Date: Thu, 24 Jul 2014 21:49:28 -0600 (MDT) From: Warren Block <wblock@wonkity.com> To: Glen Barber <gjb@FreeBSD.org> Cc: freebsd-jail@FreeBSD.org Subject: Re: check_dhcp Message-ID: <alpine.BSF.2.11.1407242147440.3624@wonkity.com> In-Reply-To: <20140725034600.GA1065@hub.FreeBSD.org> References: <alpine.BSF.2.11.1407242042240.3624@wonkity.com> <20140725032045.GY1065@hub.FreeBSD.org> <alpine.BSF.2.11.1407242122540.3624@wonkity.com> <20140725033114.GZ1065@hub.FreeBSD.org> <alpine.BSF.2.11.1407242132590.3624@wonkity.com> <20140725034600.GA1065@hub.FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 24 Jul 2014, Glen Barber wrote: > On Thu, Jul 24, 2014 at 09:35:52PM -0600, Warren Block wrote: >> On Thu, 24 Jul 2014, Glen Barber wrote: >>> On Thu, Jul 24, 2014 at 09:25:06PM -0600, Warren Block wrote: >>>> On Thu, 24 Jul 2014, Glen Barber wrote: >>>>> >>>>> The problem, I suspect, is that bpf(4) does not exist in the jail. >>>> >>>> It's there: >>>> >>>> # ls -lh /dev/b* >>>> crw------- 1 root wheel 0x12 Jul 24 21:00 /dev/bpf >>>> lrwxr-xr-x 1 root wheel 3B Jul 24 20:08 /dev/bpf0 -> bpf >>>> >>> >>> This is within the jail? >> >> Yes. It also has allow.raw_sockets=1. > > Well, I ask, because I think bpf(4) should *not* exist in the jail > even with allow.raw_sockets=1. > > # sysctl security.jail.allow_raw_sockets > security.jail.allow_raw_sockets: 1 > # ls /dev/bpf* > ls: No match. Yes, I had to unhide it with devfs: [devfsrules_jail_dhcp=5] add include $devfsrules_jail add path 'bpf*' unhide And then in /usr/local/etc/ezjail/jailname export jail_jailname_devfs_ruleset="5"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.11.1407242147440.3624>