From owner-freebsd-jail@FreeBSD.ORG Mon Jun 29 11:07:02 2009 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 02D341065677 for ; Mon, 29 Jun 2009 11:07:02 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id E3CDF8FC13 for ; Mon, 29 Jun 2009 11:07:01 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n5TB71rq046388 for ; Mon, 29 Jun 2009 11:07:01 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n5TB71Xj046384 for freebsd-jail@FreeBSD.org; Mon, 29 Jun 2009 11:07:01 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 29 Jun 2009 11:07:01 GMT Message-Id: <200906291107.n5TB71Xj046384@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Jun 2009 11:07:02 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/133265 jail [jail] is there a solution how to run nfs client in ja o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with 4 problems total. From owner-freebsd-jail@FreeBSD.ORG Mon Jun 29 11:30:09 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 09BAC1065674; Mon, 29 Jun 2009 11:30:09 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [195.88.108.3]) by mx1.freebsd.org (Postfix) with ESMTP id B63A38FC18; Mon, 29 Jun 2009 11:30:08 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 7115441C730; Mon, 29 Jun 2009 13:30:07 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([195.88.108.3]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id Nxf6c2+wibaB; Mon, 29 Jun 2009 13:30:06 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 2B1AC41C729; Mon, 29 Jun 2009 13:30:06 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 259074448E6; Mon, 29 Jun 2009 11:29:27 +0000 (UTC) Date: Mon, 29 Jun 2009 11:29:26 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Sam Wun In-Reply-To: <736c47cb0906290422y756a6a74i9029b4d27d2ade34@mail.gmail.com> Message-ID: <20090629112655.R22887@maildrop.int.zabbadoz.net> References: <736c47cb0906290422y756a6a74i9029b4d27d2ade34@mail.gmail.com> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-net@freebsd.org, freebsd-jail@freebsd.org Subject: Re: Can't login Jailed system X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-jail@freebsd.org List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Jun 2009 11:30:09 -0000 On Mon, 29 Jun 2009, Sam Wun wrote: Hi, we've got a freebsd-jail list that I am Cc:ing. > With FreeBSD 7.2Stable, > I have done this many times before. > After about a month left the "jail" behind, now when I done a > "/etc/rc.d/jail start" and ssh into it, I ended up login to the host > system. > Here is the network configuraiton of the host system and the jail system: > > # ifconfig > rl0: flags=8843 metric 0 mtu 1500 > options=8 > ether 00:00:21:ef:27:f7 > media: Ethernet autoselect (100baseTX ) > status: active > rl1: flags=8802 metric 0 mtu 1500 > options=8 > ether 00:50:fc:65:78:c0 > media: Ethernet autoselect > status: no carrier > fxp0: flags=8843 metric 0 mtu 1500 > options=8 > ether 00:13:20:65:a9:be > inet 192.168.1.246 netmask 0xffffff00 broadcast 192.168.1.255 > inet 192.168.1.245 netmask 0xffffff00 broadcast 192.168.1.255 > inet 192.168.1.235 netmask 0xffffff00 broadcast 192.168.1.255 > inet 192.168.1.242 netmask 0xffffffff broadcast 192.168.1.242 > media: Ethernet autoselect (100baseTX ) > status: active > plip0: flags=108810 metric 0 mtu 1500 > enc0: flags=0<> metric 0 mtu 1536 > pflog0: flags=141 metric 0 mtu 33204 > pfsync0: flags=0<> metric 0 mtu 1460 > syncpeer: 224.0.0.240 maxupd: 128 > lo0: flags=8049 metric 0 mtu 16384 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8 > inet6 ::1 prefixlen 128 > inet 127.0.0.1 netmask 0xff000000 > twp1:# jls > JID IP Address Hostname Path > 5 192.168.1.242 twp5.ip6.com.au /usr/jail2/twp5 > > 192.168.1.242 is the jailed system, > twp1 is the host system. > > After I login 192.168.1.242, I ended up logged in twp1 which is my host system. > Now I am stuck. I don't know how I logged in the jailed system a month ago. > > Can anyone shred some lights on me? Try to jexec 5 /bin/sh (5 is the jailID from the jls output) and check with ps if sshd is running inside the jail, and check the usual things are up and there. /bz -- Bjoern A. Zeeb The greatest risk is not taking one. From owner-freebsd-jail@FreeBSD.ORG Mon Jun 29 12:10:43 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B8ADF10656ED for ; Mon, 29 Jun 2009 12:10:43 +0000 (UTC) (envelope-from jon@passki.us) Received: from mail-yx0-f181.google.com (mail-yx0-f181.google.com [209.85.210.181]) by mx1.freebsd.org (Postfix) with ESMTP id 7C2588FC21 for ; Mon, 29 Jun 2009 12:10:43 +0000 (UTC) (envelope-from jon@passki.us) Received: by yxe11 with SMTP id 11so3743227yxe.3 for ; Mon, 29 Jun 2009 05:10:43 -0700 (PDT) MIME-Version: 1.0 Received: by 10.231.39.65 with SMTP id f1mr585970ibe.15.1246275750353; Mon, 29 Jun 2009 04:42:30 -0700 (PDT) X-Originating-IP: [209.98.139.33] In-Reply-To: <20090629112655.R22887@maildrop.int.zabbadoz.net> References: <736c47cb0906290422y756a6a74i9029b4d27d2ade34@mail.gmail.com> <20090629112655.R22887@maildrop.int.zabbadoz.net> Date: Mon, 29 Jun 2009 06:42:30 -0500 Message-ID: From: Jon Passki To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: Sam Wun Subject: Re: Can't login Jailed system X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Jun 2009 12:10:46 -0000 (Un-CC'd freebsd-net@) On Mon, Jun 29, 2009 at 6:29 AM, Bjoern A. Zeeb wrote: > On Mon, 29 Jun 2009, Sam Wun wrote: > >> After I login 192.168.1.242, I ended up logged in twp1 which is my host >> system. >> Now I am stuck. I don't know how I logged in the jailed system a month >> ago. >> >> Can anyone shred some lights on me? > > Try to jexec 5 /bin/sh (5 is the jailID from the jls output) =A0and check > with ps if sshd is running inside the jail, and check the usual things > are up and there. Sam, what Bjoern is alluding to is that SSH in the main system is probably running on all IP addresses on port 22/TCP. =A0The jail(8) man page has a section called "Setting up the Host Environment" which you might want to review again. For SSH, check out /etc/ssh/sshd_config and look for "ListenAddress". If it is setup for the default setting of "#ListenAddress 0.0.0.0", then uncomment it and change that line in your main system to be the main IP address. Restart sshd (/etc/rc.d/sshd restart). You will probably have to restart your jail's sshd instances since they probably tried to bind to their IP address on 22/TCP unsuccessfully. (Or, just restart all of your jails if it's not a big concern, /etc/rc.d/jail restart.) Hope that helps, Jon From owner-freebsd-jail@FreeBSD.ORG Mon Jun 29 14:29:57 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 708B9106566C for ; Mon, 29 Jun 2009 14:29:57 +0000 (UTC) (envelope-from jon@passki.us) Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.26]) by mx1.freebsd.org (Postfix) with ESMTP id 32CFC8FC08 for ; Mon, 29 Jun 2009 14:29:57 +0000 (UTC) (envelope-from jon@passki.us) Received: by qw-out-2122.google.com with SMTP id 5so681150qwd.7 for ; Mon, 29 Jun 2009 07:29:56 -0700 (PDT) MIME-Version: 1.0 Received: by 10.231.37.77 with SMTP id w13mr760273ibd.3.1246285796168; Mon, 29 Jun 2009 07:29:56 -0700 (PDT) X-Originating-IP: [204.77.49.45] In-Reply-To: <736c47cb0906290721o29875356pddf7eab455324b0@mail.gmail.com> References: <736c47cb0906290422y756a6a74i9029b4d27d2ade34@mail.gmail.com> <20090629112655.R22887@maildrop.int.zabbadoz.net> <736c47cb0906290721o29875356pddf7eab455324b0@mail.gmail.com> Date: Mon, 29 Jun 2009 09:29:56 -0500 Message-ID: From: Jon Passki To: Sam Wun Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org Subject: Re: Can't login Jailed system X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Jun 2009 14:29:57 -0000 On Mon, Jun 29, 2009 at 9:21 AM, Sam Wun wrote: > I got the following errors now: > > # less jail_wwp1_console.log > ps: empty file: Invalid argument > Loading configuration files. > /etc/rc: WARNING: $hostname is not set -- see rc.conf(5). > ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib > /usr/local/lib/mysql > a.out ldconfig path: /usr/lib/aout /usr/lib/compat/aout > Creating and/or trimming log files:. > Starting syslogd. > Clearing /tmp. > Starting local daemons:. > Updating motd. > Starting sshd. > PRNG is not seeded > Starting cron. > Local package initialization:. > ps: bad namelist Assuming you didn't build a kernel to exclude the random device, it looks like you do not have a /dev filesystem mounted for your jail. ssh needs some type of random device. Try mounting a devfs in the path of your jail. If you are using /etc/rc.conf for this information, man 5 rc.conf, look at the "jail_devfs_enable" and "jail__devfs_enable" variables. Jon From owner-freebsd-jail@FreeBSD.ORG Mon Jun 29 14:37:30 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4023C106567D for ; Mon, 29 Jun 2009 14:37:30 +0000 (UTC) (envelope-from swun2010@gmail.com) Received: from mail-pz0-f197.google.com (mail-pz0-f197.google.com [209.85.222.197]) by mx1.freebsd.org (Postfix) with ESMTP id 126898FC19 for ; Mon, 29 Jun 2009 14:37:30 +0000 (UTC) (envelope-from swun2010@gmail.com) Received: by pzk35 with SMTP id 35so164438pzk.3 for ; Mon, 29 Jun 2009 07:37:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=V+O7y1xonh4FL2BuMLaTthedtO4gOf66XLnKsRNecIE=; b=XHi1DUjZ75WqdNqC75JX35BxKxQbPgGZz04+8WZ7r+y/DUJsgD+bXgnxEzU5ImEC+f IVpAcGrMgLieo0WGZ1sxuKWg0hyD4XsdNSqPEMKWuGmFkneLCOTJtwyxfPo2w8Db/Hta Bs+U3NZMcNwf38b0cQzjcf2zxJOU6KFZdpvi8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=xWoljhdEHxhNQsOzjjFB170lVNFEPMw5liurKFWzWRJJQVB44ZyTXoLfc1qvqv90/x 1KGGTgSE4/d7C+syIWKuFdh45WaO0Gxam6HbWppAQRpOZfIGJdy7eeT1V/p5dOCoQiUz Zj1aKKGsSsXetkHaABlWStdplBUWDw8KFX8mM= MIME-Version: 1.0 Received: by 10.143.13.17 with SMTP id q17mr73539wfi.118.1246286249839; Mon, 29 Jun 2009 07:37:29 -0700 (PDT) In-Reply-To: References: <736c47cb0906290422y756a6a74i9029b4d27d2ade34@mail.gmail.com> <20090629112655.R22887@maildrop.int.zabbadoz.net> <736c47cb0906290721o29875356pddf7eab455324b0@mail.gmail.com> Date: Tue, 30 Jun 2009 00:37:29 +1000 Message-ID: <736c47cb0906290737g34390ab8l8d86e437cbf9f833@mail.gmail.com> From: Sam Wun To: Jon Passki Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-jail@freebsd.org Subject: Re: Can't login Jailed system X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Jun 2009 14:37:30 -0000 Apologies, I accidentally commented out the jail_dev and jail_proc liens in the rc.conf file, wasted everyone s time. Thanks for the help. :D Sam On Tue, Jun 30, 2009 at 12:29 AM, Jon Passki wrote: > On Mon, Jun 29, 2009 at 9:21 AM, Sam Wun wrote: >> I got the following errors now: >> >> # less jail_wwp1_console.log >> ps: empty file: Invalid argument >> Loading configuration files. >> /etc/rc: WARNING: $hostname is not set -- see rc.conf(5). >> ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib >> /usr/local/lib/mysql >> a.out ldconfig path: /usr/lib/aout /usr/lib/compat/aout >> Creating and/or trimming log files:. >> Starting syslogd. >> Clearing /tmp. >> Starting local daemons:. >> Updating motd. >> Starting sshd. >> PRNG is not seeded >> Starting cron. >> Local package initialization:. >> ps: bad namelist > > Assuming you didn't build a kernel to exclude the random device, it > looks like you do not have a /dev filesystem mounted for your jail. > ssh needs some type of random device. =A0Try mounting a devfs in the > path of your jail. =A0If you are using /etc/rc.conf for this > information, man 5 rc.conf, look at the "jail_devfs_enable" and > "jail__devfs_enable" variables. > > Jon > From owner-freebsd-jail@FreeBSD.ORG Mon Jun 29 14:52:14 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1FD9A1065689 for ; Mon, 29 Jun 2009 14:52:14 +0000 (UTC) (envelope-from swun2010@gmail.com) Received: from mail-px0-f191.google.com (mail-px0-f191.google.com [209.85.216.191]) by mx1.freebsd.org (Postfix) with ESMTP id E6E578FC13 for ; Mon, 29 Jun 2009 14:52:13 +0000 (UTC) (envelope-from swun2010@gmail.com) Received: by pxi29 with SMTP id 29so3480211pxi.3 for ; Mon, 29 Jun 2009 07:52:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=ci9m5RrNft5cCY9sGTNdgtdp7wn7XwAVghlluZvboOg=; b=QbNgnxOgNG9XJEZtMb6eO9XXAz1pEoCg8uj+yOVjW/96hHkgoL7m1xfVMgSrux/3X9 dimZ2BjltyC7LprksbP5f+8mi0chEEsWvzFBj5MEqjNe6rJUbc2OmNZICiB9T0fNWOZw dauBLEeVPsVJ3tZYL15BPscfiWrI21f3mt9og= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=H+VwU+mu5oRMZKxdasKyEA3mr39JeWldFz5kvj6l9loF7RfQDdSJYgtKvDx4KA0931 5ZIgefnXqc0BSeTAzvVRrMwnlKPvWZBvAxpEP2hUHNZxKbY5munQDnqdP0S/fdsQwAfu lpRmfrFGr7nqZDKOIiQwVUR6m1BWVrb77vf4A= MIME-Version: 1.0 Received: by 10.142.191.10 with SMTP id o10mr100326wff.323.1246285266469; Mon, 29 Jun 2009 07:21:06 -0700 (PDT) In-Reply-To: References: <736c47cb0906290422y756a6a74i9029b4d27d2ade34@mail.gmail.com> <20090629112655.R22887@maildrop.int.zabbadoz.net> Date: Tue, 30 Jun 2009 00:21:06 +1000 Message-ID: <736c47cb0906290721o29875356pddf7eab455324b0@mail.gmail.com> From: Sam Wun To: Jon Passki Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org Subject: Re: Can't login Jailed system X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Jun 2009 14:52:14 -0000 I got the following errors now: # less jail_wwp1_console.log ps: empty file: Invalid argument Loading configuration files. /etc/rc: WARNING: $hostname is not set -- see rc.conf(5). ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib /usr/local/lib/mysql a.out ldconfig path: /usr/lib/aout /usr/lib/compat/aout Creating and/or trimming log files:. Starting syslogd. Clearing /tmp. Starting local daemons:. Updating motd. Starting sshd. PRNG is not seeded Starting cron. Local package initialization:. ps: bad namelist THANKS From owner-freebsd-jail@FreeBSD.ORG Mon Jun 29 17:43:43 2009 Return-Path: Delivered-To: jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CDB511065670 for ; Mon, 29 Jun 2009 17:43:43 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from gritton.org (gritton.org [161.58.222.4]) by mx1.freebsd.org (Postfix) with ESMTP id A69F48FC1A for ; Mon, 29 Jun 2009 17:43:43 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from [192.168.217.128] (gw-wifi.oremut02.us.wh.verio.net [198.65.169.23]) (authenticated bits=0) by gritton.org (8.13.6.20060614/8.13.6) with ESMTP id n5THVD8u039717; Mon, 29 Jun 2009 11:31:14 -0600 (MDT) Message-ID: <4A48FA49.70600@FreeBSD.org> Date: Mon, 29 Jun 2009 11:30:49 -0600 From: Jamie Gritton User-Agent: Thunderbird 2.0.0.19 (X11/20090109) MIME-Version: 1.0 To: Alexander Leidinger