From owner-freebsd-jail@FreeBSD.ORG Sun Oct 26 12:26:28 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E56DC1065670 for ; Sun, 26 Oct 2008 12:26:28 +0000 (UTC) (envelope-from lopez.on.the.lists@yellowspace.net) Received: from mail.yellowspace.net (mail.yellowspace.net [80.190.200.164]) by mx1.freebsd.org (Postfix) with ESMTP id 63D498FC14 for ; Sun, 26 Oct 2008 12:26:28 +0000 (UTC) (envelope-from lopez.on.the.lists@yellowspace.net) Received: from www.yellowspace.net ([80.190.200.165]) (AUTH: CRAM-MD5 lopez.on.the.lists@yellowspace.net) by mail.yellowspace.net with esmtp; Sun, 26 Oct 2008 13:26:26 +0100 id 00386CA2.00000000490461F2.0000DA1C Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Date: Sun, 26 Oct 2008 13:26:26 +0100 From: Lorenzo Perone To: "Bjoern A. Zeeb" In-Reply-To: <20081025214545.J2978@maildrop.int.zabbadoz.net> References: <20081025214545.J2978@maildrop.int.zabbadoz.net> Message-ID: <1f251259102d2078ce186caba07aaa9c@yellowspace.net> X-Sender: lopez.on.the.lists@yellowspace.net User-Agent: RoundCube Webmail/0.1-rc2 X-Mime-Autoconverted: from 8bit to 7bit by courier 0.54 Cc: freebsd-jail@freebsd.org Subject: Re: Succesful patch on several hosts with RELENG_7 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Oct 2008 12:26:29 -0000 On Sat, 25 Oct 2008 21:57:13 +0000 (UTC), "Bjoern A. Zeeb" wrote: >> # Nice thing: >> >> Patch is widely compatible with current /etc/rc.d/jail >> script, so just adding the ips comma separated to >> the jail_xxxx_ip variable in rc.conf, like >> jail_xxx_ip="10.190.40.10,10.190.40.11" >> does all the tricks (no matter on which iface the ips are) > > yes that was intentional, but does not work with all features > people use - especially the "configure the IP for me as well" > ones. Anyone _really_ using this feature? ;) >> # Small bug: >> >> jls does not show all the IPs, for whichever reason >> (just noting it, as for the rest, You patched everything..) > > oh it does; you are seeing the "compat" output introduced lately to > make as many scripts happy as possible. man jls should tell you > that you want `jls -v'. Really cool, great. Sorry for overseeing it. That's someone who cares... (who has not written that jailme/jme script grepping around jls, or even more...)! >> Regards, and tons of free beer.. .) > > As I have received a few similar comments before and as most of the > world has never seen me drinking beer, people may want to consider > http://www.freebsdfoundation.org/donate/ My apologies for this assumption! Here in Oktoberfest-City we tend to have huge difficulties in imagining someone not drinking beer. However: yes it's overdue, I'll be using that link for a contribution next week. Thanx so much 4 your work and 4 listening! Lorenzo From owner-freebsd-jail@FreeBSD.ORG Mon Oct 27 11:07:16 2008 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0F15D106566B for ; Mon, 27 Oct 2008 11:07:16 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id F01138FC0A for ; Mon, 27 Oct 2008 11:07:15 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id m9RB7Fjb001989 for ; Mon, 27 Oct 2008 11:07:15 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id m9RB7FBB001985 for freebsd-jail@FreeBSD.org; Mon, 27 Oct 2008 11:07:15 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 27 Oct 2008 11:07:15 GMT Message-Id: <200810271107.m9RB7FBB001985@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Oct 2008 11:07:16 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/126368 jail [jail] Running ktrace/kdump in jail leads to stale jai o kern/120753 jail [jail] Zombie jails (jailed child process exits while o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o kern/97071 jail [jail] [patch] add security.jail.jid sysctl o kern/89989 jail [jail] [patch] Add option -I (ASCII 73) PID to specif s kern/89528 jail [jail] [patch] impossible to kill a jail o kern/84215 jail [jail] [patch] wildcard ip (INADDR_ANY) should not bin o kern/74314 jail [resolver] [jail] DNS resolver broken under certain ja o kern/72498 jail [libc] [jail] timestamp code on jailed SMP machine gen o kern/68192 jail [quotas] [jail] Cannot use quotas on jailed systems o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with 12 problems total. From owner-freebsd-jail@FreeBSD.ORG Tue Oct 28 18:20:20 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 85F311065676; Tue, 28 Oct 2008 18:20:20 +0000 (UTC) (envelope-from