some configuration in the host system after the vnet has been attached to the jid but before exec.start (and thus the jail's rc.d/netif) is executed. Since I speak C, posix and sh fluidly, I am willing to implement or help implementing any of the proposals in question, so do not misunderstand them as just demands ;) erdgeist From owner-freebsd-jail@FreeBSD.ORG Thu Apr 11 20:43:53 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 729A8D54 for ; Thu, 11 Apr 2013 20:43:53 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) by mx1.freebsd.org (Postfix) with ESMTP id 34B3B1935 for ; Thu, 11 Apr 2013 20:43:53 +0000 (UTC) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id AFF6C28423; Thu, 11 Apr 2013 22:37:45 +0200 (CEST) Received: from [192.168.1.2] (ip-89-177-49-222.net.upcbroadband.cz [89.177.49.222]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 0874928422; Thu, 11 Apr 2013 22:37:45 +0200 (CEST) Message-ID: <51671F18.4020501@quip.cz> Date: Thu, 11 Apr 2013 22:37:44 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9.1.19) Gecko/20110420 Lightning/1.0b1 SeaMonkey/2.0.14 MIME-Version: 1.0 To: Dirk Engling Subject: Re: jail(8) vs. rc.d/jail features - fstab, zfs, vnet References: <51670567.5070602@erdgeist.org> In-Reply-To: <51670567.5070602@erdgeist.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Apr 2013 20:43:53 -0000 Dirk Engling wrote: > Dear jail hackers, > > in my ongoing quest to understand the direction jail development is > heading, I noticed that per-jail-fstabs are not (anymore?, yet?) > supported by the new jail(8)-rc.d/jail2-combo. Are there official plans > to drop the support? I don't know what you mean there. You can use per jail fstab in jail.conf # in global context mount.fstab = "/etc/fstab.$name"; # in jail context myjail { host.hostname = "myjail.example.com"; ip4.addr = 10.11.12.13; mount.fstab = "/etc/fstab.whateveryouwant"; } Miroslav Lachman From owner-freebsd-jail@FreeBSD.ORG Fri Apr 12 00:06:08 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 1C4D1D17 for ; Fri, 12 Apr 2013 00:06:08 +0000 (UTC) (envelope-from erdgeist@erdgeist.org) Received: from elektropost.org (elektropost.org [217.13.206.130]) by mx1.freebsd.org (Postfix) with ESMTP id 6FE772F5 for ; Fri, 12 Apr 2013 00:06:06 +0000 (UTC) Received: (qmail 73703 invoked from network); 12 Apr 2013 00:06:05 -0000 Received: from elektropost.org (HELO elektropost.org) (erdgeist@erdgeist.org) by elektropost.org with CAMELLIA256-SHA encrypted SMTP; 12 Apr 2013 00:06:05 -0000 Message-ID: <51674FEE.10508@erdgeist.org> Date: Fri, 12 Apr 2013 02:06:06 +0200 From: Dirk Engling User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130328 Thunderbird/17.0.5 MIME-Version: 1.0 To: Miroslav Lachman <000.fbsd@quip.cz> Subject: Re: jail(8) vs. rc.d/jail features - fstab, zfs, vnet References: <51670567.5070602@erdgeist.org> <51671F18.4020501@quip.cz> In-Reply-To: <51671F18.4020501@quip.cz> X-Enigmail-Version: 1.5.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Apr 2013 00:06:08 -0000 On 11.04.13 22:37, Miroslav Lachman wrote: > I don't know what you mean there. > You can use per jail fstab in jail.conf Mea culpa, I was too stupid to properly consult man page on this one :( erdgeist From owner-freebsd-jail@FreeBSD.ORG Fri Apr 12 00:14:49 2013 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id D5FAADC5 for ; Fri, 12 Apr 2013 00:14:49 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from m2.gritton.org (gritton.org [199.192.164.235]) by mx1.freebsd.org (Postfix) with ESMTP id BC15733D for ; Fri, 12 Apr 2013 00:14:49 +0000 (UTC) Received: from glorfindel.gritton.org (c-174-52-130-157.hsd1.ut.comcast.net [174.52.130.157]) (authenticated bits=0) by m2.gritton.org (8.14.5/8.14.5) with ESMTP id r3BNwHFP026909; Thu, 11 Apr 2013 17:58:17 -0600 (MDT) (envelope-from jamie@FreeBSD.org) Message-ID: <51674E18.4070402@FreeBSD.org> Date: Thu, 11 Apr 2013 17:58:16 -0600 From: Jamie Gritton User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.2.24) Gecko/20120129 Thunderbird/3.1.16 MIME-Version: 1.0 To: Dirk Engling Subject: Re: jail(8) vs. rc.d/jail features - fstab, zfs, vnet References: <51670567.5070602@erdgeist.org> In-Reply-To: <51670567.5070602@erdgeist.