From owner-freebsd-jail@FreeBSD.ORG Sun Apr 14 05:32:11 2013 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id C7B6015C for ; Sun, 14 Apr 2013 05:32:11 +0000 (UTC) (envelope-from erdgeist@erdgeist.org) Received: from elektropost.org (elektropost.org [217.13.206.130]) by mx1.freebsd.org (Postfix) with ESMTP id 3A2451C2 for ; Sun, 14 Apr 2013 05:32:10 +0000 (UTC) Received: (qmail 67176 invoked from network); 14 Apr 2013 05:32:09 -0000 Received: from elektropost.org (HELO elektropost.org) (erdgeist@erdgeist.org) by elektropost.org with CAMELLIA256-SHA encrypted SMTP; 14 Apr 2013 05:32:09 -0000 Message-ID: <516A3F57.6000001@erdgeist.org> Date: Sun, 14 Apr 2013 07:32:07 +0200 From: Dirk Engling User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130328 Thunderbird/17.0.5 MIME-Version: 1.0 To: Jamie Gritton Subject: Re: jail(8) vs. rc.d/jail features - fstab, zfs, vnet References: <51670567.5070602@erdgeist.org> <51674E18.4070402@FreeBSD.org> In-Reply-To: <51674E18.4070402@FreeBSD.org> X-Enigmail-Version: 1.5.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Apr 2013 05:32:11 -0000 On 12.04.13 01:58, Jamie Gritton wrote: Jamie, > similar parameter for zfs, or we could create another set of exec.* > parameters, which would be more flexible in the long run. But as you > hinted at with "postprestart", there doesn't seem to be a good logical > name for it. hmm, maybe the prestart is misnamed, as it actually happens pre-create. Then prestart would be exactly where we would put the vnet and dataset magic - aftercreate but prestart. I also think, it might be helpful, if the environment could be set up that helps the exec.* scripts finding their way back to the jail in question. Right now I'd have to create a script for every jail, but setting JAIL_JID= JAIL_NAME= before executing the scripts could make scripting nicer, especially finding the jid is tedious in scripts. I also thought about substitution of parameters, but maybe providing the jail name as parameter should be the job for the jail.conf's authors. > Since the vnet.interface command exists, you could use that as a guide > for adding a "zfs" parameter. vnet.interface only does anything on jail > creation, as the interface automatically reverts to the parent on jail > removal. I don't know if the zfs stuff works the same way - if it > doesn't, then you'll need a similar "prepoststop" kind of operation. Looking at the zone_dataset_attach code I understand that jailed zfs datasets are a property of the prison struct, saved as osd and vanish when the jail dies. So it should not be necessary to undo the "zfs jail" command. However there seems not to be a nice way to find out if any datasets are attached to a jail, besides trying to attach them. With that knowledge I think adding a zfs_datasets option for the jail.conf is rather straight forward and more likely to be useful immediately than having the user construct wrapper scripts to find out about the jid of the jail that can then be passed to a number of "zfs jail JID DATASET" calls. Shall I proceed? erdgeist From owner-freebsd-jail@FreeBSD.ORG Sun Apr 14 15:24:13 2013 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id E3F4B687 for ; Sun, 14 Apr 2013 15:24:13 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from m2.gritton.org (gritton.org [199.192.164.235]) by mx1.freebsd.org (Postfix) with ESMTP id CD5B02BA for ; Sun, 14 Apr 2013 15:24:13 +0000 (UTC) Received: from glorfindel.gritton.org (c-174-52-130-157.hsd1.ut.comcast.net [174.52.130.157]) (authenticated bits=0) by