References: <20090627122519.00002b84@unknown> <20090627104704.Y22887@maildrop.int.zabbadoz.net> <20090627140803.00006830@unknown> <20090627121818.P22887@maildrop.int.zabbadoz.net> <20090627162424.00007289@unknown> In-Reply-To: <20090627162424.00007289@unknown> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: jail@FreeBSD.org, "Bjoern A. Zeeb" Subject: Re: Switching /etc/rc.d/jail to new syntax (+ new features) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Jun 2009 17:43:44 -0000 Alexander Leidinger wrote: >>>>> at http://www.leidinger.net/FreeBSD/current-patches/jail.diff I >>>>> have a patch to switch the jail rc script to the new jail >>>>> (8-current) syntax. This includes new config options for a jail >>>>> (see etc/defaults/rc.conf after patching). The patch also contains >>>>> my X-in-a-jail stuff (feel free to ignore this part, it's disabled >>>>> by default). >>>>> >>>>> If you do not make any config change, you will be able to see all >>>>> mounted filesystems of the entire machine. To get back to the >>>>> previous behavior, you have to add a config option: >>>>> jail_XXX_startparams="enforce_statfs=2" >>>>> >>>>> This config option can also take other jail parameters like >>>>> allow.sysvipc and other ones described in the jail man-page >>>>> (additional parameters need to be space separated). >>>>> >>>>> Feedback welcome. >>>>> >>>> 1) it break various things that will no longer work >>>> >>> As mentioned, it "breaks" the statfs part. If there's anything >>> else, be more specific please. >>> >> v6, noIP, ... >> > > I didn't change the IP handling in the rc script. Does this mean > jail(8) works differently regarding the address parsing when called > with the new parameters instead of the old options? > > I didn't test anything regarding ipv6, but as long as jail(8) doesn't > behave differently with the new calling syntax compared with what we > have in the tree, then the behavior is not differnt from what we have. > If it behaves differently, this can be fixed in the script. > There is a difference. Under the old options, IPv4 and IPv6 addresses are mixed into the single fixed argument, and then are parsed to determine which kind they are - both by jail(8) and rc.d/jail. Under the new parameter-based command line, IPv4 addresses and IPv6 address go with ip4.addr and ip6.addr respectively. The rc.d/jail code that brings up addresses on an interface can be modified to decide which argument the address goes with. I've given Bjoern a patch based on yours that handles this as well as the allow.* systctls (though I missed the statfs part). He still has the larger disagreements he mentioned though, so I'm working now toward a more comprehensive solution. >>>> 2) it's not a poper solution >>>> >>> The proper solution for the statfs part would be, that jail(8) >>> defaults to =2 if nothing is specified. Alternatively I can get >>> convinced that we should do a default for it in defaults/rc.conf if >>> nothing is specied for startparams for a particular jail (like we >>> have for some other things), but this would not be as good as if >>> jail(8) would handle it itself. >>> >>> If you do not talk about the statfs part but in a more generic way, >>> what would be a proper solution in your eyes? >>> >> A proper solution would be a proper mgmt system ready for the future >> instead of continuting to hack up rc.d/jail via option fo bar baz and >> another 17000 of them. >> But this is nothing I'll discuss today while things aren't fully >> shaken out yet. >> > > And I assume from what you say, that such a new mgmt system will not be > ready