From owner-freebsd-jail@FreeBSD.ORG Sun Feb 8 16:36:44 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2297D106564A for ; Sun, 8 Feb 2009 16:36:44 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [91.103.162.4]) by mx1.freebsd.org (Postfix) with ESMTP id D40418FC16 for ; Sun, 8 Feb 2009 16:36:43 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from localhost (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id C35FE19E02A; Sun, 8 Feb 2009 17:36:41 +0100 (CET) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 92C1519E023; Sun, 8 Feb 2009 17:36:38 +0100 (CET) Message-ID: <498F0A16.7050108@quip.cz> Date: Sun, 08 Feb 2009 17:36:38 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: cz, cs, en, en-us MIME-Version: 1.0 To: "Bjoern A. Zeeb" References: <20090207174104.Y93725@maildrop.int.zabbadoz.net> In-Reply-To: <20090207174104.Y93725@maildrop.int.zabbadoz.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org Subject: Re: HEADS UP: multi-IPv4/v6/no-IP jails now in 7-STABLE X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Feb 2009 16:36:44 -0000 Bjoern A. Zeeb wrote: > Hi, > > what has started a long time ago with patches from various people, was > started, abandoned, resumed finally found an end. > > I am happy to hereby announce that the multi-IPv4/v6/no-IP jails work > has been merged to 7-STABLE and thus can be used in FreeBSD 7 without > the need to maintain or apply patches from now on. > > This also means that the updated jails will be included in 7.2 release. > > This update gives you (short selection): > - zero, one or multi-IP jails. > - IPv4 and IPv6 support. > - cpuset support for jails. > - jail names and states to ease administration. - 32bit compat on 64bit, > jail v1 compat, .. > > You'll find a longer summary about all the new features and how to use > them in a posting from December (you should really read it): > http://lists.freebsd.org/pipermail/freebsd-jail/2008-December/000631.html > > Since the above posting, multiple PRs had been addressed and fixes include > - SIOCGIFADDR ioctl handling which fixes the "samba inside jails problem" > - no more arp and ndp information disclosure > - updated rc.conf framework (fully backward compatible in 7), see > man 5 rc.conf and /etc/defaults/rc.conf. > - various documentation/man page updates > - ... Many thanks for your hard work on Jails!! I am planning to test 7-STABLE in next few days. Can you explain more details about "32bit compat on 64bit, jail v1 compat, .."? Is it possible to run 32bit jail in 64bit host and build & run 32bit ports (marked as i386 only) in it? What is needet to setup 32bit jail in 64bit host? Thanks again Miroslav Lachman From owner-freebsd-jail@FreeBSD.ORG Sun Feb 8 16:50:08 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EE472106564A for ; Sun, 8 Feb 2009 16:50:08 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id A07718FC12 for ; Sun, 8 Feb 2009 16:50:08 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id A4E5041C6BB; Sun, 8 Feb 2009 17:50:06 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id hqtSY0kJa0hS; Sun, 8 Feb 2009 17:50:06 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id 2B5B341C679; Sun, 8 Feb 2009 17:50:06 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 2FBB04448EC; Sun, 8 Feb 2009 16:45:42 +0000 (UTC) Date: Sun, 8 Feb 2009 16:45:42 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Miroslav Lachman <000.fbsd@quip.cz> In-Reply-To: <498F0A16.7050108@quip.cz> Message-ID: <20090208164325.I93725@maildrop.int.zabbadoz.net> References: <20090207174104.Y93725@maildrop.int.zabbadoz.net> <498F0A16.7050108@quip.cz> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-jail@freebsd.org Subject: Re: HEADS UP: multi-IPv4/v6/no-IP jails now in 7-STABLE X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Feb 2009 16:50:09 -0000 On Sun, 8 Feb 2009, Miroslav Lachman wrote: Hi, > Can you explain more details about "32bit compat on 64bit, jail v1 compat, > .."? > Is it possible to run 32bit jail in 64bit host and build & run 32bit ports > (marked as i386 only) in it? What is needet to setup 32bit jail in 64bit > host? Running a 32bit userland on a 64bit machine inside a jail had been possible for quite a while; you'll find the instructions for a "perfect" setup with a bit of search. What the above means is that your i386 jail binary will work on amd64 and that your old jail binary from before the update will work on the kernel after the update. jls will not btw. /bz -- Bjoern A. Zeeb The greatest risk is not taking one. From owner-freebsd-jail@FreeBSD.ORG Sun Feb 8 17:24:16 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 619A0106566B for ; Sun, 8 Feb 2009 17:24:16 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [91.103.162.4]) by mx1.freebsd.org (Postfix) with ESMTP id 1D5178FC0A for ; Sun, 8 Feb 2009 17:24:15 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from localhost (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id B2BD919E042; Sun, 8 Feb 2009 18:24:14 +0100 (CET) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 8B95E19E02E; Sun, 8 Feb 2009 18:24:12 +0100 (CET) Message-ID: <498F153C.7070606@quip.cz> Date: Sun, 08 Feb 2009 18:24:12 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: cz, cs, en, en-us MIME-Version: 1.0 To: "Bjoern A. Zeeb" References: <20090207174104.Y93725@maildrop.int.zabbadoz.net> <498F0A16.7050108@quip.cz> <20090208164325.I93725@maildrop.int.zabbadoz.net> In-Reply-To: <20090208164325.I93725@maildrop.int.zabbadoz.