m2.gritton.org (8.14.5/8.14.5) with ESMTP id r3EFO4QF077663; Sun, 14 Apr 2013 09:24:04 -0600 (MDT) (envelope-from jamie@FreeBSD.org) Message-ID: <516ACA12.708@FreeBSD.org> Date: Sun, 14 Apr 2013 09:24:02 -0600 From: Jamie Gritton User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.2.24) Gecko/20120129 Thunderbird/3.1.16 MIME-Version: 1.0 To: Dirk Engling Subject: Re: jail(8) vs. rc.d/jail features - fstab, zfs, vnet References: <51670567.5070602@erdgeist.org> <51674E18.4070402@FreeBSD.org> <516A3F57.6000001@erdgeist.org> In-Reply-To: <516A3F57.6000001@erdgeist.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Apr 2013 15:24:13 -0000 On 04/13/13 23:32, Dirk Engling wrote: > On 12.04.13 01:58, Jamie Gritton wrote: > >> similar parameter for zfs, or we could create another set of exec.* >> parameters, which would be more flexible in the long run. But as you >> hinted at with "postprestart", there doesn't seem to be a good logical >> name for it. > > hmm, maybe the prestart is misnamed, as it actually happens pre-create. > Then prestart would be exactly where we would put the vnet and dataset > magic - aftercreate but prestart. Unfortunately it's too late to rename prestart. But we could sneak in a postcreate. For limited use, you can work around this by not having any exec.start, and then doing things in exec.poststart with the last poststart script being a jexec command to run the jail's /etc/rc (or whatever). > I also think, it might be helpful, if the environment could be set up > that helps the exec.* scripts finding their way back to the jail in > question. Right now I'd have to create a script for every jail, but setting > > JAIL_JID= > JAIL_NAME= > > before executing the scripts could make scripting nicer, especially > finding the jid is tedious in scripts. I also thought about substitution > of parameters, but maybe providing the jail name as parameter should be > the job for the jail.conf's authors. The cleanest way is with parameter substitution. I like the environment idea, but I think that also would fit well in a command line. My command lines run exec in a shell if they have any shell metacharacters (!"$&'()*;<>?[\]`{|}~). If I had thought ahead, I would have added to that an '=' at least for the first argument, and then we could send the environment the sh way. I should make that change in case someone wants to try that in the future, but for the present I suppose you'd have to use the env command. Another possibility would be adding a new exec.env parameter, where you can set whatever you like. I'd like to avoid having any default environment variables that aren't somehow specified in the jail.conf. One improvement I really need to make is to make the jid accessible. Right now, you have to do something like `jls -j $name jid` in a command line, which is inelegant to say the least. What I need is a $jid to be set even when it isn't specified in the config, which is a little complicated but doable if I just get down to it. >> Since the vnet.interface command exists, you could use that as a guide >> for adding a "zfs" parameter. vnet.interface only does anything on jail >> creation, as the interface automatically reverts to the parent on jail >> removal. I don't know if the zfs stuff works the same way - if it >> doesn't, then you'll need a similar "prepoststop" kind of operation. > > Looking at the zone_dataset_attach code I understand that jailed zfs > datasets are a property of the prison struct, saved as osd and vanish > when the jail dies. So it should not be necessary to