imb@protected-networks.net) Received: from sarah.protected-networks.net (sarah.protected-networks.net [IPv6:2001:470:1f07:4e1::1]) by mx1.freebsd.org (Postfix) with ESMTP id 4592D8FC23; Tue, 28 Oct 2008 18:20:20 +0000 (UTC) (envelope-from imb@protected-networks.net) Received: from [127.0.0.1] (localhost [IPv6:::1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: imb) by sarah.protected-networks.net (Postfix) with ESMTPSA id A692960D3; Tue, 28 Oct 2008 14:20:18 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=protected-networks.net; s=200705; t=1225218018; bh=kmFl0CoJWfm/6d bHu7Lptswz/TOZ0fHt2FlOHQV7040=; h=Message-ID:Date:From:MIME-Version: To:CC:Subject:References:In-Reply-To:Content-Type: Content-Transfer-Encoding; b=gAtNH9sw9gdOEH5HfQhMLsWG8OjV2qjMGGSHC NRxovOqYuXw4UCnER4C2kWtpUCs47VYtJe4Qsgcu/ioAxlIWsD6uUK2Yz5P8qNx5IOy ig+pPOXZvUD3mNYDYeYuWEXm DomainKey-Signature: a=rsa-sha1; s=200509; d=protected-networks.net; c=nofws; q=dns; h=message-id:date:from:user-agent:mime-version:to:cc:subject: references:in-reply-to:content-type:content-transfer-encoding; b=EKL+NsiXDtGohjN8TeJ+4CgPFBx+14Jxscu19eDUnzPhWpKlF8DW76GLgFfuQhXAw eJy3N9qVUOBqhNub+xiTZ1wrjndc2hz6ObY3uIIw/RXP3D/F/enNyvAPWrGe+jh Message-ID: <490757D1.6080709@protected-networks.net> Date: Tue, 28 Oct 2008 14:20:01 -0400 From: Michael Butler User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: freebsd-jail@freebsd.org References: <487086DA-4514-44E7-AB9F-F1D98C652980@yellowspace.net> <490754D5.8050202@protected-networks.net> <20081028181744.Q2978@maildrop.int.zabbadoz.net> In-Reply-To: <20081028181744.Q2978@maildrop.int.zabbadoz.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: stable@freebsd.org Subject: Re: 7.x and multiple IPs in jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Oct 2008 18:20:20 -0000 Bjoern A. Zeeb wrote: >> This seems to imply that, at last, IPv6 addresses can be used in jails - >> is that true? > yes Woohoo! THANKS! :-) Michael From owner-freebsd-jail@FreeBSD.ORG Wed Oct 29 07:45:08 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 27BBB1065676; Wed, 29 Oct 2008 07:45:08 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id CC6298FC16; Wed, 29 Oct 2008 07:45:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 2DABE41C63C; Wed, 29 Oct 2008 08:45:06 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id 8OXdOnRFXvR1; Wed, 29 Oct 2008 08:45:05 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id BFF9741C615; Wed, 29 Oct 2008 08:45:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 6931644487F; Wed, 29 Oct 2008 07:42:23 +0000 (UTC) Date: Wed, 29 Oct 2008 07:42:22 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Chris St Denis In-Reply-To: <49078377.2090807@smartt.com> Message-ID: <20081029072821.S2978@maildrop.int.zabbadoz.net> References: <487086DA-4514-44E7-AB9F-F1D98C652980@yellowspace.net> <49078377.2090807@smartt.com> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: stable@freebsd.org, freebsd-jail@freebsd.org Subject: Re: 7.x and multiple IPs in jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-jail@freebsd.org List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Oct 2008 07:45:08 -0000 On Tue, 28 Oct 2008, Chris St Denis wrote: Hi, [ jail patches ] > Serious question here (not trolling). > > These patches have been around for years, why have they never been committed > to trunk/stable? Well, the multi-ipv4 patch has been for a while - what we are talking about at the moment is more. If you look at older status reports they said soemthing like "there is the need for this at the moment but it's not considered to be the right thing". There are multiple reasons for that, that I can think of: 1) some larger parts (of the network stack|kernel) get plastered with all kinds of if (this) if (that) checks complicating code, making it unreadbale, having to be maintained, not ignored for security, ... It's important to really catch all the places, .. which it seems we had been doing well though not 100% well as I just found out currerntly preparing more if (this) if (that) checks for something not really important but still being a problem - since the first day it turns out. 2) there is questionable logic in them and while we had been living with it up to now, it came up during review process for the commit to HEAD (so it could be merged to stable) and it turns out that properly solving it isn't a easy or simple task and multiple people have been pondering over this for days now. Even after removing some optional code paths for simplicity things are still not always definite in what would happen. 