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org Subject: Re: HEADS UP: multi-IPv4/v6/no-IP jails now in 7-STABLE X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Feb 2009 17:24:16 -0000 Bjoern A. Zeeb wrote: > On Sun, 8 Feb 2009, Miroslav Lachman wrote: > > Hi, > >> Can you explain more details about "32bit compat on 64bit, jail v1 >> compat, .."? >> Is it possible to run 32bit jail in 64bit host and build & run 32bit >> ports (marked as i386 only) in it? What is needet to setup 32bit jail >> in 64bit host? > > > Running a 32bit userland on a 64bit machine inside a jail had been > possible for quite a while; you'll find the instructions for a > "perfect" setup with a bit of search. I know it was discussed few times in this list (eg. "Compilation question 64bit, 32 bit" at 2008-10-16), but I think there was not any "perfect" setup instructions and I am unable to find it with google (maybe I ask google by wrong questions ;]), so can you point me to the right place? > What the above means is that your i386 jail binary will work on amd64 and > that your old jail binary from before the update will work on the kernel > after the update. jls will not btw. As Alexander Leidinger replied in the mentioned thread, it does not seems too simple (in case of ports infrastructure) to use 32bit jail as pure 32bit environment to compile i386 only ports. I will try it next week and post back any results / questions. And in case of success, I will write it on Jails wiki page. Miroslav Lachman From owner-freebsd-jail@FreeBSD.ORG Sun Feb 8 21:30:09 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 665A7106564A for ; Sun, 8 Feb 2009 21:30:09 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id 1F5B38FC12 for ; Sun, 8 Feb 2009 21:30:08 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 1393C41C679 for ; Sun, 8 Feb 2009 22:30:08 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id eBEB4ybwIqyW for ; Sun, 8 Feb 2009 22:30:05 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id 9CF2141C66F; Sun, 8 Feb 2009 22:30:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 0F4344448EC for ; Sun, 8 Feb 2009 21:28:53 +0000 (UTC) Date: Sun, 8 Feb 2009 21:28:52 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: freebsd-jail@freebsd.org Message-ID: <20090208212042.L93725@maildrop.int.zabbadoz.net> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: jail MFC might have broken more ports/contrib code X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Feb 2009 21:30:09 -0000 Hi, from the commit to head I am aware of 4 ports that broke due to the update of struct jail, etc. as they are compiling or are tied to C code. I have either submitted PRs for those (again) or contacted the author or maintainer either before (for head) or today. These ports are: - py25-freebsd - mod_jail - p5-BSD-Jail-Object - jailutils In case you are aware of any other port that broke let me know (in case you cannot fix it yourself) and I will happily assist updating it so that it will work with either version of jails. portmgr is doing a private ports run for this as well to possibly identify other ports that broke but they won't catch scripts that no longer can parse jls output or similar things. My offer for help is also valid in case you have out-of src and ports code that needs updating. (In case its a closed source project you will consider a donation to the freebsd foundation;) /bz -- Bjoern A. Zeeb The greatest risk is not taking one. From owner-freebsd-jail@FreeBSD.ORG Mon Feb 9 02:30:22 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D022D106566B for ; Mon, 9 Feb 2009 02:30:22 +0000 (UTC) (envelope-from andrew.hotlab@hotmail.com) Received: from col0-omc1-s13.col0.hotmail.com (col0-omc1-s13.col0.hotmail.com [65.55.34.23]) by mx1.freebsd.org (Postfix) with ESMTP id AD1608FC0C for ; Mon, 9 Feb 2009 02:30:22 +0000 (UTC) (envelope-from andrew.hotlab@hotmail.com) Received: from COL113-W56 ([65.55.34.8]) by col0-omc1-s13.col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Sun, 8 Feb 2009 18:18:23 -0800 Message-ID: X-Originating-IP: [217.133.1.92] From: Andrew Hotlab To: , <000.fbsd@quip.cz> Date: Mon, 9 Feb 2009 02:18:22 +0000 Importance: Normal In-Reply-To: <20090208164325.I93725@maildrop.int.zabbadoz.net> References: <20090207174104.Y93725@maildrop.int.zabbadoz.net> <498F0A16.7050108@quip.cz> <20090208164325.I93725@maildrop.int.zabbadoz.net> MIME-Version: 1.0 X-OriginalArrivalTime: 09 Feb 2009 02:18:23.0237 (UTC) FILETIME=[AEE0EB50:01C98A5C] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-jail@freebsd.org Subject: RE: HEADS UP: multi-IPv4/v6/no-IP jails now in 7-STABLE X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Feb 2009 02:30:23 -0000 > Date: Sun=2C 8 Feb 2009 16:45:42 +0000> From: bzeeb-lists@lists.zabbadoz.= net> >> Can you explain more details about "32bit compat on 64bit=2C jail v= 1 compat=2C >> .."?>> Is it possible to run 32bit jail in 64bit host and bu= ild & run 32bit ports >> (marked as i386 only) in it? What is needet to set= up 32bit jail in 64bit >> host?> > Running a 32bit userland on a 64bit mach= ine inside a jail had been> possible for quite a while=3B you'll find the = instructions for a> "perfect" setup with a bit of search.