undo the "zfs jail" > command. However there seems not to be a nice way to find out if any > datasets are attached to a jail, besides trying to attach them. > > With that knowledge I think adding a zfs_datasets option for the > jail.conf is rather straight forward and more likely to be useful > immediately than having the user construct wrapper scripts to find out > about the jid of the jail that can then be passed to a number of "zfs > jail JID DATASET" calls. > > Shall I proceed? Perhaps it would be worthwhile to add a zfs.dataset parameter to go along with the OSD data, to make that visible to the outside world. It would be a nice use of the subsystem-dependent parameter stuff currently used only by Linux emulation. The other option is to code it into jail(8) itself, though I like the former better. Proceed away :-). - Jamie From owner-freebsd-jail@FreeBSD.ORG Mon Apr 15 11:06:46 2013 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 48067966 for ; Mon, 15 Apr 2013 11:06:46 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 39F917A2 for ; Mon, 15 Apr 2013 11:06:46 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.6/8.14.6) with ESMTP id r3FB6kP2015143 for ; Mon, 15 Apr 2013 11:06:46 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.6/8.14.6/Submit) id r3FB6jwl015141 for freebsd-jail@FreeBSD.org; Mon, 15 Apr 2013 11:06:45 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 15 Apr 2013 11:06:45 GMT Message-Id: <201304151106.r3FB6jwl015141@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Apr 2013 11:06:46 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/176112 jail [jail] [panic] kernel panic when starting jails o kern/176092 jail [jail] [panic] Starting a jail on my releng/9.1 kernel o kern/174902 jail [jail] jail should provide validator for jail names o kern/174436 jail [jail] Jails with numbers as names don't work o bin/173469 jail [jail] regression: security.jail.sysvipc_allowed=1 no o kern/169751 jail [jail] reading routing information does not work in ja o bin/167911 jail new jail(8) problem with removal, ifconfg -alias and k o kern/159918 jail [jail] inter-jail communication failure o kern/156111 jail [jail] procstat -b not supported in jail o misc/155765 jail [patch] `buildworld' does not honors WITHOUT_JAIL o conf/154246 jail [jail] [patch] Bad symlink created if devfs mount poin o conf/149050 jail [jail] rcorder ``nojail'' too coarse for Jail+VNET s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail o kern/133265 jail [jail] is there a solution how to run nfs client in ja o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid 17 problems total. From owner-freebsd-jail@FreeBSD.ORG Tue Apr 16 16:49:28 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 863E5812 for ; Tue, 16 Apr 2013 16:49:28 +0000 (UTC) (envelope-from surajsandhu.bsd@gmail.com) Received: from mail-vb0-x243.google.com (mail-vb0-x243.google.com [IPv6:2607:f8b0:400c:c02::243]) by mx1.freebsd.org (Postfix) with ESMTP id 4A651887 for ; Tue, 16 Apr 2013 16:49:28 +0000 (UTC) Received: by mail-vb0-f67.google.com with SMTP id x19so121336vbf.6 for ; Tue, 16 Apr 2013 09:49:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:date:message-id:subject:from:to :content-type; bh=SIEuhx9lMXZ1U/+s3SL6UsAzhuPzHLlBxbZ54Id2BG4=; b=CK4SQMDEtCi+W9VcqhDHkJ9SxIm6OM4ll1ipn3BxrY/C/rvp7GwAoguG3C0eXSPp3b B4RaaF14PyycD3QEVWlCcIF0+l9FqtNXf6HPzlFkO8Ic5Uxg6ia9A5Rf1StoLmFsOLgG 5POb21xkgR38kQMcf1GeWlnN66h6CHqeGJ5uKbPqAjWQnXD2Sk4LXu1b5v3TKbvTyqR8 2XyXaX++6kTCaqtV8Ts9UXwt6INfKeeCGQCU/CaFHTDvExPYXqLFnjrumfX9Roik2Y4i