3) Nonetheless they are very helpful and very usable (else I wouldn't have worked on it). The plan as the status report will say is to get this in, merge it to stable/7 before 7.2 and keep it in 8. 8 will also have vimages and ideally I'd like to see this entire jail IP hacks be gone for 9, when vimage will provide the infrastructure, etc. This means that 8 would be the transition period. But that's just me and my ideas - we'll see how it'll go. /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From owner-freebsd-jail@FreeBSD.ORG Wed Oct 29 09:17:08 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 60968106567B for ; Wed, 29 Oct 2008 09:17:08 +0000 (UTC) (envelope-from lists@lozenetz.org) Received: from mail.webreality.org (mailserver.webreality.org [217.75.141.5]) by mx1.freebsd.org (Postfix) with ESMTP id 1683F8FC1C for ; Wed, 29 Oct 2008 09:17:07 +0000 (UTC) (envelope-from lists@lozenetz.org) Received: from [10.0.1.101] (gw1.sofiasoftsolutions.com [195.34.104.214]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.webreality.org (Postfix) with ESMTP id CF0911522D1E for ; Wed, 29 Oct 2008 11:01:03 +0200 (EET) Message-ID: <4908264A.5080003@lozenetz.org> Date: Wed, 29 Oct 2008 11:00:58 +0200 From: Anton - Valqk User-Agent: Mozilla-Thunderbird 2.0.0.16 (X11/20080724) MIME-Version: 1.0 To: freebsd-jail@freebsd.org References: <487086DA-4514-44E7-AB9F-F1D98C652980@yellowspace.net> <49078377.2090807@smartt.com> <20081029072821.S2978@maildrop.int.zabbadoz.net> In-Reply-To: <20081029072821.S2978@maildrop.int.zabbadoz.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-HostIT-MailScanner-Information: Please contact the ISP for more information X-HostIT-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details X-HostIT-MailScanner-From: lists@lozenetz.org Subject: Re: 7.x and multiple IPs in jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Oct 2008 09:17:08 -0000 Hi there group, Just a quick question regarding full virtualization net stack? Is vimage the name of the virtualization stack? :) I'd *LOVE* to see it in stable!!! :) Are there any plans when it will be in HEAD or something? (I'm not following head and not running even 7.x yet). These patches also have been for years (as far as I can remember from 4.10?) and we haven't seen it working.... just asking curiously (no trolling)! cheers, valqk. Bjoern A. Zeeb wrote: > On Tue, 28 Oct 2008, Chris St Denis wrote: > > Hi, > > [ jail patches ] > >> Serious question here (not trolling). >> >> These patches have been around for years, why have they never been >> committed to trunk/stable? > > Well, the multi-ipv4 patch has been for a while - what we are talking > about at the moment is more. > > If you look at older status reports they said soemthing like "there is > the need for this at the moment but it's not considered to be the > right thing". > > There are multiple reasons for that, that I can think of: > > 1) some larger parts (of the network stack|kernel) get plastered with > all kinds of if (this) if (that) checks complicating code, making > it unreadbale, having to be maintained, not ignored for security, ... > It's important to really catch all the places, .. which it seems we > had been doing well though not 100% well as I just found out > currerntly preparing more if (this) if (that) checks for something > not really important but still being a problem - since the first > day it turns out. > > 2) there is questionable logic in them and while we had been living > with it up to now, it came up during review process for the commit > to HEAD (so it could be merged to stable) and it turns out that > properly solving it isn't a easy or simple task and multiple people > have been pondering over this for days now. Even after removing > some optional code paths for simplicity things are still not always > definite in what would happen. > > 3) > > > Nonetheless they are very helpful and very usable (else I wouldn't > have worked on it). > > The plan as the status report will say is to get this in, merge it to > stable/7 before 7.2 and keep it in 8. > > 8 will also have vimages and ideally I'd like to see this entire jail > IP hacks be gone for 9, when vimage will provide the infrastructure, > etc. This means that 8 would be the