> I think this thr= ead might be helpful:http://lists.freebsd.org/pipermail/freebsd-arch/2009-J= anuary/008845.htmlGreetings.Andrew _________________________________________________________________ News=2C entertainment and everything you care about at Live.com. Get it now= ! http://www.live.com/getstarted.aspx= From owner-freebsd-jail@FreeBSD.ORG Mon Feb 9 11:06:54 2009 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5EFB01065673 for ; Mon, 9 Feb 2009 11:06:54 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 4B5158FC18 for ; Mon, 9 Feb 2009 11:06:54 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n19B6stu009164 for ; Mon, 9 Feb 2009 11:06:54 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n19B6r1n009160 for freebsd-jail@FreeBSD.org; Mon, 9 Feb 2009 11:06:53 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 9 Feb 2009 11:06:53 GMT Message-Id: <200902091106.n19B6r1n009160@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Feb 2009 11:06:55 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with 3 problems total. From owner-freebsd-jail@FreeBSD.ORG Tue Feb 10 21:17:25 2009 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5B22810656D5 for ; Tue, 10 Feb 2009 21:17:25 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [91.103.162.4]) by mx1.freebsd.org (Postfix) with ESMTP id 17AB18FC1A for ; Tue, 10 Feb 2009 21:17:24 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from localhost (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id ED42419E027 for ; Tue, 10 Feb 2009 22:17:23 +0100 (CET) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id C5E6219E023 for ; Tue, 10 Feb 2009 22:17:21 +0100 (CET) Message-ID: <4991EEE0.2050202@quip.cz> Date: Tue, 10 Feb 2009 22:17:20 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: cz, cs, en, en-us MIME-Version: 1.0 To: freebsd-jail@FreeBSD.org References: <200804112132.m3BLWb6x089521@freefall.freebsd.org> In-Reply-To: <200804112132.m3BLWb6x089521@freefall.freebsd.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: kern/122270: [jail] [patch] jail numbers keep incrementing X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Feb 2009 21:17:25 -0000 delphij@FreeBSD.org wrote: > Synopsis: [jail] [patch] jail numbers keep incrementing > > State-Changed-From-To: open->patched > State-Changed-By: delphij > State-Changed-When: Fri Apr 11 21:32:08 UTC 2008 > State-Changed-Why: > Committed against -HEAD, MFC reminder. > > > Responsible-Changed-From-To: freebsd-jail->delphij > Responsible-Changed-By: delphij > Responsible-Changed-When: Fri Apr 11 21:32:08 UTC 2008 > Responsible-Changed-Why: > Take. > > http://www.freebsd.org/cgi/query-pr.cgi?pr=122270 Is it really commited to 7_RELENG? I am running 7.1-RELEASE and JID is still incrementing after each stop + start. In my test case, I started with 3 jails (JID 1, 2, 3), then I stopped jail with JID 2, start it again (now it has JID 4), stop + start and JID is 5, stop + start again and JID is 6... Miroslav Lachman From owner-freebsd-jail@FreeBSD.ORG Tue Feb 10 22:05:07 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D13C0106566C for ; Tue, 10 Feb 2009 22:05:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id 896438FC08 for ; Tue, 10 Feb 2009 22:05:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id DBD6F41C5AE; Tue, 10 Feb 2009 23:05:05 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id Dxx-UJ0+TtVg; Tue, 10 Feb 2009 23:05:05 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id 8DF6841C596; Tue, 10 Feb 2009 23:05:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 670A94448EC; Tue, 10 Feb 2009 22:03:24 +0000 (UTC) Date: Tue, 10 Feb 2009 22:03:24 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Miroslav Lachman <000.fbsd@quip.cz> In-Reply-To: <4991EEE0.2050202@quip.cz> Message-ID: <20090210220131.M3338@maildrop.int.zabbadoz.net> References: <200804112132.m3BLWb6x089521@freefall.freebsd.org> <4991EEE0.2050202@quip.cz> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-jail@FreeBSD.org Subject: Re: kern/122270: [jail] [patch] jail numbers keep incrementing X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Feb 2009 22:05:08 -0000 On Tue, 10 Feb 2009, Miroslav Lachman wrote: >> http://www.freebsd.org/cgi/query-pr.cgi?pr=122270 > > Is it really commited to 7_RELENG? I am running 7.1-RELEASE and JID is still > incrementing after each stop + start. > In my test case, I started with 3 jails (JID 1, 2, 3), then I stopped jail > with JID 2, start it again (now it has JID 4), stop + start and JID is 5, > stop + start again and JID is 6... It had been backed out because it gave various people various problems and lead to races with startup/shutdown of jails an mgmt tools. But that's been looong ago. /bz -- Bjoern A. Zeeb The greatest risk is not taking one. From owner-freebsd-jail@FreeBSD.ORG Tue Feb 10 22:36:14 2009 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AA416106566C for ; Tue, 10 Feb 2009 22:36:14 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [91.103.162.4]) by mx1.freebsd.org (Postfix) with ESMTP id 6572F8FC08 for ; Tue, 10 Feb 2009 22:36:14 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from localhost (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 2F3D519E023; Tue, 10 Feb 2009 23:36:13 +0100 (CET) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id F0B6219E027; Tue, 10 Feb 2009 23:36:10 +0100 (CET) Message-ID: <49920159.9090400@quip.cz> Date: Tue, 10 Feb 2009 23:36:09 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: cz, cs, en, en-us MIME-Version: 1.0 To: "Bjoern A. Zeeb" References: <200804112132.m3BLWb6x089521@freefall.freebsd.org> <4991EEE0.2050202@quip.cz> <20090210220131.M3338@maildrop.int.zabbadoz.net> In-Reply-To: <20090210220131.M3338@maildrop.int.zabbadoz.