From owner-freebsd-jail@FreeBSD.ORG Sun Feb 23 07:11:49 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 9DE58FF8
for <freebsd-jail@freebsd.org>; Sun, 23 Feb 2014 07:11:49 +0000 (UTC)
Received: from mail-ea0-x22d.google.com (mail-ea0-x22d.google.com
[IPv6:2a00:1450:4013:c01::22d])
(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
(No client certificate requested)
by mx1.freebsd.org (Postfix) with ESMTPS id 32C27112B
for <freebsd-jail@freebsd.org>; Sun, 23 Feb 2014 07:11:49 +0000 (UTC)
Received: by mail-ea0-f173.google.com with SMTP id n15so1255991ead.18
for <freebsd-jail@freebsd.org>; Sat, 22 Feb 2014 23:11:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=message-id:date:from:reply-to:user-agent:mime-version:to:subject
:content-type:content-transfer-encoding;
bh=IssLAxoHJSDGSk4UU/H2SXf5DEGYujKgXMW1jp91fD8=;
b=qqNtnfE53iNlq1v3/vEudCIooRtBPGec/6DiTvi3XApyY/zrXtHXe60E+2zaKs7jA9
VOrWvVE3Dd6YhKphfJbYRe7xQ8DVSoaUjwjI/wIA2teqc6bBpwmVF+v5OdNqdcTTDw3w
BxJHBVnu2ziqg8GYfoPuwhoiXnRXLRXPBlptQOQccvyYUsBlfeiZUVOfB+IcyTNCRJlW
EjKHtHiZKnLfbUbbgzMxO1kkcCWWB3kkJCEpbU9azO931W+mC3JoTyau5zzCY7OIRxdu
x9BkpohYk6gac3QdD1fIkeHTLcJ5zTu9eG+Z3j4ZqoxUsf8TVnQSOYOcW5nUjAy913hO
MWEw==
X-Received: by 10.14.209.3 with SMTP id r3mr11974090eeo.85.1393139506308;
Sat, 22 Feb 2014 23:11:46 -0800 (PST)
Received: from [127.0.0.1] ([79.115.170.29])
by mx.google.com with ESMTPSA id m9sm47748840eeh.3.2014.02.22.23.11.44
for <freebsd-jail@freebsd.org>
(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
Sat, 22 Feb 2014 23:11:45 -0800 (PST)
Message-ID: <53099F2F.5030508@gmail.com>
Date: Sun, 23 Feb 2014 09:11:43 +0200
From: Folder <folder.trash@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: freebsd-jail@freebsd.org
Subject: devfs_ruleset not working in the new jail.conf (FreeBSD 10.0-RELEASE)
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: Folder.Trash@gmail.com
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Feb 2014 07:11:49 -0000
Hi,
I have used freeb up to 9 release by now. I now installed
FreeBSD 10.0-RELEASE and I am very disappointed with the new jail setup.
One of the reasons is that using devfs_ruleset has no effect
in jail.conf.
example:
DDNS {
host.hostname = "DDNS";
ip4.addr = "192.168.5.10";
ip4 = "inherit";
path = "/usr/local/JAIL/DDCLIENT/";
exec.start = "/bin/ddstart.sh &";
exec.consolelog = "/var/log/jail.DDNS.console.log";
devfs_ruleset = "5";
mount.devfs;
}
and devfs.rules:
[devfsrules_jailddns=5]
add hide
add path random unhide
add path urandom unhide
The result is mounting the hole jail tree in the jail... So much for
security in this release.