transition period. But that's > just me and my ideas - we'll see how it'll go. > > > /bz > From owner-freebsd-jail@FreeBSD.ORG Wed Oct 29 09:45:07 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D2E8B1065676 for ; Wed, 29 Oct 2008 09:45:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id 8B4E88FC1F for ; Wed, 29 Oct 2008 09:45:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 3887141C6A1; Wed, 29 Oct 2008 10:45:06 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id 81BoR1jKKzb8; Wed, 29 Oct 2008 10:45:05 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id DB68441C69F; Wed, 29 Oct 2008 10:45:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 7DDDF44487F; Wed, 29 Oct 2008 09:42:51 +0000 (UTC) Date: Wed, 29 Oct 2008 09:42:51 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Anton - Valqk In-Reply-To: <4908264A.5080003@lozenetz.org> Message-ID: <20081029094128.M2978@maildrop.int.zabbadoz.net> References: <487086DA-4514-44E7-AB9F-F1D98C652980@yellowspace.net> <49078377.2090807@smartt.com> <20081029072821.S2978@maildrop.int.zabbadoz.net> <4908264A.5080003@lozenetz.org> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-jail@freebsd.org Subject: Re: 7.x and multiple IPs in jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Oct 2008 09:45:07 -0000 On Wed, 29 Oct 2008, Anton - Valqk wrote: Hi, > Just a quick question regarding full virtualization net stack? > Is vimage the name of the virtualization stack? :) > I'd *LOVE* to see it in stable!!! :) > Are there any plans when it will be in HEAD or something? > (I'm not following head and not running even 7.x yet). > These patches also have been for years (as far as I can remember from > 4.10?) and we haven't seen it working.... > > just asking curiously (no trolling)! It will not be in stable before 8-STABLE though I think Marko has it also for 7-STABLE (in perforce). Parts of the framework have been merged to HEAD already and more is to come. freebsd-virtualization@ is the list for this. /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From owner-freebsd-jail@FreeBSD.ORG Wed Oct 29 17:52:33 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E57481065672 for ; Wed, 29 Oct 2008 17:52:33 +0000 (UTC) (envelope-from chris@smartt.com) Received: from nov.smartt.com (nov.smartt.com [69.31.173.253]) by mx1.freebsd.org (Postfix) with ESMTP id C7EA88FC19 for ; Wed, 29 Oct 2008 17:52:33 +0000 (UTC) (envelope-from chris@smartt.com) Received: from [69.31.174.220] ([69.31.174.220]) (authenticated bits=0) by nov.smartt.com (8.13.8/8.13.5) with ESMTP id m9THRkm9032512; Wed, 29 Oct 2008 10:27:48 -0700 Message-ID: <49089D14.7040603@smartt.com> Date: Wed, 29 Oct 2008 10:27:48 -0700 From: Chris St Denis User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: freebsd-jail@freebsd.org References: <487086DA-4514-44E7-AB9F-F1D98C652980@yellowspace.net> <49078377.2090807@smartt.com> <20081029072821.S2978@maildrop.int.zabbadoz.net> In-Reply-To: <20081029072821.S2978@maildrop.int.zabbadoz.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-3.1 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.1.8 X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on nov.smartt.com Cc: stable@freebsd.org Subject: Re: 7.x and multiple IPs in jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Oct 2008 17:52:34 -0000 Bjoern A. Zeeb wrote: > On Tue, 28 Oct 2008, Chris St Denis wrote: > > Hi, > > [ jail patches ] > >> Serious question here (not trolling). >> >> These patches have been around for years, why have they never been >> committed to trunk/stable? > > Well, the multi-ipv4 patch has been for a while - what we are talking > about at the moment is more. > > If you look at older status reports they said soemthing like "there is > the need for this at the moment but it's not considered to be the > right thing". > > There are multiple reasons for that, that I can think of: > > 1) some larger parts (of the network stack|kernel) get plastered with > all kinds of if (this) if (that) checks complicating code, making > it unreadbale, having to be maintained, not ignored for security, ... > It's important to really catch all the places, .. which it seems we > had been doing well though not 100% well as I just found out > currerntly preparing more if (this) if (that) checks for something > not really important but still being a problem - since the first > day it turns out. > > 2) there is questionable logic