Su3z/JQ7w6VSmrVFoQClBfDAuX92b4pMuWbhaJ437LItdO+mQlb+qkSwr+WtA/cOPt4y Qgqg== MIME-Version: 1.0 X-Received: by 10.220.202.138 with SMTP id fe10mr2139670vcb.26.1366130967800; Tue, 16 Apr 2013 09:49:27 -0700 (PDT) Received: by 10.58.161.12 with HTTP; Tue, 16 Apr 2013 09:49:27 -0700 (PDT) Date: Tue, 16 Apr 2013 12:49:27 -0400 Message-ID: Subject: jail -r leads to a panic From: suraj sandhu To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Apr 2013 16:49:28 -0000 I am running 8.2 , I am hitting a panic after I create a vnet jail an try to remove it. jail -c name=j1 children.max=20 host.hostname=j1 jid=100 vnet persist allow.raw_sockets jail -r j1 calltrap() at calltrap+0x8 --- trap 0x9, rip = 0xffffffff80518f4d, rsp = 0xffffff805fa1d9e0, rbp = 0xffffff805fa1da30 --- raw_input() at raw_input+0x4d rts_input() at rts_input+0x70 netisr_process_workstream_proto() at netisr_process_workstream_proto+0x1ea swi_net() at swi_net+0xad intr_event_execute_handlers() at intr_event_execute_handlers+0x21c ithread_execute_handlers() at ithread_execute_handlers+0x73 ithread_loop() at ithread_loop+0x10f fork_exit() at fork_exit+0x180 fork_trampoline() at fork_trampoline+0xe The issue seems to be that in if_detach_internal(), if_down() is called which leads to netisr_queue() call in rt_dispatch() with an mbuf which has the interface being detached as rcvif, subsequently if_detach_internal() calls if_dead() on the interface. And, then at time of processing the work, this panic is seen since mbuf has a dead interface. The same issue has been reported on the virtualization mailing list earlier and I reported it to freebsd-net as well. Here are the threads: http://lists.freebsd.org/pipermail/freebsd-virtualization/2012-April/000885.html http://www.mail-archive.com/freebsd-net@freebsd.org/msg43045.html Thanks for any help! -Suraj Sandhu From owner-freebsd-jail@FreeBSD.ORG Tue Apr 16 20:29:00 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id AB83B560 for ; Tue, 16 Apr 2013 20:29:00 +0000 (UTC) (envelope-from jdavidlists@gmail.com) Received: from mail-ie0-x22c.google.com (mail-ie0-x22c.google.com [IPv6:2607:f8b0:4001:c03::22c]) by mx1.freebsd.org (Postfix) with ESMTP id 82F3415EB for ; Tue, 16 Apr 2013 20:29:00 +0000 (UTC) Received: by mail-ie0-f172.google.com with SMTP id c10so1092833ieb.3 for ; Tue, 16 Apr 2013 13:28:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:sender:date:x-google-sender-auth:message-id :subject:from:to:content-type; bh=gMQiWtYejtLbf6jfveQ22d3AAToih/Y6cKi2hWKlZZM=; b=yfydn9drjxBIPpuGiqdRd26tyC7aX2O6wfEswhZ1mc4o4flrDBc9koqAbSKoIKFlDU UnToyGdHN5Ei9gMXl+rSQpxXTlmE55RjGMQBY/xVwTSxbykvGohmP1m4hEgh7lxfzEjn FQjlBqQquUtmAyNx9bSm6NBx4C9SG+FKavR0uTS/Sg4pUU51Y1goDw8Kbg6vXioNPFyA JtV/4cmiFMZbfHQmrRmBQGqgcx1rssbQKwMY39/h1gHCKxzBXBPDfsl5wCNxTCzud3V3 pKHxG/JocK5jYTaAYsQQJPkHzrmvptDbbXP82UNrifXwBZZlfniWGsqediUh/q5bXUFg RVlQ== MIME-Version: 1.0 X-Received: by 10.50.150.146 with SMTP id ui18mr8889234igb.21.1366144139784; Tue, 16 Apr 2013 13:28:59 -0700 (PDT) Sender: jdavidlists@gmail.com Received: by 10.42.83.83 with HTTP; Tue, 16 Apr 2013 13:28:59 -0700 (PDT) Date: Tue, 16 Apr 2013 16:28:59 -0400 X-Google-Sender-Auth: yb4KqJdxrcVl065YjYNrSa5NQ6A Message-ID: Subject: routing in VIMAGE jails with different versions From: J David To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Apr 2013 20:29:00 -0000 Hello, If a 9-STABLE amd64 host compiled with VIMAGE support contains a jail running i386 code with a vnet interface, how does one set the default route inside the jail? Ifconfig and the network work