Even using the old jail setup in rc.conf , the /etc/rc.d/jail fails to
hide dev and mounts dev tree untouched under the jail:
jail_DDNS_rootdir="/usr/local/JAIL/DDCLIENT/"
jail_DDNS_hostname="DDNS"
jail_DDNS_ip="192.168.5.10"
jail_DDNS_exec_start="/bin/ddstart.sh &"
jail_DDNS_devfs_enable="YES"
jail_DDNS_devfs_ruleset="5"
From owner-freebsd-jail@FreeBSD.ORG Sun Feb 23 10:45:10 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id B95DC133
for <freebsd-jail@freebsd.org>; Sun, 23 Feb 2014 10:45:10 +0000 (UTC)
Received: from owm.eumx.net (eumx.net [91.82.101.43])
(using TLSv1 with cipher AES256-SHA (256/256 bits))
(No client certificate requested)
by mx1.freebsd.org (Postfix) with ESMTPS id 6CB231FEC
for <freebsd-jail@freebsd.org>; Sun, 23 Feb 2014 10:45:09 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=eumx.net; h=date
:message-id:from:to:subject:in-reply-to:references:mime-version
:content-type; s=default; bh=eZJsUA5Q2o1Ap8y2r2uL++3mUmc=; b=Ks0
jueo+L06/GrUXXhuvVj8I1MPo7o/fTgTtS+g5diUUOvbExzuEueyupWruKn5+yfK
XL2avb0TBK1ky/UBDOJ7+oo8KegWwG9QA5EiJnCIcsBi5cj+Lc4LAbQqRB7iz042
cr+Vx+yur805vKW0RhJXBYMlzOZdzOXf87FnQoyA=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=eumx.net; h=date:message-id
:from:to:subject:in-reply-to:references:mime-version
:content-type; q=dns; s=default; b=UDI6CpoE10m9yNOe5HWPlCvXRHGHF
oh803WVcL/mZrniti+YvRmfTmQXOjWYm4cbWa06GHFQzzSDv/Kza0vz3CSuxp86j
NJgoVqHb5b9JwDr7dtfgnIpD0es1Kdcb+wjqehRSvAejoYYy6RJBk8GELpOgCCoH
Y8/wkJaMOnQ0SY=
Date: Sun, 23 Feb 2014 11:45:05 +0100
Message-ID: <86zjliumz2.wl%hskuhra@eumx.net>
From: "Herbert J. Skuhra" <hskuhra@eumx.net>
To: freebsd-jail@freebsd.org
Subject: Re: devfs_ruleset not working in the new jail.conf (FreeBSD
10.0-RELEASE)
In-Reply-To: <53099F2F.5030508@gmail.com>
References: <53099F2F.5030508@gmail.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue)
FLIM/1.14.9 (=?ISO-8859-4?Q?Goj=F2?=) APEL/10.8 EasyPG/1.0.0 Emacs/24.3.50
(i386-pc-freebsd10.0) MULE/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset=US-ASCII
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Feb 2014 10:45:10 -0000
On Sun, 23 Feb 2014 09:11:43 +0200
Folder wrote:
> Hi,
>
> I have used freeb up to 9 release by now. I now installed
> FreeBSD 10.0-RELEASE and I am very disappointed with the new jail
> setup.
> One of the reasons is that using devfs_ruleset has no effect
> in jail.conf.
You obviously have to add
devfs_load_rulesets="YES"
to /etc/rc.conf and restart devfs.
--
Herbert
From owner-freebsd-jail@FreeBSD.ORG Mon Feb 24 11:06:51 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id A7351A9D
for <freebsd-jail@FreeBSD.org>; Mon, 24 Feb 2014 11:06:51 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:1900:2254:206c::16:87])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mx1.freebsd.org (Postfix) with ESMTPS id 92B6A1620
for <freebsd-jail@FreeBSD.org>; Mon, 24 Feb 2014 11:06:51 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id s1OB6pQN027574
for <freebsd-jail@FreeBSD.org>; Mon, 24 Feb 2014 11:06:51 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Received: (from gnats@localhost)
by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s1OB6pNC027572
for freebsd-jail@FreeBSD.org; Mon, 24 Feb 2014 11:06:51 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Date: Mon, 24 Feb 2014 11:06:51 GMT
Message-Id: <201402241106.s1OB6pNC027572@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: gnats set sender to
owner-bugmaster@FreeBSD.org using -f
From: FreeBSD bugmaster <bugmaster@freebsd.org>
To: freebsd-jail@FreeBSD.org
Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Feb 2014 11:06:51 -0000
Note: to view an individual PR, use:
http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).
The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.