in them and while we had been living > with it up to now, it came up during review process for the commit > to HEAD (so it could be merged to stable) and it turns out that > properly solving it isn't a easy or simple task and multiple people > have been pondering over this for days now. Even after removing > some optional code paths for simplicity things are still not always > definite in what would happen. > > 3) > > > Nonetheless they are very helpful and very usable (else I wouldn't > have worked on it). > > The plan as the status report will say is to get this in, merge it to > stable/7 before 7.2 and keep it in 8. > > 8 will also have vimages and ideally I'd like to see this entire jail > IP hacks be gone for 9, when vimage will provide the infrastructure, > etc. This means that 8 would be the transition period. But that's > just me and my ideas - we'll see how it'll go. > > > /bz > Thanks for the info from all who responded. I hadn't heard of vimage before, but after doing some searching on it it sounds like it will be very good improvement to jails. If we can get resource limits on jails too in a near future release, Jails will become a competitive solution for VPS systems. From owner-freebsd-jail@FreeBSD.ORG Wed Oct 29 22:15:41 2008 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 99793106564A; Wed, 29 Oct 2008 22:15:41 +0000 (UTC) (envelope-from jamie@gritton.org) Received: from gritton.org (gritton.org [161.58.222.4]) by mx1.freebsd.org (Postfix) with ESMTP id 61CE58FC08; Wed, 29 Oct 2008 22:15:41 +0000 (UTC) (envelope-from jamie@gritton.org) Received: from guppy.corp.verio.net (fw.oremut02.us.wh.verio.net [198.65.168.24]) (authenticated bits=0) by gritton.org (8.13.6.20060614/8.13.6) with ESMTP id m9TLmg35096991; Wed, 29 Oct 2008 15:48:43 -0600 (MDT) Message-ID: <4908DA35.7070905@gritton.org> Date: Wed, 29 Oct 2008 15:48:37 -0600 From: James Gritton User-Agent: Thunderbird 2.0.0.9 (X11/20080228) MIME-Version: 1.0 To: "Bjoern A. Zeeb" References: <487086DA-4514-44E7-AB9F-F1D98C652980@yellowspace.net> <49078377.2090807@smartt.com> <20081029072821.S2978@maildrop.int.zabbadoz.net> In-Reply-To: <20081029072821.S2978@maildrop.int.zabbadoz.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV version 0.93, clamav-milter version 0.93 on gritton.org X-Virus-Status: Clean Cc: stable@FreeBSD.org, freebsd-jail@FreeBSD.org Subject: Re: 7.x and multiple IPs in jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Oct 2008 22:15:41 -0000 Bjoern A. Zeeb wrote: > The plan as the status report will say is to get this in, merge it to > stable/7 before 7.2 and keep it in 8. > > 8 will also have vimages and ideally I'd like to see this entire jail > IP hacks be gone for 9, when vimage will provide the infrastructure, > etc. This means that 8 would be the transition period. But that's > just me and my ideas - we'll see how it'll go. I'm not convinced vimage is the only kind of network virtualization we want to give the option of. The IP addresses assigned to jails seems a lighter weight alternative, and allows some things that vimage doesn't do easily, such as system processes that listen on the virtual addresses for some services, leaving the jail to handle others. - Jamie From owner-freebsd-jail@FreeBSD.ORG Thu Oct 30 19:02:09 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 57F93106564A; Thu, 30 Oct 2008 19:02:09 +0000 (UTC) (envelope-from imb@protected-networks.net) Received: from sarah.protected-networks.net (sarah.protected-networks.net [IPv6:2001:470:1f07:4e1::1]) by mx1.freebsd.org (Postfix) with ESMTP id 066A08FC1B; Thu, 30 Oct 2008 19:02:09 +0000 (UTC) (envelope-from imb@protected-networks.net) Received: from [127.0.0.1] (localhost [IPv6:::1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: imb) by sarah.protected-networks.net (Postfix) with ESMTPSA id E5FF86187; Thu, 30 Oct 2008 15:02:06 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=protected-networks.net; s=200705; t=1225393327; bh=+360mITcs/HdRd osi/IRtXd9F1kkWpnVzh9Yt8Djs7Q=; h=Message-ID:Date:From:MIME-Version: To:CC:Subject:References:In-Reply-To:Content-Type: Content-Transfer-Encoding; b=CgKAJCLhxQvW6qGCBCG6STJdZJThHxj/RrNfB XXIwlW2rPVfsje8ADRvKK+rZ7JXRhvGg60h/zFPbfGqsWatds1sXi+dvJOWHr6mNAEh 3JbydT48Oa8uiGSCWSjcs2HZ DomainKey-Signature: a=rsa-sha1; s=200509; d=protected-networks.net; c=nofws; q=dns; h=message-id:date:from:user-agent:mime-version:to:cc:subject: references:in-reply-to:content-type:content-transfer-encoding; b=mfvl2NhPlycbJaD9ANCoTnzC0W6H3cMQIZwBzOQx5G32SAhwCxhtKqJcsGa8slmgv Gdv+7wnjoweXep3TwSRTvjVQHc9y30ctUP0KIMwiP7FRO48WxLpuo2Uj1IV2JqZ Message-ID: <490A048E.8000907@protected-networks.net> Date: Thu, 30 Oct 2008 15:01:34 -0400 From: Michael Butler User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: freebsd-jail@freebsd.org References: <487086DA-4514-44E7-AB9F-F1D98C652980@yellowspace.net> <490754D5.8050202@protected-networks.net> <20081028181744.Q2978@maildrop.int.zabbadoz.net> In-Reply-To: <20081028181744.Q2978@maildrop.int.zabbadoz.