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@FreeBSD.org Subject: Re: kern/122270: [jail] [patch] jail numbers keep incrementing X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Feb 2009 22:36:15 -0000 Bjoern A. Zeeb wrote: > On Tue, 10 Feb 2009, Miroslav Lachman wrote: > >>> http://www.freebsd.org/cgi/query-pr.cgi?pr=122270 >> >> >> Is it really commited to 7_RELENG? I am running 7.1-RELEASE and JID is >> still incrementing after each stop + start. >> In my test case, I started with 3 jails (JID 1, 2, 3), then I stopped >> jail with JID 2, start it again (now it has JID 4), stop + start and >> JID is 5, stop + start again and JID is 6... > > > It had been backed out because it gave various people various problems > and lead to races with startup/shutdown of jails an mgmt tools. > But that's been looong ago. Thank you for your quick reply. I think that it would be nice to add related informations to (closed) PRs. This is not the first time when something was backed out or not MFCd but PR stated that it is commited. Miroslav Lachman From owner-freebsd-jail@FreeBSD.ORG Wed Feb 11 11:22:18 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 512BB1065672 for ; Wed, 11 Feb 2009 11:22:18 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [91.103.162.4]) by mx1.freebsd.org (Postfix) with ESMTP id 0F2248FC16 for ; Wed, 11 Feb 2009 11:22:18 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from localhost (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id F0CAD19E027; Wed, 11 Feb 2009 12:22:16 +0100 (CET) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 82FB819E023; Wed, 11 Feb 2009 12:22:14 +0100 (CET) Message-ID: <4992B4E6.1040607@quip.cz> Date: Wed, 11 Feb 2009 12:22:14 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: cz, cs, en, en-us MIME-Version: 1.0 To: "Bjoern A. Zeeb" References: <20090207174104.Y93725@maildrop.int.zabbadoz.net> In-Reply-To: <20090207174104.Y93725@maildrop.int.zabbadoz.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org Subject: Re: HEADS UP: multi-IPv4/v6/no-IP jails now in 7-STABLE X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Feb 2009 11:22:18 -0000 I have a question about INADDR_ANY in relation to new multi-IP jails. It was discussed some time ago as PR 84215 [wildcard ip (INADDR_ANY) should not bind inside a jail] http://www.freebsd.org/cgi/query-pr.cgi?pr=84215 and it seemed fixed, but manpage for jail is still saying: "Similarly, it might be a good idea to add an address alias flag such that daemons listening on all IPs (INADDR_ANY) will not bind on that address, which would facilitate building a safe host environment such that host daemons do not impose on services offered from within jails." Can you please clarify the current state? Miroslav Lachman From owner-freebsd-jail@FreeBSD.ORG Wed Feb 11 22:35:09 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A608A1065672 for ; Wed, 11 Feb 2009 22:35:09 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id 5ED848FC18 for ; Wed, 11 Feb 2009 22:35:09 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 2F86941C69F; Wed, 11 Feb 2009 23:35:07 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id 72WPPFisNaF8; Wed, 11 Feb 2009 23:35:06 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id B842E41C6B4; Wed, 11 Feb 2009 23:35:06 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id D75EC4448EC; Wed, 11 Feb 2009 22:32:13 +0000 (UTC) Date: Wed, 11 Feb 2009 22:32:13 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Miroslav Lachman <000.fbsd@quip.cz> In-Reply-To: <4992B4E6.1040607@quip.cz> Message-ID: <20090211223202.W53478@maildrop.int.zabbadoz.net> References: <20090207174104.Y93725@maildrop.int.zabbadoz.net> <4992B4E6.1040607@quip.cz> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-jail@freebsd.org Subject: Re: HEADS UP: multi-IPv4/v6/no-IP jails now in 7-STABLE X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Feb 2009 22:35:10 -0000 On Wed, 11 Feb 2009, Miroslav Lachman wrote: > I have a question about INADDR_ANY in relation to new multi-IP jails. > It was discussed some time ago as PR 84215 [wildcard ip (INADDR_ANY) should > not bind inside a jail] http://www.freebsd.org/cgi/query-pr.cgi?pr=84215 and > it seemed fixed, but manpage for jail is still saying: > > "Similarly, it might be a good idea to add an address alias flag such that > daemons listening on all IPs (INADDR_ANY) will not bind on that address, > which would facilitate building a safe host environment such that host > daemons do not impose on services offered from within jails." > > Can you please clarify the current state? http://lists.freebsd.org/pipermail/freebsd-jail/2008-November/000623.html -- Bjoern A. Zeeb The greatest risk is not taking one. From owner-freebsd-jail@FreeBSD.ORG Thu Feb 12 13:05:09 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7F47D106564A; Thu, 12 Feb 2009 13:05:09 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id 2266A8FC1A; Thu, 12 Feb 2009 13:05:09 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id DFAEC41C70C; Thu, 12 Feb 2009 14:05:06 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id OlWeUiC4ysJ7; Thu, 12 Feb 2009 14:05:06 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id 71C9E41C707; Thu, 12 Feb 2009 14:05:06 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 882934448EC; Thu, 12 Feb 2009 13:02:28 +0000 (UTC) Date: Thu, 12 Feb 2009 13:02:27 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: d@delphij.net In-Reply-To: <499244E6.9030205@delphij.net> Message-ID: <20090212122419.Q53478@maildrop.int.zabbadoz.net> References: <499244E6.9030205@delphij.net> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-jail@freebsd.org, freebsd-rc@FreeBSD.org, FreeBSD Current Subject: Re: [RFC] Skeleton jail (rc.d feature