From owner-freebsd-stable Tue Jun 5 5:25:47 2001 Delivered-To: freebsd-stable@freebsd.org Received: from lurza.secnetix.de (lurza.secnetix.de [212.66.1.130]) by hub.freebsd.org (Postfix) with ESMTP id 71AE237B403 for ; Tue, 5 Jun 2001 05:25:41 -0700 (PDT) (envelope-from olli@lurza.secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.9.3/8.9.3) id OAA74361; Tue, 5 Jun 2001 14:25:40 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Date: Tue, 5 Jun 2001 14:25:40 +0200 (CEST) Message-Id: <200106051225.OAA74361@lurza.secnetix.de> From: Oliver Fromme To: freebsd-stable@FreeBSD.ORG Reply-To: freebsd-stable@FreeBSD.ORG Subject: Re: /usr/bin/host doesn't work in jail ...? In-Reply-To: <20010604224217.A253@speedy.gsinet> X-Newsgroups: list.freebsd-stable User-Agent: tin/1.5.4-20000523 ("1959") (UNIX) (FreeBSD/4.1-RELEASE (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Gerhard Sittig wrote: > Is this 4.3-RELEASE? Almost ... It's 4.3-RC2. > Since nslookup(1) doesn't work either I assume the problem spot > is somewhere else. Things I would check: > - do you have a NIC in this machine? Yes. > - do you use an ifconfig alias for the jail? No, there's only one IP. As far as I know, I can use that IP for jails, too (the jails don't have to have their own IPs). I've tried a second IP (alias) for the jail, but the problem is exactly the same. > - does *any* UDP communication work from inside the jail (to > itself and outside)? Can you play with /usr/ports/net/netcat? > jail$ echo OHYES | nc -l -u -p 8080 > jail$ echo HELLO | nc -w 1 -u $IP 8080 > host$ echo HELLO | nc -w 1 -u $IP 8080 Fails the same inside the jail: 86229 nc CALL connect(0x3,0x12005e060,0x10) 86229 nc RET connect -1 errno 22 Invalid argument You're right, it semms to affect all UDP datagram sockets. > - do you have a packet filter in the way? No. > Can you dump the calling parameters? Does ktrace(1) provide this > information? Unfortunately, it doesn't. > BTW: Wasn't there a bug in the gnats database about processes > failing (forgetting) to bind(2) their sockets to an address? > Search the PRs for "jail" to see if it's been fixed since. Oh, hm, that might be it. host and nslookup don't use bind(). I'll dig into the source, add a bind() and see if that changes anything. *sigh* There should be a sysctl or something so that it binds automatically inside jails if necessary. I guess host/nslookup are not the only programs which have problems ... :-( Maybe I find a possibility when looking at the kernel sources involved. > Oh, and check you sysctl's -- especially those to influence > jail's behaviour: > [...] Mine are the same as yours. > You did configure your jail's /etc area, didn't you? I'm using / as jail root (for testing), so the resolv.conf is the same as the host environment's ones. And no, it doesn't contain 127.0.0.1, but the DNS server's IP. (There is no BIND running on my box yet, so 127.0.0.1 wouldn't work anyway.) > > Oh by the way: When I enter the jail, the configuration of > > the lo0 interface gets deleted (and I can't bring it back > > within the jail): > > That's one of the design goals of a jail: to provide resources > for manipulation only when they are available for the jailed > process group exclusively I'm aware that it's perfectly OK that I can't manipulate lo0 inside the jail. I'm just worried that it gets deleted as soon as I enter the jail, because some things might need a correctly configured lo0. Regards Oliver -- Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "All that we see or seem is just a dream within a dream" (E. A. Poe) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message