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: stable@freebsd.org Subject: Re: 7.x and multiple IPs in jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Oct 2008 19:02:09 -0000 >>> Hi, there's a patch by Bjoern A.Zeeb, available at >>> http://people.freebsd.org/~bz/bz_jail7-20080920-01-at150161.diff >>> >>> which succeeds and works well with 7.1-PRERELEASE currently. >>> I had similar issues to solve and patched several hosts >>> with it, so far with success. Sadly, SVN rev 184481 (of today) breaks these patches :-( Is there an updated patch-set available or planned? Michael From owner-freebsd-jail@FreeBSD.ORG Fri Oct 31 00:45:07 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 12B4F106567D; Fri, 31 Oct 2008 00:45:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id BA76B8FC12; Fri, 31 Oct 2008 00:45:06 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id F15F441C751; Fri, 31 Oct 2008 01:45:05 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id 0NZitcXrokpJ; Fri, 31 Oct 2008 01:45:05 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id 8312A41C74D; Fri, 31 Oct 2008 01:45:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id ECD0844487F; Fri, 31 Oct 2008 00:41:14 +0000 (UTC) Date: Fri, 31 Oct 2008 00:41:14 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Michael Butler In-Reply-To: <490A048E.8000907@protected-networks.net> Message-ID: <20081031003552.A4973@maildrop.int.zabbadoz.net> References: <487086DA-4514-44E7-AB9F-F1D98C652980@yellowspace.net> <490754D5.8050202@protected-networks.net> <20081028181744.Q2978@maildrop.int.zabbadoz.net> <490A048E.8000907@protected-networks.net> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: stable@freebsd.org, freebsd-jail@freebsd.org Subject: Re: 7.x and multiple IPs in jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-jail@freebsd.org List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Oct 2008 00:45:07 -0000 On Thu, 30 Oct 2008, Michael Butler wrote: Hi, >>>> Hi, there's a patch by Bjoern A.Zeeb, available at >>>> http://people.freebsd.org/~bz/bz_jail7-20080920-01-at150161.diff >>>> >>>> which succeeds and works well with 7.1-PRERELEASE currently. >>>> I had similar issues to solve and patched several hosts >>>> with it, so far with success. > > Sadly, SVN rev 184481 (of today) breaks these patches :-( > > Is there an updated patch-set available or planned? I wonder if that was one of my MFCs - I guess so. One of the reasons I am doing those MFCs is to keep the diff between HEAD and 7 down to a minimum so that I have to ship less patches integrated into the jail patch for 7. So yes the plan is to finish the MFCs and generate a new patch for 7 the next days (most likely beginning of next week). Regards, Bjoern -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From owner-freebsd-jail@FreeBSD.ORG Sat Nov 1 16:27:01 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2DBCC106568D for ; Sat, 1 Nov 2008 16:27:01 +0000 (UTC) (envelope-from christer.edwards@gmail.com) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.229]) by mx1.freebsd.org (Postfix) with ESMTP id F17AA8FC16 for ; Sat, 1 Nov 2008 16:27:00 +0000 (UTC) (envelope-from christer.edwards@gmail.com) Received: by rv-out-0506.google.com with SMTP id b25so1667718rvf.43 for ; Sat, 01 Nov 2008 09:27:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :message-id:mime-version:content-type:content-disposition:user-agent; bh=DDyIkyCo+0MN6KlQBYXHXdNU23x1PF7pqFyEpL6Bfzo=; b=HuNfi4r9BsCrD7F1BMTZjx2HI4YH4YdvCsbSaf0xTIhVsNzX+2dGp7KwXWxH0uViYj xvlY2BTCMhYD2S8vshgKq4Pf1gUbAh+oSrzGICJB2M3JUatIWMbbgZrzdJGmRuD8PYUG PixwydYfgP3uc14ButfMBkhDK+n212uA9VvNM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:subject:message-id:mime-version:content-type :content-disposition:user-agent; b=hlpwZ3SNnjRPEkN+yN1PuzCQrc3TUHQmyNDStjHkuWnlCQaN0+3YfoZ/jw0seWIy4B +yQ47paaQlrj8iqtT+LBF7hmUY4AMj4OmnOxF+w8p2pVfuC95VkfLBEBxGN0rbSgbMPA 2nxx19n7b5urONeul8/Zd3imzCiUcthr4+Erw= Received: by 10.142.222.21 with SMTP id u21mr6087931wfg.318.1225554825358; Sat, 01 Nov 2008 08:53:45 -0700 (PDT) Received: from parkman.zelut.org (kuyaedz.dsl.xmission.com [166.70.56.51]) by mx.google.com with ESMTPS id 27sm8804998wff.3.2008.11.01.08.53.41 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 01 Nov 2008 08:53:44 -0700 (PDT) Date: Sat, 1 Nov 2008 09:52:05 -0600 From: Christer Edwards To: freebsd-jail@freebsd.org Message-ID: <20081101155205.GD90953@parkman.zelut.