for 8.0. Whatever it will be, it sounds like it will be different > from what we have ATM, so I don't think it will be something which will > replace the current approach in 8-stable, but will be available > additionally, if at all. > > >> For now what used to work should continue to work and not break. >> Everything else on top of that needs to be done properly and not in a >> rainy-midnight-drive-by. >> > > This is not a drive-by. I provide a patch for discussion which allows > to use some new features in 8.0 which doesn't break when someone > updates from 7.x. Some small enhancement which doesn't break backwards > compatibility is always better than no improvement at all. It may not > handle all cases, but for this reason I ask people to test it. After > that some things can maybe fixed, and after that it can be evaluated if > it is worth to commit or not. > > I don't even urge to rush this in before 8.0. I just offer it now, so > that people can actually use some new features. I had to write this > anyway, as without the new syntax I wouldn't have been able to use my > enhancement to run X in a jail, which I ported to the new syntax. If > people think it is useful for 8.0 and nothing better is available for > 8.0, it should be shipped with 8.0 IMO (if nothing breaks), but if it > isn't, I don't care, as I have it for where I need it. > > Bye, > Alexander. > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > From owner-freebsd-jail@FreeBSD.ORG Sat Jul 4 06:35:37 2009 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 09E981065675; Sat, 4 Jul 2009 06:35:37 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from mail.ebusiness-leidinger.de (mail.ebusiness-leidinger.de [217.11.53.44]) by mx1.freebsd.org (Postfix) with ESMTP id 8AC798FC17; Sat, 4 Jul 2009 06:35:33 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from outgoing.leidinger.net (pD9E2C96E.dip.t-dialin.net [217.226.201.110]) by mail.ebusiness-leidinger.de (Postfix) with ESMTPSA id 66212844861; Sat, 4 Jul 2009 08:35:27 +0200 (CEST) Received: from webmail.leidinger.net (webmail.leidinger.net [192.168.1.102]) by outgoing.leidinger.net (Postfix) with ESMTP id E0E5F1CB538; Tue, 30 Jun 2009 10:07:16 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=Leidinger.net; s=outgoing-alex; t=1246349237; bh=09+0n3sviUsTCyNn4scsTzxBJ+IRanowlD08f/tz784=; h=Message-ID:Date:From:To:Cc:Subject:References:In-Reply-To: MIME-Version:Content-Type:Content-Transfer-Encoding; b=rQLMhSFGDFZklHcAnz/leObeoiBxtSyg6hPLLfj/crV+j//ChS2oxPcJcUC5dN2Jm H4Wygi2/5shST5z8a9m9Lv+q4v/Sy3Pmt7aYhJMRh0YOXluTKTG+UbEKuwxKcVhEOU PPB1oFubJ5mdhnM4EO0eigo50GGkoaZknZVTKtYGx0rILTPKk3iClWr+70qJcsPfun QAy3QdnUNS8xM+YHespGuCoCY2gsZ0JTsIg+5rU9gf8kS65HeK/70s+dCdzdJd/awp /REDIb8f5Hmy4PovLPjtapj6ofmhvFN/0R4ZKYKw+VzqCmOjhFiYuLDbMMFRdRQ4by sCZB0VJXhw0Pw== Received: (from www@localhost) by webmail.leidinger.net (8.14.3/8.13.8/Submit) id n5U87B7r047612; Tue, 30 Jun 2009 10:07:11 +0200 (CEST) (envelope-from Alexander@Leidinger.net) Received: from pslux.cec.eu.int (pslux.cec.eu.int [158.169.9.14]) by webmail.leidinger.net (Horde Framework) with HTTP; Tue, 30 Jun 2009 10:07:11 +0200 Message-ID: <20090630100711.18745yont7x1lcjk@webmail.leidinger.net> X-Priority: 3 (Normal) Date: Tue, 30 Jun 2009 10:07:11 +0200 From: Alexander Leidinger To: Jamie Gritton References: <20090627122519.00002b84@unknown> <20090627104704.Y22887@maildrop.int.zabbadoz.net> <20090627140803.00006830@unknown> <20090627121818.P22887@maildrop.int.zabbadoz.net> <20090627162424.00007289@unknown> <4A48FA49.70600@FreeBSD.org> In-Reply-To: <4A48FA49.70600@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) 4.3.3 / FreeBSD-8.0 X-EBL-MailScanner-Information: Please contact the ISP for more information X-EBL-MailScanner-ID: 66212844861.C63F8 X-EBL-MailScanner: Found to be clean X-EBL-MailScanner-SpamCheck: not spam, spamhaus-ZEN, SpamAssassin (not cached, score=-0.84, required 6, autolearn=disabled, ALL_TRUSTED -1.44, DKIM_SIGNED 0.00, DKIM_VERIFIED -0.00, J_CHICKENPOX_57 0.60) X-EBL-MailScanner-From: alexander@leidinger.net X-EBL-MailScanner-Watermark: 1247294128.68819@f0Yb1DgxR14VUpA+ux5pbA X-EBL-Spam-Status: No Cc: jail@FreeBSD.org Subject: Re: Switching /etc/rc.d/jail to new syntax (+ new features) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Jul 2009 06:35:37 -0000 Quoting Jamie Gritton (from Mon, 29 Jun 2009 11:30:49 -0600): > Alexander Leidinger wrote: > >>>>>> at http://www.leidinger.net/FreeBSD/current-patches/jail.diff I >>>>>> have a patch to switch the jail rc script to the new jail >>>>>> (8-current) syntax. This includes new config options for a jail >>>>>> (see etc/defaults/rc.conf after patching). The patch also contains >>>>>> my X-in-a-jail stuff (feel free to ignore this part, it's disabled >>>>>> by default). >>>>>> >>>>>> If you do not make any config change, you will be able to see all >>>>>> mounted filesystems of the entire machine. To get back to the >>>>>> previous behavior, you have to add a config option: >>>>>> jail_XXX_startparams="enforce_statfs=2" >>>>>> >>>>>> This config option can also take other jail parameters like >>>>>> allow.sysvipc and other ones described in the jail man-page >>>>>> (additional parameters need to be space separated). >>>>>> >>>>>> Feedback welcome. >>>>>> >>>>> 1) it break various things that will no longer work >>>>> >>>> As mentioned, it "breaks" the statfs part. If there's anything >>>> else, be more specific please. >>>> >>> v6, noIP, ... >>> >> >> I didn't change the IP handling in the rc script. Does this mean >> jail(8) works differently regarding the address parsing when called >> with the new parameters instead of the old options? >> >> I didn't test anything regarding ipv6, but as long as jail(8) doesn't >> behave differently with the new calling syntax compared with what we >> have in the tree, then the behavior is not differnt from what we have. >> If it behaves differently, this can be fixed in the script. >> > > There is a difference. Under the old options, IPv4 and IPv6 > addresses are mixed > into the single fixed argument, and then are parsed to determine > which kind they > are - both by jail(8) and rc.d/jail. Under the new parameter-based > command line, > IPv4 addresses and IPv6 address go with ip4.addr and ip6.addr respectively. But why are my jails (with only one ipv4 address) starting correctly then? > The rc.d/jail code that brings up addresses on an interface can be modified > to decide which argument the address goes with. > > I've given Bjoern a patch based on yours that handles this as well > as the allow.* > systctls (though I missed the statfs part). Do you mind making it available somewhere? Bye, Alexander. -- BOFH excuse #265: The mouse escaped http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 From owner-freebsd-jail@FreeBSD.ORG Sat Jul 4 16:12:56 2009 Return-Path: Delivered-To: jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 56E7D106564A for ; Sat, 4 Jul 2009 16:12:56 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from gritton.org (gritton.org [161.58.222.4]) by mx1.freebsd.org (Postfix) with ESMTP id 01D988FC15 for ; Sat, 4 Jul 2009 16:12:55 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from