proposal) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Feb 2009 13:05:10 -0000 On Tue, 10 Feb 2009, Xin LI wrote: Hi, PreS: I added freebsd-jail@ to Cc:. > Ok, some local users has prodded me in committing the "skeleton jail" > feature, I find it useful myself but not sure if it's appropriate to > commit it against -HEAD, so I'd like to explain it, try to present it in > a better way, and request for comments. I have seen lots of "skeleton jail" features the last years working with lots of different parties and I have a private one myself tied into some other stuff which is even more meagre than most. It's 2 files and 7 lines of sh and that's only because I am lazy. I have seen everything from sh scripts to install worlds/distribution for a jail, to the same and then remove stuff, unionfs tries and nullfs mounts. From mergemaster setups populating worlds for jail from private trees to restores from master images. Some were really nice, others were .. improvable. They all helped the people in their environment but few could use what the others had done in their environment. > The rc.d infrastructure would automatically mount the following > directories from the template (when not specified, /) as read-only: > > bin > lib > libexec > sbin > usr/bin > usr/include > usr/lib > usr/libdata > usr/libexec > usr/sbin > usr/share I do not have the following two on most/any of my machines: > usr/src > usr/obj The correct way to do this I think would leave rc.d/jail untouched and (pre-)populate an /etc/fstab. and use that. Considering that my last commit messages already said that Simon and I have big worries about all the features in /etc/rc.d/jail and would rather remove than than keep them and that this is basically two things: 1) pre-seed a jail hierachy and etc from a source tree 2) mount some nullfs into the jail on start, unmount on stop (I hope I didn't miss anything else) I am wondering if this large patch cannot be reduced to a few line sh script to seed the jail + fstab, not needing to fiddle with base for that. 1 #/bin/sh 2 # $1 is DESTDIR of the jail 3 # $2 is the jail name as in rc.conf 4 # $3 is the skel root to mount from 5 # other arguments are rw nullfs mounts 6 cd /usr/src 7 make hierachy DESTDIR=$1 8 make distribution DESTDIR=$1 9 for d in bin lib libexec ..; do 10 echo "$3/${d} $1/$3 nullfs ro 0 0" >> /etc/fstab.$2 11 done 12 shift; shift; shift 13 for d in bin lib libexec ..; do 14 echo "$3/${d} $1/$3 nullfs rw 0 0" >> /etc/fstab.$2 15 done 16 echo "Add jail_$2_mount_enable='YES' to /etc/rc.conf" This is untested and doesn't have error checking etc. I would even put it in a Makefile instead of doing it in sh. A lot more flexible than anything in base will ever be. Just my 5ct. /bz -- Bjoern A. Zeeb The greatest risk is not taking one. From owner-freebsd-jail@FreeBSD.ORG Sat Feb 14 22:03:07 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 224331065672 for ; Sat, 14 Feb 2009 22:03:07 +0000 (UTC) (envelope-from anders.hagman@netplex.se) Received: from mailfront1.netatonce.net (mailfront1.netatonce.net [217.10.96.36]) by mx1.freebsd.org (Postfix) with ESMTP id ABF0E8FC1D for ; Sat, 14 Feb 2009 22:03:06 +0000 (UTC) (envelope-from anders.hagman@netplex.se) Received: from localhost (localhost [127.0.0.1]) by mailfront1.netatonce.net (Postfix) with ESMTP id C84C6406A for ; Sat, 14 Feb 2009 22:39:55 +0100 (CET) X-Virus-Scanned: by amavis at citynet.nu X-Spam-Score: 0 X-Spam-Level: X-Spam-Status: No, score=0 tagged_above=-999 required=999 tests=[none] Received: from mailfront1.netatonce.net ([127.0.0.1]) by localhost (mailfront1.citynet.nu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e5U4a9X19pII for ; Sat, 14 Feb 2009 22:39:54 +0100 (CET) Received: from [127.0.0.1] (user55.85-195-9.netatonce.net [85.195.9.55]) by mailfront1.netatonce.net (Postfix) with ESMTP id F20DC42AF for ; Sat, 14 Feb 2009 22:13:17 +0100 (CET) Message-ID: <499733EC.3040706@netplex.se> Date: Sat, 14 Feb 2009 22:13:16 +0100 From: Anders Hagman User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Antivirus: avast! (VPS 090214-0, 2009-02-14), Outbound message X-Antivirus-Status: Clean Subject: BIND in jail problem X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Feb 2009 22:03:07 -0000 Hi I'm trying to use BIND inside a jail and have passed the chroot problem and have a running named without chroot. The problem is that the jail does not have the address 127.0.0.1 or does not use the info in resolv.conf. When I use the host command I get: [root@ippbx1 ~]# host ippbx1 ;; reply from unexpected source: 172.16.101.3#53, expected 127.0.0.1#53 /etc/resolv.conf domain kalmar.se search kalmar.se nameserver 127.0.0.1 tcpdump: 21:33:49.569332 IP (tos 0x0, ttl 64, id 31390, offset 0, flags [none], proto UDP (17), length 52) 172.16.101.3.62278 > 172.16.101.3.53: 28477+ A? ippbx1. (24) 21:33:49.569890 IP (tos 0x0, ttl 64, id 31393, offset 0, flags [none], proto UDP (17), length 52) 172.16.101.3.53 > 172.16.101.3.62278: 28477 ServFail 0/0/0 (24 As you can see the destination address is 172.16.101.3 despite the name server address in resolv.conf. The host command does not add the domain as it should and sends the query as "A? ippbx1" instead of "A? ippbx1.kalmar.se". The host command expects to get an answer from 127.0.0.1. Changing the nameserver address in resolv.conf to 172.16.101.3 does not change anything. Using the FQDN does not help because it's still the wrong expected address. The only thing that works is: host ippbx1.kalmar.se 172.16.101.3. Using ping give a different picture: [root@ippbx1 ~]# ping ippbx1 ping: cannot resolve ippbx1: Host name lookup failure /etc/resolv.conf domain kalmar.se search kalmar.se nameserver 172.16.101.3 tcpdump: 21:47:39.143152 IP (tos 0x0, ttl 64, id 31817, offset 0, flags [none], proto UDP (17), length 62) 172.16.101.3.60878 > 127.0.0.1.53: 35805+ A? ippbx1.kalmar.se. (34) 21:47:39.143165 IP (tos 0x0, ttl 64, id 31818, offset 0, flags [none], proto ICMP (1), length 56) 127.0.0.1 > 172.16.101.3: ICMP 127.0.0.1 udp port 53 unreachable, length 36 ping does add the domain to the query but does not read the address from resolv.conf and sends the query to 127.0.0.1. And 127.0.0.1 is the host 0 machine and does not run BIND. uname -a FreeBSD ippbx1.kalmar.se 7.1-RELEASE FreeBSD 7.1-RELEASE #0 named -v BIND 9.4.2-P2 named.conf: zone "kalmar.se" { type master; file "master/kalmar"; }; zone "101.16.172.in-addr.arpa" { type master; file "master/kalmar.rev"; }; zone file kalmar: $TTL 3h @ SOA ippbx1.kalmar.se. root.ippbx1.kalmar.se. 42 1d 12h 1w 3h ; Serial, Refresh, Retry, Expire, Neg. cache TTL IN NS ippbx1.kalmar.se. ippbx1 IN A 172.16.101.3 zone file kalmar.rev: $TTL 3h @ SOA ippbx1.kalmar.se. root.ippbx1.kalmar.se. 42 1d 12h 1w 3h ; Serial, Refresh, Retry, Expire, Neg. cache TTL IN NS ippbx1.kalmar.se. 3 IN PTR ippbx1.kalmar.se. Why do I what to run BIND inside a jail? Well I'm building a IP-PBX lab and want to run six autonomous jails with DNS, DHCP, NTP and asterisk inside. DHCP and Asterisk works but DNS is vital for the lab. BR Anders H From owner-freebsd-jail@FreeBSD.ORG Sat Feb 14 22:28:14 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A9C76106564A for ; Sat, 14 Feb 2009 22:28:14 +0000 (UTC) (envelope-from scheidell@secnap.net) Received: from fl.us.spammertrap.net (fl.us.spammertrap.net [204.89.241.173]) by mx1.freebsd.org (Postfix) with ESMTP id 62A368FC1D for ; Sat, 14 Feb 2009 22:28:14 +0000 (UTC) (envelope-from scheidell@secnap.net) Received: from localhost (localhost [127.0.0.1]) by fl.us.spammertrap.net (Postfix) with ESMTP id 80E21E60AC for ; Sat, 14 Feb 2009 17:28:13 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secnap.net; h= date:subject:from:content-transfer-encoding:content-type :message-id:content-class:mime-version; s=dkim; t=1234650492; x= 1236464892; bh=A1XolJsT60w1Es3VtcJICU1VE9mfFdzKsLvYTZC44aI=; b=k /xpP5EKwBR5fSKOdGX++0bM9nmjfnwZiGB9vW1ImWiBYFwV5w1WCr0QVnS1SSlFO Zc83XRw0x7DuUG9+tat3fUe2sfIT+P1OR9l4sg/jOHwXK34i0Uba3vaeUmK8uxJU KwaratG+U9OSxds4jEmhX9/pAKl40mO8q+uyASCvAo= X-Amavis-Modified: Mail body modified (using disclaimer) - fl.us.spammertrap.net X-Virus-Scanned: SpammerTrap(r) SME-150 1.94 at fl.us.spammertrap.net Received: from secnap3.secnap.com (secnap3.secnap.com [204.89.241.130]) by fl.us.spammertrap.net (Postfix) with ESMTP id 6CC0AE60A6 for ; Sat, 14 Feb 2009 17:28:12 -0500 (EST) MIME-Version: 1.0 Content-class: Message-ID: <01f701c98ef3$838c2cd7$0d01460a@secnap.com> Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable From: "Michael Scheidell" thread-topic: BIND in jail problem thread-index: AcmO84OMsUD/JFuURHmHKgVXq+Oe8g== X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Sat, 14 Feb 2009 17:28:05 -0500 Importance: normal X-Priority: 3 To: "Anders Hagman" , Cc: Subject: RE: BIND in jail problem X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Feb 2009 22:28:14 -0000 172 16 101 3 is what you should be listening on abduction use in resolve = cong. -----Original Message----- From: Anders Hagman Sent: Saturday, February 14, 2009 5:03 PM To: freebsd-jail@freebsd.org Subject: BIND in jail problem Hi I'm trying to use BIND inside a jail and have passed the chroot problem and have a running named without chroot. The problem is that the jail does not have the address 127.0.0.1 or does = not use=20 the info in resolv.conf. When I use the host command I get: [root@ippbx1 ~]# host ippbx1 ;; reply from unexpected source: 172.16.101.3#53, expected 127.0.0.1#53 /etc/resolv.conf domain kalmar.se search kalmar.se nameserver 127.0.0.1 tcpdump: 21:33:49.569332 IP (tos 0x0, ttl 64, id 31390, offset 0, flags [none], = proto UDP=20 (17), length 52) 172.16.101.3.62278 > 172.16.101.3.53: 28477+ A? ippbx1. = (24) 21:33:49.569890 IP (tos 0x0, ttl 64, id 31393, offset 0, flags [none], = proto UDP=20 (17), length 52) 172.16.101.3.53 > 172.16.101.3.62278: 28477 ServFail = 0/0/0 (24 As you can see the destination address is 172.16.101.3 despite the name = server=20 address in resolv.conf. The host command does not add the domain as it = should=20 and sends the query as "A? ippbx1" instead of "A? ippbx1.kalmar.se". The = host=20 command expects to get an answer from 127.0.0.1. Changing the nameserver address in resolv.conf to 172.16.101.3 does not = change=20 anything. Using the FQDN does not help because it's still the wrong = expected=20 address. The only thing that works is: host ippbx1.kalmar.se = 172.16.101.3. Using ping give a different picture: [root@ippbx1 ~]# ping ippbx1 ping: cannot resolve ippbx1: Host name lookup failure /etc/resolv.conf domain kalmar.se search kalmar.se nameserver 172.16.101.3 tcpdump: 21:47:39.143152 IP (tos 0x0, ttl 64, id 31817, offset 0, flags [none], = proto UDP=20 (17), length 62) 172.16.101.3.60878 > 127.0.0.1.53: 35805+ A? = ippbx1.kalmar.se. (34) 21:47:39.143165 IP (tos 0x0, ttl 64, id 31818, offset 0, flags [none], = proto=20 ICMP (1), length 56) 127.0.0.1 > 172.16.101.3: ICMP 127.0.0.1 udp port = 53=20 unreachable, length 36 ping does add the domain to the query but does not read the address from = resolv.conf and sends the query to 127.0.0.1. And 127.0.0.1 