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="cmJC7u66zC7hs+87" Content-Disposition: inline User-Agent: Mutt/1.5.18 (2008-05-17) Subject: dhcpd possible within jail? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Nov 2008 16:27:01 -0000 --cmJC7u66zC7hs+87 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I recently set up a few jails for internal network services (sshd, bind, dhcpd, etc.) The only issue I have so far is that dhcpd doesn't seem to work within the jail env. It appears to start properly, and the process shows in top, but no leases are ever given out. I have the following in my jail /etc/rc.conf: ## dhcpd options dhcpd_enable=3D"YES" dhcpd_flags=3D"-q" dhcpd_conf=3D"/usr/local/etc/dhcpd.conf" dhcpd_ifaces=3D"hme0" dhcpd_withumask=3D"022" dhcpd_chuser_enable=3D"YES" dhcpd_withuser=3D"dhcpd" dhcpd_withgroup=3D"dhcpd" dhcpd_chroot_enable=3D"NO" dhcpd_devfs_enable=3D"NO" #dhcpd_makedev_enable=3D"YES" dhcpd_rootdir=3D"/var/db/dhcpd" dhcpd_includedir=3D"" #dhcpd_jail_enable=3D"YES" dhcpd_hostname=3D"hostname.domain.tld" dhcpd_ipaddress=3D"192.168.0.13" =20 I have also allowed raw_sockets from the host (unless there is another way to accomplish this). If anyone can tell me what I'm missing, or if its simply a jail limitation I'd appreciate it. thanks in advance, christer --cmJC7u66zC7hs+87 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iQEcBAEBAgAGBQJJDHskAAoJEJfgcHkNCE4TLLcIAIa+dtFg5QkV2FrSCs7lW9DQ JMja6WvtAPOb545gzGTEq5OIxb/WJAWRlcXC9j/OJZhkZxqFhzIvqTbxvZrmuZEz 7FQvg2cgaLNS15YdvA6hlLf10LHR1gZVN6P7UBu3Wcyf0XLFDp58g8Eh1kcwjtL0 eRcYX5G7G/WCV47WIoLECcn+C+pqdLPQyZsYfF6X9jSW2sCyZUeVXZFDplbkAiO/ sJOr87UbxTlKV6k9Dyn70C4RV0MzinPIeo+Yt986hSFhYDLEzXlRs4b0tSvqKg7u U3z9zirfdorOkuTljkKzBQlXEYj71GgFUNpWVBhQpkeNIbTw7f2SztVYfJFkXKg= =d0kp -----END PGP SIGNATURE----- --cmJC7u66zC7hs+87-- From owner-freebsd-jail@FreeBSD.ORG Sat Nov 1 20:15:08 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 086271065702 for ; Sat, 1 Nov 2008 20:15:08 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id B70678FC1D for ; Sat, 1 Nov 2008 20:15:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id B48BE41C667; Sat, 1 Nov 2008 21:15:05 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id t-UDrj+iaQuC; Sat, 1 Nov 2008 21:15:05 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id 4178441C5DC; Sat, 1 Nov 2008 21:15:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 2C642444888; Sat, 1 Nov 2008 20:13:46 +0000 (UTC) Date: Sat, 1 Nov 2008 20:13:46 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Christer Edwards In-Reply-To: <20081101155205.GD90953@parkman.zelut.org> Message-ID: <20081101200710.V41609@maildrop.int.zabbadoz.net> References: <20081101155205.GD90953@parkman.zelut.org> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-jail@freebsd.org Subject: Re: dhcpd possible within jail? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Nov 2008 20:15:08 -0000 On Sat, 1 Nov 2008, Christer Edwards wrote: > I recently set up a few jails for internal network services (sshd, bind, > dhcpd, etc.) The only issue I have so far is that dhcpd doesn't seem to > work within the jail env. It appears to start properly, and the process > shows in top, but no leases are ever given out. [ ...] > I have also allowed raw_sockets from the host (unless there is another > way to accomplish this). > > If anyone can tell me what I'm missing, or if its simply a jail > limitation I'd appreciate it. dhcpd imho needs bpf, so you would have to expose /dev/bpf* to that jail and perhaps also /dev/net* things.. try adding something like this to your /etc/devfs.rules [devfsrules_jail_dhcp=5] add include $devfsrules_hide_all add include $devfsrules_unhide_basic add include $devfsrules_unhide_login add path 'bpf*' unhide add path net unhide add path 'net/*' unhide