glorfindel.gritton.org (c-76-27-80-223.hsd1.ut.comcast.net [76.27.80.223]) (authenticated bits=0) by gritton.org (8.13.6.20060614/8.13.6) with ESMTP id n64GCs2Y019846; Sat, 4 Jul 2009 10:12:54 -0600 (MDT) Message-ID: <4A4F7F85.7030903@FreeBSD.org> Date: Sat, 04 Jul 2009 10:12:53 -0600 From: Jamie Gritton User-Agent: Thunderbird 2.0.0.19 (X11/20090220) MIME-Version: 1.0 To: Alexander Leidinger References: <20090627122519.00002b84@unknown> <20090627104704.Y22887@maildrop.int.zabbadoz.net> <20090627140803.00006830@unknown> <20090627121818.P22887@maildrop.int.zabbadoz.net> <20090627162424.00007289@unknown> <4A48FA49.70600@FreeBSD.org> <20090630100711.18745yont7x1lcjk@webmail.leidinger.net> In-Reply-To: <20090630100711.18745yont7x1lcjk@webmail.leidinger.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: jail@FreeBSD.org Subject: Re: Switching /etc/rc.d/jail to new syntax (+ new features) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Jul 2009 16:12:56 -0000 Alexander Leidinger wrote: > Quoting Jamie Gritton (from Mon, 29 Jun 2009 > 11:30:49 -0600): > >> Alexander Leidinger wrote: >> >>>>>>> at http://www.leidinger.net/FreeBSD/current-patches/jail.diff I >>>>>>> have a patch to switch the jail rc script to the new jail >>>>>>> (8-current) syntax. This includes new config options for a jail >>>>>>> (see etc/defaults/rc.conf after patching). The patch also contains >>>>>>> my X-in-a-jail stuff (feel free to ignore this part, it's disabled >>>>>>> by default). >>>>>>> >>>>>>> If you do not make any config change, you will be able to see all >>>>>>> mounted filesystems of the entire machine. To get back to the >>>>>>> previous behavior, you have to add a config option: >>>>>>> jail_XXX_startparams="enforce_statfs=2" >>>>>>> >>>>>>> This config option can also take other jail parameters like >>>>>>> allow.sysvipc and other ones described in the jail man-page >>>>>>> (additional parameters need to be space separated). >>>>>>> >>>>>>> Feedback welcome. >>>>>>> >>>>>> 1) it break various things that will no longer work >>>>>> >>>>> As mentioned, it "breaks" the statfs part. If there's anything >>>>> else, be more specific please. >>>>> >>>> v6, noIP, ... >>>> >>> >>> I didn't change the IP handling in the rc script. Does this mean >>> jail(8) works differently regarding the address parsing when called >>> with the new parameters instead of the old options? >>> >>> I didn't test anything regarding ipv6, but as long as jail(8) doesn't >>> behave differently with the new calling syntax compared with what we >>> have in the tree, then the behavior is not differnt from what we have. >>> If it behaves differently, this can be fixed in the script. >>> >> >> There is a difference. Under the old options, IPv4 and IPv6 addresses >> are mixed >> into the single fixed argument, and then are parsed to determine which >> kind they >> are - both by jail(8) and rc.d/jail. Under the new parameter-based >> command line, >> IPv4 addresses and IPv6 address go with ip4.addr and ip6.addr >> respectively. > > But why are my jails (with only one ipv4 address) starting correctly then? The problem is that all addresses are put into ip4.addr, so it will break (only) if you have any IPv6 addresses. >> The rc.d/jail code that brings up addresses on an interface can be >> modified >> to decide which argument the address goes with. >> >> I've given Bjoern a patch based on yours that handles this as well as >> the allow.* >> systctls (though I missed the statfs part). > > Do you mind making it available somewhere? Sure. I've put it at http://gritton.org/freebsd/jail.rc.diff - Jamie