is the host = 0=20 machine and does not run BIND. uname -a FreeBSD ippbx1.kalmar.se 7.1-RELEASE FreeBSD 7.1-RELEASE #0 named -v BIND 9.4.2-P2 named.conf: zone "kalmar.se" { type master; file "master/kalmar"; }; zone "101.16.172.in-addr.arpa" { type master; file "master/kalmar.rev"; = }; zone file kalmar: $TTL 3h @ SOA ippbx1.kalmar.se. root.ippbx1.kalmar.se. 42 1d 12h 1w 3h ; Serial, Refresh, Retry, Expire, Neg. cache TTL IN NS ippbx1.kalmar.se. ippbx1 IN A 172.16.101.3 zone file kalmar.rev: $TTL 3h @ SOA ippbx1.kalmar.se. root.ippbx1.kalmar.se. 42 1d 12h 1w 3h ; Serial, Refresh, Retry, Expire, Neg. cache TTL IN NS ippbx1.kalmar.se. 3 IN PTR ippbx1.kalmar.se. Why do I what to run BIND inside a jail? Well I'm building a IP-PBX lab and want to run six autonomous jails with DNS, DHCP, NTP and asterisk = inside. DHCP and Asterisk works but DNS is vital for the lab. BR Anders H _______________________________________________ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" _________________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _________________________________________________________________________ From owner-freebsd-jail@FreeBSD.ORG Sat Feb 14 22:40:08 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4F1E21065672 for ; Sat, 14 Feb 2009 22:40:08 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id CF9F38FC26 for ; Sat, 14 Feb 2009 22:40:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 04B0D41C6A1; Sat, 14 Feb 2009 23:40:06 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id MtcpBzJMmO0U; Sat, 14 Feb 2009 23:40:05 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id 1CC0141C67B; Sat, 14 Feb 2009 23:40:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id C4ACB4448E6; Sat, 14 Feb 2009 22:38:57 +0000 (UTC) Date: Sat, 14 Feb 2009 22:38:57 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Anders Hagman In-Reply-To: <499733EC.3040706@netplex.se> Message-ID: <20090214221759.L53478@maildrop.int.zabbadoz.net> References: <499733EC.3040706@netplex.se> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-jail@freebsd.org Subject: Re: BIND in jail problem X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Feb 2009 22:40:08 -0000 On Sat, 14 Feb 2009, Anders Hagman wrote: Hi, I am inclined to say that something is not right with your setup and I am not able to reproduce any of the symptoms on 7-STABLE pre-jail-MFC but that's not going to help. Those named inside jail things come up regularly and either end without any results as people stop to reply or a pilot error quickly identified. It might be hard to resolve the problem in mail or might need lots of mails so I'd suggest to take your reply off-list, and we'll post a summary with the results once things are solved. > I'm trying to use BIND inside a jail and have passed the chroot > problem and have a running named without chroot. what does netstat -an | grep '\.53' say inside your jail? > The problem is that the jail does not have the address 127.0.0.1 or does not that's becoming a FAQ and later jail2 man pages say: :: All connections to/from the loopback address (127.0.0.1 for IPv4, ::1 :: for IPv6) will be changed to be to/from the primary address of the jail :: for the given address family. so for your jail (I assume a stock 7.1-RELEASE) ignore the IPv6 part and the "primary" part as there is only one IP (which is the primary IP in that case). > use the info in resolv.conf. > > When I use the host command I get: > > [root@ippbx1 ~]# host ippbx1 > ;; reply from unexpected source: 172.16.101.3#53, expected 127.0.0.1#53 > > /etc/resolv.conf > domain kalmar.se > search kalmar.se man resolv.conf says: :: The domain and search keywords are mutually exclusive. If more than one :: instance of these keywords is present, the last instance will override. so you can remove the domain line. > nameserver 127.0.0.1 > > tcpdump: > 21:33:49.569332 IP (tos 0x0, ttl 64, id 31390, offset 0, flags [none], proto > UDP (17), length 52) 172.16.101.3.62278 > 172.16.101.3.53: 28477+ A? ippbx1. > (24) > > 21:33:49.569890 IP (tos 0x0, ttl 64, id 31393, offset 0, flags [none], proto > UDP (17), length 52) 172.16.101.3.53 > 172.16.101.3.62278: 28477 ServFail > 0/0/0 (24 This looks fine from the IP point of view as if 172.16.101.3 is our jail IP is correct. > As you can see the destination address is 172.16.101.3 despite the name > server address in resolv.conf. The host command does not add the domain as it > should and sends the query as "A? ippbx1" instead of "A? ippbx1.kalmar.se". > The host command expects to get an answer from 127.0.0.1. I am not yet sure where this comes from but if that's really a problem change it to nameserver 172.16.101.3 as this is what it is effectively anyway. > Changing the nameserver address in resolv.conf to 172.16.101.3 does not > change anything. Using the FQDN does not help because it's still the wrong > expected address. Now that does not make any sense. You changed the IP but it still reporting the "reply from unexpected source: ... expected .."