fine, but route returns: # route add default 192.168.0.1 route: writing to routing socket: Invalid argument add net default: gateway 192.168.0.1: Invalid argument The behavior appears the same whether the jail is running 8.3-i386 or 9.1-i386. Based on this: http://lists.freebsd.org/pipermail/freebsd-amd64/2011-October/014050.html It looks like this there was a host-side patch for this in the 8.2 timeframe, but I compared the patch to the 9-STABLE source for sys/net/rtsock.c and it's not there. As that's from two years ago, there's probably a reason it didn't make it in, so does anyone know what is the right way to manage routes in VIMAGE jails? Thanks for any advice! From owner-freebsd-jail@FreeBSD.ORG Tue Apr 16 20:39:35 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 3CE2CB7A for ; Tue, 16 Apr 2013 20:39:35 +0000 (UTC) (envelope-from Devin.Teske@fisglobal.com) Received: from mx1.fisglobal.com (mx1.fisglobal.com [199.200.24.190]) by mx1.freebsd.org (Postfix) with ESMTP id 0D69D165F for ; Tue, 16 Apr 2013 20:39:34 +0000 (UTC) Received: from smtp.fisglobal.com ([10.132.206.16]) by ltcfislmsgpa06.fnfis.com (8.14.5/8.14.5) with ESMTP id r3GKdXKg021150 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Tue, 16 Apr 2013 15:39:33 -0500 Received: from LTCFISWMSGMB21.FNFIS.com ([10.132.99.23]) by LTCFISWMSGHT05.FNFIS.com ([10.132.206.16]) with mapi id 14.02.0309.002; Tue, 16 Apr 2013 15:39:33 -0500 From: "Teske, Devin" To: J David Subject: Re: routing in VIMAGE jails with different versions Thread-Topic: routing in VIMAGE jails with different versions Thread-Index: AQHOOuEMwJfTfQHpWk6rOl0PYbTt+pjZow2A Date: Tue, 16 Apr 2013 20:39:33 +0000 Message-ID: <13CA24D6AB415D428143D44749F57D7201F03E5D@ltcfiswmsgmb21> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.132.253.121] Content-Type: text/plain; charset="us-ascii" Content-ID: <8C047759C1656F4E80D6FDFBEDCE81FF@fisglobal.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.10.8626, 1.0.431, 0.0.0000 definitions=2013-04-16_08:2013-04-16,2013-04-16,1970-01-01 signatures=0 Cc: "" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: "Teske, Devin" List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Apr 2013 20:39:35 -0000 On Apr 16, 2013, at 1:28 PM, J David wrote: > Hello, >=20 > If a 9-STABLE amd64 host compiled with VIMAGE support contains a jail > running i386 code with a vnet interface, how does one set the default rou= te > inside the jail? >=20 > Ifconfig and the network work fine, but route returns: >=20 > # route add default 192.168.0.1 > route: writing to routing socket: Invalid argument > add net default: gateway 192.168.0.1: Invalid argument >=20 > The behavior appears the same whether the jail is running 8.3-i386 or > 9.1-i386. >=20 > Based on this: >=20 > http://lists.freebsd.org/pipermail/freebsd-amd64/2011-October/014050.html >=20 > It looks like this there was a host-side patch for this in the 8.2 > timeframe, but I compared the patch to the 9-STABLE source for > sys/net/rtsock.c and it's not there. As that's from two years ago, there= 's > probably a reason it didn't make it in, so does anyone know what is the > right way to manage routes in VIMAGE jails? >=20 > Thanks for any advice! I've been running with that patch for years now. I asked the author of the = patch if he had plans to merge it in, he said he wasn't happy with one edge= -case. I don't know where this stands, but just wanted to chime-in that the patch = works well for us in the situation you describe. --=20 Devin _____________ The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware= that