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Apr 2013 00:14:49 -0000 On 04/11/13 12:48, Dirk Engling wrote: > Dear jail hackers, > > in my ongoing quest to understand the direction jail development is > heading, I noticed that per-jail-fstabs are not (anymore?, yet?) > supported by the new jail(8)-rc.d/jail2-combo. Are there official plans > to drop the support? > > A nice new jail+zfs feature is the "zfs jail" command, allowing to > attach a zfs to a jail. The way[tm] to properly use this feature is to > first create a prison, attach the zfs file system(s) to the jid and only > then run the exec.start command. So either jail(8) needs to be zfs aware > and execute the zfs jail command(s) by itself, or a exec.postprestart > command that is being passed the prison id of the new jail needs to be > run in system context. (For shutting down and unjail-ing vice versa). > > The same goes with the vimage features. Most of the ways I can think of > using vnet interfaces require some configuration in the host system > after the vnet has been attached to the jid but before exec.start (and > thus the jail's rc.d/netif) is executed. > > Since I speak C, posix and sh fluidly, I am willing to implement or help > implementing any of the proposals in question, so do not misunderstand > them as just demands ;) As mentioned, fstab support is there. I have a parameter, vnet.interface, which runs the necessary "ifconfig ... vnet" command between jail creation and exec.start. We could have a similar parameter for zfs, or we could create another set of exec.* parameters, which would be more flexible in the long run. But as you hinted at with "postprestart", there doesn't seem to be a good logical name for it. Since the vnet.interface command exists, you could use that as a guide for adding a "zfs" parameter. vnet.interface only does anything on jail creation, as the interface automatically reverts to the parent on jail removal. I don't know if the zfs stuff works the same way - if it doesn't, then you'll need a similar "prepoststop" kind of operation. - Jamie From owner-freebsd-jail@FreeBSD.ORG Fri Apr 12 16:53:35 2013 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 120F0D94; Fri, 12 Apr 2013 16:53:35 +0000 (UTC) (envelope-from lukasz@wasikowski.net) Received: from mail.wasikowski.net (mail.wasikowski.net [IPv6:2001:6a0:1cb::b]) by mx1.freebsd.org (Postfix) with ESMTP id C5761124F; Fri, 12 Apr 2013 16:53:34 +0000 (UTC) Received: from mail.wasikowski.net (mail.wasikowski.net [IPv6:2001:6a0:1cb::b]) by mail.wasikowski.net (Postfix) with ESMTP id 1A0A01FE6; Fri, 12 Apr 2013 18:53:32 +0200 (CEST) X-Virus-Scanned: amavisd-new at wasikowski.net Received: from mail.wasikowski.net ([IPv6:2001:6a0:1cb::b]) by mail.wasikowski.net (scan.wasikowski.net [IPv6:2001:6a0:1cb::b]) (amavisd-new, port 10026) with ESMTP id Q6mf1bLKAcsA; Fri, 12 Apr 2013 18:53:12 +0200 (CEST) Received: from [192.168.168.2] (89-66-94-11.dynamic.chello.pl [89.66.94.11]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mail.wasikowski.net (Postfix) with ESMTPSA id 90F4A1FE2; Fri, 12 Apr 2013 18:53:10 +0200 (CEST) Message-ID: <51683BF7.1040702@wasikowski.net> Date: Fri, 12 Apr 2013 18:53:11 +0200 From: =?UTF-8?B?xYF1a2FzeiBXxIVzaWtvd3NraQ==?= User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130328 Thunderbird/17.0.5 MIME-Version: 1.0 To: Jamie Gritton Subject: =?UTF-8?B?UmU6IElQdjQgYWRkcmVzc2VzIGNsYXNoIC8gamFpbHMgbm90IHdvcms=?= =?UTF-8?B?aW5nIGFmdGVyIHJlYm9vdOKApg==?