? > The only thing that works is: host ippbx1.kalmar.se > 172.16.101.3. > > Using ping give a different picture: You enabled raw sockets for jails? > [root@ippbx1 ~]# ping ippbx1 > ping: cannot resolve ippbx1: Host name lookup failure > > /etc/resolv.conf > domain kalmar.se > search kalmar.se > nameserver 172.16.101.3 > > > tcpdump: > 21:47:39.143152 IP (tos 0x0, ttl 64, id 31817, offset 0, flags [none], proto > UDP (17), length 62) 172.16.101.3.60878 > 127.0.0.1.53: 35805+ A? > ippbx1.kalmar.se. (34) > 21:47:39.143165 IP (tos 0x0, ttl 64, id 31818, offset 0, flags [none], proto > ICMP (1), length 56) 127.0.0.1 > 172.16.101.3: ICMP 127.0.0.1 udp port 53 > unreachable, length 36 > > > ping does add the domain to the query but does not read the address from > resolv.conf and sends the query to 127.0.0.1. And 127.0.0.1 is the host 0 > machine and does not run BIND. I start wondering if you are editing the correct resolve.conf inside the correct jail and run your commands inside the same jail? /bz -- Bjoern A. Zeeb The greatest risk is not taking one. From owner-freebsd-jail@FreeBSD.ORG Sat Feb 14 22:44:09 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 72B50106566B for ; Sat, 14 Feb 2009 22:44:09 +0000 (UTC) (envelope-from davidn04@gmail.com) Received: from mail-qy0-f12.google.com (mail-qy0-f12.google.com [209.85.221.12]) by mx1.freebsd.org (Postfix) with ESMTP id 1EB6A8FC23 for ; Sat, 14 Feb 2009 22:44:08 +0000 (UTC) (envelope-from davidn04@gmail.com) Received: by qyk5 with SMTP id 5so1459015qyk.19 for ; Sat, 14 Feb 2009 14:44:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=vMC4XYENiB/e3Wh2sYu5VT7Sl6MqMHKOXsab4P7lkN4=; b=HEOhgbVIZ9Q3qwME+tlTZkveum8Ul5rQ6XJg+fB0yA1+2D3IShJr0U5sitwVQ6ctZ2 Lh1sNe5y25VWHv5IzS+p7KkBKSMIlV1Zh+f2LXEIpvjnUd3LQeqDOxaQ1p0NIWiE8Mcz CklJYOedRO8MMP/KU8OepW7wvisEO3RrQL7CU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=tcJlEvwt6KWPfSH8UQfOQs7EYkfc6VR3GpnofRePnSaB7Z8Z2w+OslmesyRu3yz2YZ dcKfMlKNTSlUBaxAVm+BfJv13YFsQFEtXUcT+by9+X19NPq6SjAC0nw3VmPfO/ZvJhwc QapL0ojd1UxMeHPmtD882kmhXDJBRRSE3FQlQ= MIME-Version: 1.0 Received: by 10.224.20.76 with SMTP id e12mr5706194qab.46.1234649841841; Sat, 14 Feb 2009 14:17:21 -0800 (PST) In-Reply-To: <499733EC.3040706@netplex.se> References: <499733EC.3040706@netplex.se> Date: Sun, 15 Feb 2009 09:17:21 +1100 Message-ID: <4d7dd86f0902141417xb626f20h2c694fb3861f751f@mail.gmail.com> From: David N To: Anders Hagman Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org Subject: Re: BIND in jail problem X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Feb 2009 22:44:10 -0000 2009/2/15 Anders Hagman : > Hi > > I'm trying to use BIND inside a jail and have passed the chroot > problem and have a running named without chroot. > > The problem is that the jail does not have the address 127.0.0.1 or does not > use the info in resolv.conf. > > When I use the host command I get: > > [root@ippbx1 ~]# host ippbx1 > ;; reply from unexpected source: 172.16.101.3#53, expected 127.0.0.1#53 > > /etc/resolv.conf > domain kalmar.se > search kalmar.se > nameserver 127.0.0.1 > > tcpdump: > 21:33:49.569332 IP (tos 0x0, ttl 64, id 31390, offset 0, flags [none], proto > UDP (17), length 52) 172.16.101.3.62278 > 172.16.101.3.53: 28477+ A? ippbx1. > (24) > > 21:33:49.569890 IP (tos 0x0, ttl 64, id 31393, offset 0, flags [none], proto > UDP (17), length 52) 172.16.101.3.53 > 172.16.101.3.62278: 28477 ServFail > 0/0/0 (24 > > As you can see the destination address is 172.16.101.3 despite the name > server address in resolv.conf. The host command does not add the domain as > it should and sends the query as "A? ippbx1" instead of "A? > ippbx1.kalmar.se". The host command expects to get an answer from 127.0.0.1. > > Changing the nameserver address in resolv.conf to 172.16.101.3 does not > change anything. Using the FQDN does not help because it's still the wrong > expected address. The only thing that works is: host ippbx1.kalmar.se > 172.16.101.3. > > Using ping give a different picture: > > [root@ippbx1 ~]# ping ippbx1 > ping: cannot resolve ippbx1: Host name lookup failure > > /etc/resolv.conf > domain kalmar.se > search kalmar.se > nameserver 172.16.101.3 > > > tcpdump: > 21:47:39.143152 IP (tos 0x0, ttl 64, id 31817, offset 0, flags [none], proto > UDP (17), length 62) 172.16.101.3.60878 > 127.0.0.1.53: 35805+ A? > ippbx1.kalmar.se. (34) > 21:47:39.143165 IP (tos 0x0, ttl 64, id 31818, offset 0, flags [none], proto > ICMP (1), length 56) 127.0.0.1 > 172.16.101.3: ICMP 127.0.0.1 udp port 53 > unreachable, length 36 > > > ping does add the domain to the query but does not read the address from > resolv.conf and sends the query to 127.0.0.1. And 127.0.0.1 is the host 0 > machine and does not run BIND. > > > uname -a > FreeBSD ippbx1.kalmar.se 7.1-RELEASE FreeBSD 7.1-RELEASE #0 > named -v > BIND 9.4.2-P2 > > named.conf: > zone "kalmar.se" { type master; file "master/kalmar"; }; > zone "101.16.172.in-addr.arpa" { type master; file "master/kalmar.rev"; }; > > zone file kalmar: > > $TTL 3h > @ SOA ippbx1.kalmar.se. root.ippbx1.kalmar.se. 42 1d 12h 1w 3h > ; Serial, Refresh, Retry, Expire, Neg. cache TTL > > IN NS ippbx1.kalmar.se. > ippbx1 IN A 172.16.101.3 > > zone file kalmar.rev: > > $TTL 3h > @ SOA ippbx1.kalmar.se. root.ippbx1.kalmar.se. 42 1d 12h 1w 3h > ; Serial, Refresh, Retry, Expire, Neg. cache TTL > IN NS ippbx1.kalmar.se. > 3 IN PTR ippbx1.kalmar.se. > > > Why do I what to run BIND inside a jail? Well I'm building a IP-PBX lab > and want to run six autonomous jails with DNS, DHCP, NTP and asterisk > inside. > DHCP and Asterisk works but DNS is vital for the lab. > > BR > Anders H > > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > Hi, You also need in your name.conf options { allow-query { 10.0.0.0/8; }; <-- replace with your own network listen-on { 10.1.20.1; }; <-- replace with your jail IP forwarders { xx.xx.xx.xx; xx.xx.xx.xx; }; <-- replace with your upstream DNS servers (supplied by ISP) }; in the resolve.conf should be your domain and DNS server(s) IP addresses, not 127.0.0.1, there is no localhost inside the jails, so it wont work. Regards