any message addressed to our domain is subject to archiving and revie= w by persons other than the intended recipient. Thank you. From owner-freebsd-jail@FreeBSD.ORG Tue Apr 16 21:01:53 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id F0E64495 for ; Tue, 16 Apr 2013 21:01:53 +0000 (UTC) (envelope-from jdavidlists@gmail.com) Received: from mail-ia0-x22c.google.com (mail-ia0-x22c.google.com [IPv6:2607:f8b0:4001:c02::22c]) by mx1.freebsd.org (Postfix) with ESMTP id C509F1740 for ; Tue, 16 Apr 2013 21:01:53 +0000 (UTC) Received: by mail-ia0-f172.google.com with SMTP id k38so815414iah.17 for ; Tue, 16 Apr 2013 14:01:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=v55q5pdEQ5Kil8XhhWrM1jcWOr0JRpa2vqPkvsGWwxI=; b=M6qK0hwzgRa2PFYbXXoqATZ2x/RuOcOIQx5VfexnITj1KT/wS7bDduxdc7fbG5Aj0s sfxQ6BUXy90soNkW0nefNgzGmHh5gQjCUIGJc+ZbymYze7CMatSHxJ12dOYzGeQYbjoA ekusP3i1su5ZUtMpyMv7DVkKV9gOcSvkSd24vhRoen7jgHZR41d50Kbj3FJkMsjtQBfl Nj2G1Dy3oux4q+/gwszFoa7JWO9++K3F6h3AS+OxW7mT+xuWonDj2yegAbYlhAlYyp/9 zp7kXH3aIF3de/PuIemlhNZyxQg5ZKy0B22+1cPmN7oMvnJyk/ZxZH6fmj5OsypD3LPi RQ1Q== MIME-Version: 1.0 X-Received: by 10.50.153.81 with SMTP id ve17mr2573341igb.24.1366146113447; Tue, 16 Apr 2013 14:01:53 -0700 (PDT) Sender: jdavidlists@gmail.com Received: by 10.42.83.83 with HTTP; Tue, 16 Apr 2013 14:01:52 -0700 (PDT) In-Reply-To: <13CA24D6AB415D428143D44749F57D7201F03E5D@ltcfiswmsgmb21> References: <13CA24D6AB415D428143D44749F57D7201F03E5D@ltcfiswmsgmb21> Date: Tue, 16 Apr 2013 17:01:52 -0400 X-Google-Sender-Auth: FG671OV40_07tPvGC_LwIKsb1tg Message-ID: Subject: Re: routing in VIMAGE jails with different versions From: J David To: "Teske, Devin" Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: "" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Apr 2013 21:01:54 -0000 On Tue, Apr 16, 2013 at 4:39 PM, Teske, Devin wrote: > I've been running with that patch for years now. I asked the author of the > patch if he had plans to merge it in, he said he wasn't happy with one > edge-case. > Did he happen to mention what the edge case was? If there really is no other way to set the default route in an i386 VIMAGE jail, maybe it's something that could be revisited. (Or I can try to track him down directly, but I don't want to annoy him with a bunch of questions he may already have answered. :) ) I don't know where this stands, but just wanted to chime-in that the patch > works well for us in the situation you describe. > Thanks for the feedback! The 2011 patch was for 8.x and doesn't apply cleanly to the rtsock.c in 9-STABLE, which makes me nervous since this code is quite over my head. But I've eyeballed the rejects anyway and they seem minor, so I may have something to test soon. From owner-freebsd-jail@FreeBSD.ORG Tue Apr 16 22:13:07 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id E638FFD7 for ; Tue, 16 Apr 2013 22:13:07 +0000 (UTC) (envelope-from jdavidlists@gmail.com) Received: from mail-ie0-x236.google.com (mail-ie0-x236.google.com [IPv6:2607:f8b0:4001:c03::236]) by mx1.freebsd.org (Postfix) with ESMTP id BB0021B76 for ; Tue, 16 Apr 2013 22:13:07 +0000 (UTC) Received: by mail-ie0-f182.google.com with SMTP id at1so1199079iec.27 for ; Tue, 16 Apr 2013 15:13:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=+gaCOmPbpAqur9MQUUivLTGtWDEJRALx7HIi9mYVp5U=; b=Nr9JLH4oykQV0RE1gaaxXeMNUoWyx/JZ3Phqps+DCvKrr8nUwgxvpKkTmQXxMENjUj zQrQWX5569AXCEm+fs2TzT9KwkU9mc7tSNKNLoy3p33LKQazXs1K0NP5bV8WV4GVvuS6 jxrwMDboZI4TzSB2HfX37GfZrWaqY4HREGzBlqtzWJ2Ybf6Ca6MatLc+ZDWzluMnJIB8 