= References: <55865.68.255.104.38.1362619385.squirrel@cosmo.uchicago.edu> <6C130E1F-6CDC-4328-A300-5B483B8B4940@gmail.com> <513864D5.1070900@passap.ru> <51392119.2090502@FreeBSD.org> In-Reply-To: <51392119.2090502@FreeBSD.org> X-Enigmail-Version: 1.5.1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Apr 2013 16:53:35 -0000 W dniu 2013-03-08 00:22, Jamie Gritton pisze: > You're allowed to have the same address in multiple jails, but only in > the case of jails that have one address (i.e. one IPv4 address in this > case). Jails with multiple IP addresses can't share any of those > addresses with other jails. I don't know why it should work once and > then not work later though. That's not true. You can have multiple IPs in jails. You can have multiple jails sharing the same IP. You can have multiple jails sharing the same multiple IPs. So: jail1: ipv4_ip1 jail2: ipv4_ip2, ipv6_ip1, ipv6_ip2 jail3: ipv4_ip2, ipv6_ip1, ipv6_ip2 will work. But configuration like this: jail1: ipv4_ip1 jail2: ipv4_ip2, ipv6_ip1, ipv6_ip2 jail3: ipv4_ip2, ipv6_ip1 will not, because jail2 and jail3 share only some IPs. I've tried configuration like this on 9.1-STABLE around december 2012 and it ended with panic. So I'm using the configuration from the first example and it works ok. -- best regards, Lukasz Wasikowski From owner-freebsd-jail@FreeBSD.ORG Fri Apr 12 17:02:56 2013 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id C93DADF for ; Fri, 12 Apr 2013 17:02:56 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from m2.gritton.org (gritton.org [199.192.164.235]) by mx1.freebsd.org (Postfix) with ESMTP id AB82B129B for ; Fri, 12 Apr 2013 17:02:56 +0000 (UTC) Received: from guppy.corp.verio.net (fw.oremut02.us.wh.verio.net [198.65.168.24]) (authenticated bits=0) by m2.gritton.org (8.14.5/8.14.5) with ESMTP id r3CH2sbf078251; Fri, 12 Apr 2013 11:02:55 -0600 (MDT) (envelope-from jamie@FreeBSD.org) Message-ID: <51683E39.7000703@FreeBSD.org> Date: Fri, 12 Apr 2013 11:02:49 -0600 From: Jamie Gritton User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:9.0) Gecko/20120126 Thunderbird/9.0 MIME-Version: 1.0 To: =?UTF-8?B?xYF1a2FzeiBXxIVzaWtvd3NraQ==?= Subject: =?UTF-8?B?UmU6IElQdjQgYWRkcmVzc2VzIGNsYXNoIC8gamFpbHMgbm90IHdvcms=?= =?UTF-8?B?aW5nIGFmdGVyIHJlYm9vdOKApg==?= References: <55865.68.255.104.38.1362619385.squirrel@cosmo.uchicago.edu> <6C130E1F-6CDC-4328-A300-5B483B8B4940@gmail.com> <513864D5.1070900@passap.ru> <51392119.2090502@FreeBSD.org> <51683BF7.1040702@wasikowski.net> In-Reply-To: <51683BF7.1040702@wasikowski.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Cc: freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Apr 2013 17:02:56 -0000 On 04/12/13 10:53, Łukasz Wąsikowski wrote: > W dniu 2013-03-08 00:22, Jamie Gritton pisze: > >> You're allowed to have the same address in multiple jails, but only in >> the case of jails that have one address (i.e. one IPv4 address in this >> case). Jails with multiple IP addresses can't share any of those >> addresses with other jails. I don't know why it should work once and >> then not work later though. > > That's not true. You can have multiple IPs in jails. You can have > multiple jails sharing the same IP. You can have multiple jails sharing > the same multiple IPs. So: > > jail1: ipv4_ip1 > jail2: ipv4_ip2, ipv6_ip1, ipv6_ip2 > jail3: ipv4_ip2, ipv6_ip1, ipv6_ip2 > > will work. But configuration like this: > > jail1: ipv4_ip1 > jail2: ipv4_ip2, ipv6_ip1, ipv6_ip2 > jail3: ipv4_ip2, ipv6_ip1 > > will not, because jail2 and jail3 share only some IPs. I've tried > configuration like this on 9.1-STABLE around december 2012 and it ended > with panic. So I'm using the configuration from the first example and it > works ok. Well ending in a panic is beyond the bounds of what's supported, and into what apparently is broken - I was just talking about the intent as I read it into the code. Is this panic of yours repeatable? I'd like to get the exact configuration you were using, so I could try to repeat (and fix) whatever the problem was. - Jamie From owner-freebsd-jail@FreeBSD.ORG Fri Apr 12 21:15:08 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id D80A2369 for ; Fri, 12 Apr 2013 21:15:08 +0000 (UTC) (envelope-from zulu@openvps.biz) Received: from mgw.cellcontainer.com (mgw.cellcontainer.com [87.229.77.135]) by mx1.freebsd.org (Postfix) with ESMTP id 463961DCD for ; Fri, 12 Apr 2013 21:15:07 +0000 (UTC) Received: from mgw.cellcontainer.com (unknown [192.168.1.10]) by mgw.cellcontainer.com (Postfix) with ESMTP id A1340A4DF for ; Fri, 12 Apr 2013 21:05:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=openvps.biz; h=message-id :date:subject:from:to:mime-version:content-type:in-reply-to :references; s=selector1; bh=6Qp8SGcqYi33+RQkBZv8G7SSuG4=; b=mJ8 0MwPc6qb/krP+gQ7ED2rEqOi1aJ5ypyH2LcavVndg0vI2AWikLFQPh4Uqr+YmN9s 2TC3h3x8Z3DlG/ZVWL1D56X56Bn5v2uybgMqGl2PwLIXL4J8/43zlCs3r8hVo9W2 GK1uz0dg7h9Z7W24B73NDAR/bfyvc7VqLI3Rz0gU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=openvps.biz; h=message-id :date:subject:from:to:mime-version:content-type:in-reply-to :references; q=dns; s=selector1; b=RM3pPROYcRi5ALRNcoRF8VVht+Wmo ntIzsI+ybYtOGgY19dBuEDE9Tb7d4b9LBBz4NkpfY9GQcDDhX/R47wpX6vIS6fuG 9fCETur4h6D3EqrvnCBKHgHD2HqjOlrO1/bQ92RiBctkotdb0M1F0R1/MSGIgbwr GErBrmuOBIuNAE= Received: from gpo.cellcontainer.com (unknown [192.168.1.15]) by mgw.cellcontainer.com (Postfix) with ESMTP id 8B9ECA4DE for ; Fri, 12 Apr 2013 21:05:28 +0000 (UTC) Received: by gpo.cellcontainer.com (Postfix, from userid 58) id 7F437772B1; Fri, 12 Apr 2013 21:05:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on gpo.cellcontainer.com X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00, HTML_MESSAGE autolearn=unavailable version=3.3.2 Received: from gpo.cellcontainer.com (gpo.cellcontainer.com [192.168.1.15]) by gpo.cellcontainer.com (Postfix) with ESMTP id 9700D77291; Fri, 12 Apr 2013 21:05:25 +0000 (UTC) Message-ID: <1365800725.516877157ba82@gpo.cellcontainer.com> Date: Sat, 13 Apr 2013 09:05:25 +1200 Subject: Re: jail(8) vs. rc.d/jail features - fstab, zfs, vnet From: zulu To: Dirk Engling , "freebsd-jail@freebsd.org" MIME-Version: 1.0 X-MimeOLE: Produced by Group-Office 3.7.41 In-Reply-To: <51670567.5070602@erdgeist.org> X-Priority: 3 (Normal) References: <51670567.5070602@erdgeist.org> X-Mailer: Group-Office 3.7.41 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Apr 2013 21:15:08 -0000 You might need to play with the persist jail option to do a lo= t of ZFS and VNET related functions. The standard mount/umo= unt command supports mounting custom fstab files via -F option, you = could mount the filesystems before starting jails this w= ay. I was facing the same challenges last year as I really wa= nted to explore VNET and ended up creating an rc.d/jail independent p= erl script, you can have a look here http://sourceforge.net/pr= ojects/zjails/. It is by no way a complete solution and targeted for= pure ZFS jails only. The next "release" will have jailing ZFS dates= t as well (currently working on it). Peter On Friday= , 12-04-2013 on 6:48 Dirk Engling wrote: Dear jail hackers,= in my ongoing quest to understand the direction jail developme= nt is heading, I noticed that per-jail-fstabs are not (anymore?, yet= ?) supported by the new jail(8)-rc.d/jail2-combo. Are there official= plans to drop the support? A nice new jail+zfs featu= re is the "zfs jail" command, allowing to attach a zfs to a jail. Th= e way[tm] to properly use this feature is to first create a prison, = attach the zfs file system(s) to the jid and only then run the e= xec.start command. So either jail(8) needs to be zfs aware and e= xecute the zfs jail command(s) by itself, or a exec.postprestart com= mand that is being passed the prison id of the new jail needs to be r= un in system context. (For shutting down and unjail-ing vice versa).= The same goes with the vimage features. Most of the ways I can= think of using vnet interfaces require some configuration in th= e host system after the vnet has been attached to the jid but before= exec.start (and thus the jail's rc.d/netif) is executed. S= ince I speak C, posix and sh fluidly, I am willing to implement or h= elp implementing any of the proposals in question, so do not misunder= stand them as just demands ;) =C2=A0=C2=A0erdgeist __= _____________________________________________ freebsd-jail@freebsd.o= rg mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jai= l To unsubscribe, send any mail to "freebsd-jail-unsubscribe@fre= ebsd.org"