the number is the first free that is not in your /etc/defaults/devfs.rules and /etc/devfs.rules. That done change the /etc/rc.conf line for that jail to jail_FOOOOOO_devfs_ruleset="devfsrules_jail_dhcp" with FOOOOOO being the right jail name of course and restart the jail. Within the jail do a ls -l /dev/bpf* ; if there are no entries you'll need to reapply the devfs rules from the base system (sh /etc/rc.d/devfs start might do that). Try the ls again. imho, you do not need to allow raw sockets. HTH /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From owner-freebsd-jail@FreeBSD.ORG Sat Nov 1 23:19:21 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F15801065673 for ; Sat, 1 Nov 2008 23:19:21 +0000 (UTC) (envelope-from christer.edwards@gmail.com) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.173]) by mx1.freebsd.org (Postfix) with ESMTP id BD86D8FC14 for ; Sat, 1 Nov 2008 23:19:21 +0000 (UTC) (envelope-from christer.edwards@gmail.com) Received: by wf-out-1314.google.com with SMTP id 24so1864149wfg.7 for ; Sat, 01 Nov 2008 16:19:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:cc:subject :message-id:references:mime-version:content-type:content-disposition :in-reply-to:user-agent; bh=g29CcDsglqgoqZk/PNB1TXGXwcVyNaV+guQuxxW2ZmY=; b=V6Cnz47jIXYNGh8syMo1El8W8/03pKNlXR22oIz73LdqcBLAnJkXo8zNr8wWUrN6yY kDcNyUs0A6V83vwMO/S1b4wvLGEKR4y1pIRZ0FZi5w77HE0/vWtXzeajyYoq02RB5wB5 toU5dwjlADrUYiSe8kQ5hgYCvrrVwSmIP9LBI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; b=HhXezB91oA2O3nBcljdR3CxjrCsheGESY1xUtvQR8oPEqgg6z9u0vE4U8Zli69ZdLl 2b8G9Ro8oXdia4HjVWyaANOA8IEXGU2oStlgKB0q0GUmQTsrQjuD2/eQmUvYS9akHUdz gq6uGP0uaiopSwdVmWgNe9x73GqUvryjFEUrk= Received: by 10.142.200.20 with SMTP id x20mr6293213wff.259.1225581561441; Sat, 01 Nov 2008 16:19:21 -0700 (PDT) Received: from parkman.zelut.org (kuyaedz.dsl.xmission.com [166.70.56.51]) by mx.google.com with ESMTPS id 30sm10187997wfd.1.2008.11.01.16.19.19 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 01 Nov 2008 16:19:20 -0700 (PDT) Date: Sat, 1 Nov 2008 17:18:03 -0600 From: Christer Edwards To: "Bjoern A. Zeeb" Message-ID: <20081101231803.GA1764@parkman.zelut.org> References: <20081101155205.GD90953@parkman.zelut.org> <20081101200710.V41609@maildrop.int.zabbadoz.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="YiEDa0DAkWCtVeE4" Content-Disposition: inline In-Reply-To: <20081101200710.V41609@maildrop.int.zabbadoz.net> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-jail@freebsd.org Subject: Re: dhcpd possible within jail? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Nov 2008 23:19:22 -0000 --YiEDa0DAkWCtVeE4 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Nov 01, 2008 at 08:13:46PM +0000, Bjoern A. Zeeb wrote: > try adding something like this to your /etc/devfs.rules >=20 > [devfsrules_jail_dhcp=3D5] > add include $devfsrules_hide_all > add include $devfsrules_unhide_basic > add include $devfsrules_unhide_login > add path 'bpf*' unhide > add path net unhide > add path 'net/*' unhide I've added the above lines and the devices now are listed in /usr/jail/jailname/dev/. I get the same output in the logs with or without the devfs changes..=20 Nov 1 17:07:40 molly dhcpd: Wrote 0 deleted host decls to leases file. Nov 1 17:07:40 molly dhcpd: Wrote 0 new dynamic host decls to leases file. Nov 1 17:07:40 molly dhcpd: Wrote 0 leases to leases file. the dhcpd.leases file is updated when the daemon is restarted but, again, asking another client to request an address goes ignored. I'm beginning to wonder if its related to my network configuration rather than my jail configuration. DSL modem > netgear wireless AP/switch (dhcp disabled) > netgear=20 gigabit switch > clients. > imho, you do not need to allow raw sockets. With raw sockets turned off it looks like dhcpd is not able to send the icmp echo request to verify the requested address is available.. (dhcpd.conf(5)) Christer --YiEDa0DAkWCtVeE4 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iQEcBAEBAgAGBQJJDOOpAAoJEJfgcHkNCE4Txi0IAI7akXnSWRMl87wIsu/rhCNj vx7tNenu5fjJ7RYahrOirzBRa4/0pj8/TuDNHMRKR1+RgwnJUcV+HG70LG5nM8Ef ONCb2DQxNTobsXTocUYf1HDG9vAuiH0wAWZEfLfQ+m4MqZAgOrOyiMMJIliJZK6w ImJldRyTltjH5VL4QAwmXm72cXBEA+nD/5KcjfZ2XCghHsICA0/iVrtX8R/UaOWQ njFZfpI5e+WEy7AwvAUM26z6D+/G7S28+WH91+1s+vAYVY+Y3GdB2BMYzqsoZhpP 2fJN4TIYjy+lNoihzuJ2ad5bO7dTExkzQ/GdRVdzPoLPzGTsegKtmLxpqZhxNLY= =CXsw -----END PGP SIGNATURE----- --YiEDa0DAkWCtVeE4--