v4EeTUzaQggCQEWHD2TTRYyEtq7EHq1oxevyvq/7Slkdxv7Oh8D82As4DwuTDpY6c5nM g80XNtqnnBGAsj7L93m7ZQwPm8hiEB54ZbGEc10xeZmkZrNszPN6c/dOul0Wv1EUI7s9 G14A== MIME-Version: 1.0 X-Received: by 10.50.130.83 with SMTP id oc19mr2670198igb.29.1366150387483; Tue, 16 Apr 2013 15:13:07 -0700 (PDT) Sender: jdavidlists@gmail.com Received: by 10.42.83.83 with HTTP; Tue, 16 Apr 2013 15:13:07 -0700 (PDT) In-Reply-To: References: <13CA24D6AB415D428143D44749F57D7201F03E5D@ltcfiswmsgmb21> Date: Tue, 16 Apr 2013 18:13:07 -0400 X-Google-Sender-Auth: _p265nNeFP_XlMqqcifOFgmxekQ Message-ID: Subject: Re: routing in VIMAGE jails with different versions From: J David To: "" Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Apr 2013 22:13:08 -0000 This does appear to work under light testing; after applying and massaging the patch I was able to add a default route to an 8.3-i386 jail on a 9-STABLE-amd64 host. I put the updated-for-9-STABLE patch here: http://pastebin.com/iThJpMTe (The referenced patch is by Sergey Kandaurov, not me, and I am not claiming any credit for it.) From owner-freebsd-jail@FreeBSD.ORG Tue Apr 16 22:33:56 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 156AB225 for ; Tue, 16 Apr 2013 22:33:56 +0000 (UTC) (envelope-from Devin.Teske@fisglobal.com) Received: from mx1.fisglobal.com (mx1.fisglobal.com [199.200.24.190]) by mx1.freebsd.org (Postfix) with ESMTP id D61181C28 for ; Tue, 16 Apr 2013 22:33:55 +0000 (UTC) Received: from smtp.fisglobal.com ([10.132.206.31]) by ltcfislmsgpa02.fnfis.com (8.14.5/8.14.5) with ESMTP id r3GMXsah024372 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Tue, 16 Apr 2013 17:33:54 -0500 Received: from LTCFISWMSGMB21.FNFIS.com ([10.132.99.23]) by LTCFISWMSGHT03.FNFIS.com ([10.132.206.31]) with mapi id 14.02.0309.002; Tue, 16 Apr 2013 17:33:54 -0500 From: "Teske, Devin" To: J David Subject: Re: routing in VIMAGE jails with different versions Thread-Topic: routing in VIMAGE jails with different versions Thread-Index: AQHOOuEMwJfTfQHpWk6rOl0PYbTt+pjZow2AgAAGPwCAABm0AA== Date: Tue, 16 Apr 2013 22:33:53 +0000 Message-ID: <13CA24D6AB415D428143D44749F57D7201F040EA@ltcfiswmsgmb21> References: <13CA24D6AB415D428143D44749F57D7201F03E5D@ltcfiswmsgmb21> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.132.253.121] MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.10.8626, 1.0.431, 0.0.0000 definitions=2013-04-16_09:2013-04-16,2013-04-16,1970-01-01 signatures=0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: "" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: Devin Teske List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Apr 2013 22:33:56 -0000 On Apr 16, 2013, at 2:01 PM, J David wrote: On Tue, Apr 16, 2013 at 4:39 PM, Teske, Devin > wrote: I've been running with that patch for years now. I asked the author of the = patch if he had plans to merge it in, he said he wasn't happy with one edge= -case. Did he happen to mention what the edge case was? Just a kernel panic -- of which we have never hit personally (so can't veri= fy the edge-case he was mentioning). It's pretty darned stable over here. W= e've been applying it to every release since 8.1 and it's been a huge help. If there really is no other way to set the default route in an i386 VIMAGE= jail, maybe it's something that could be revisited. There really is no way _other-way_ to set the route in a jail, safe for one= edge-case (edge-case: I found that if you're running a legacy jail that is= based on the old /usr/libexec/ld-elf* interpreter -- read: FreeBSD-4.11 --= on a modern host that is based on the new /libexec/ld-elf* interpreter -- = read: FreeBSD 7? or higher -- then there is a work-around in which case you= just copy the hosts' route(8) into the jail; this works only for split-rel= ease where jailing a legacy OS because the interpreters don't quash one ano= ther). (Or I can try to track him down directly, but I don't want to annoy him wit= h a bunch of questions he may already have answered. :) ) I think if you contacted him, it would resound that there's demand for this= type of topology made possible by the fix. I don't know where this stands, but just wanted to chime-in that the patch = works well for us in the situation you describe. Thanks for the feedback! The 2011 patch was for 8.x and doesn't apply cleanly to the rtsock.c in 9-S= TABLE, which makes me nervous since this code is quite over my head. I have to admit, I haven't tried applying it to RELENG_9 yet. But I've eyeballed the rejects anyway and they seem minor, so I may have s= omething to test soon. Excellent. Do share if you get something stable. -- Devin _____________ The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware= that any message addressed to our domain is subject to archiving and revie= w by persons other than the intended recipient. Thank you. From owner-freebsd-jail@FreeBSD.ORG Tue Apr 16 22:35:18 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id E37F625C for ; Tue, 16 Apr 2013 22:35:18 +0000 (UTC) (envelope-from Devin.Teske@fisglobal.com) Received: from mx1.fisglobal.com (mx1.fisglobal.com [199.200.24.190]) by mx1.freebsd.org (Postfix) with ESMTP id B20BE1C33 for ; Tue, 16 Apr 2013 22:35:18 +0000 (UTC) Received: from smtp.fisglobal.com ([10.132.206.15]) by ltcfislmsgpa02.fnfis.com (8.14.5/8.14.5) with ESMTP id r3GMZHgJ026899 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Tue, 16 Apr 2013 17:35:17 -0500 Received: from LTCFISWMSGMB21.FNFIS.com ([10.132.99.23]) by LTCFISWMSGHT04.FNFIS.com ([10.132.206.15]) with mapi id 14.02.0309.002; Tue, 16 Apr 2013 17:35:17 -0500 From: "Teske, Devin" To: J David Subject: Re: routing in VIMAGE jails with different versions Thread-Topic: routing in VIMAGE jails with different versions Thread-Index: AQHOOuEMwJfTfQHpWk6rOl0PYbTt+pjZow2AgAAGPwCAABPogIAABjKA Date: Tue, 16 Apr 2013 22:35:17 +0000 Message-ID: <13CA24D6AB415D428143D44749F57D7201F0410B@ltcfiswmsgmb21> References: <13CA24D6AB415D428143D44749F57D7201F03E5D@ltcfiswmsgmb21> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.132.253.121] Content-Type: text/plain; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.10.8626, 1.0.431, 0.0.0000 definitions=2013-04-16_09:2013-04-16,2013-04-16,1970-01-01 signatures=0 Cc: "" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: Devin Teske List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Apr 2013 22:35:18 -0000 On Apr 16, 2013, at 3:13 PM, J David wrote: > This does appear to work under light testing; after applying and massaging > the patch I was able to add a default route to an 8.3-i386 jail on a > 9-STABLE-amd64 host. >=20 > I put the updated-for-9-STABLE patch here: >=20 > http://pastebin.com/iThJpMTe >=20 > (The referenced patch is by Sergey Kandaurov, not me, and I am not claimi= ng > any credit for it.) Excellent! I'm interested in this making it into HEAD. Can someone with experience wit= h the code that it touches help bring this in? --=20 Devin _____________ The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware= that any message addressed to our domain is subject to archiving and revie= w by persons other than the intended recipient. Thank you.