S Tracker Resp. Description
--------------------------------------------------------------------------------
o kern/184719 jail [jail] Starting jails: cannot start jail "domain_com":
o conf/181650 jail [jail] [patch] /etc/rc.d/jail fails if a kernel built
o kern/180916 jail [jail] [regression] jail startup is broken for 8.4 wit
o kern/180067 jail [jail] [patch] fix multicast support within jails
o bin/178302 jail jail(8): unknown parameter: ip6.addr when kernel compi
o kern/176112 jail [jail] [panic] kernel panic when starting jails
o kern/174902 jail [jail] jail should provide validator for jail names
o bin/173469 jail [jail] regression: security.jail.sysvipc_allowed=1 no
o kern/169751 jail [jail] reading routing information does not work in ja
o bin/167911 jail new jail(8) problem with removal, ifconfg -alias and k
o kern/159918 jail [jail] inter-jail communication failure
o kern/156111 jail [jail] procstat -b not supported in jail
o misc/155765 jail [patch] `buildworld' does not honors WITHOUT_JAIL
o conf/154246 jail [jail] [patch] Bad symlink created if devfs mount poin
s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail
o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail
o kern/133265 jail [jail] is there a solution how to run nfs client in ja
o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail
o bin/99566 jail [jail] [patch] fstat(1) according to specified jid
19 problems total.
From owner-freebsd-jail@FreeBSD.ORG Mon Mar 3 11:06:47 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 3260AE24
for <freebsd-jail@FreeBSD.org>; Mon, 3 Mar 2014 11:06:47 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:1900:2254:206c::16:87])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mx1.freebsd.org (Postfix) with ESMTPS id 1F386944
for <freebsd-jail@FreeBSD.org>; Mon, 3 Mar 2014 11:06:47 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s23B6k1h008543
for <freebsd-jail@FreeBSD.org>; Mon, 3 Mar 2014 11:06:46 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Received: (from gnats@localhost)
by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s23B6kUS008541
for freebsd-jail@FreeBSD.org; Mon, 3 Mar 2014 11:06:46 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Date: Mon, 3 Mar 2014 11:06:46 GMT
Message-Id: <201403031106.s23B6kUS008541@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: gnats set sender to
owner-bugmaster@FreeBSD.org using -f
From: FreeBSD bugmaster <bugmaster@freebsd.org>
To: freebsd-jail@FreeBSD.org
Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Mar 2014 11:06:47 -0000
Note: to view an individual PR, use:
http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).
The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.
S Tracker Resp. Description
--------------------------------------------------------------------------------
o kern/184719 jail [jail] Starting jails: cannot start jail "domain_com":
o conf/181650 jail [jail] [patch] /etc/rc.d/jail fails if a kernel built
o kern/180916 jail [jail] [regression] jail startup is broken for 8.4 wit
o kern/180067 jail [jail] [patch] fix multicast support within jails
o bin/178302 jail jail(8): unknown parameter: ip6.addr when kernel compi
o kern/176112 jail [jail] [panic] kernel panic when starting jails
o kern/174902 jail [jail] jail should provide validator for jail names
o bin/173469 jail [jail] regression: security.jail.sysvipc_allowed=1 no
o kern/169751 jail [jail] reading routing information does not work in ja
o bin/167911 jail new jail(8) problem with removal, ifconfg -alias and k
o kern/159918 jail [jail] inter-jail communication failure
o kern/156111 jail [jail] procstat -b not supported in jail
o misc/155765 jail [patch] `buildworld' does not honors WITHOUT_JAIL
o conf/154246 jail [jail] [patch] Bad symlink created if devfs mount poin
s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail
o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail
o kern/133265 jail [jail] is there a solution how to run nfs client in ja
o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail
o bin/99566 jail [jail] [patch] fstat(1) according to specified jid
19 problems total.
From owner-freebsd-jail@FreeBSD.ORG Sun Mar 9 15:42:09 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 667CE147;
Sun, 9 Mar 2014 15:42:09 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:1900:2254:206c::16:87])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mx1.freebsd.org (Postfix) with ESMTPS id 39E2D7E8;
Sun, 9 Mar 2014 15:42:09 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s29Fg9H1058958;
Sun, 9 Mar 2014 15:42:09 GMT
(envelope-from linimon@freefall.freebsd.org)
Received: (from linimon@localhost)
by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s29Fg91e058957;
Sun, 9 Mar 2014 15:42:09 GMT (envelope-from linimon)
Date: Sun, 9 Mar 2014 15:42:09 GMT
Message-Id: <201403091542.s29Fg91e058957@freefall.freebsd.org>
To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-jail@FreeBSD.org
From: linimon@FreeBSD.org
Subject: Re: kern/187079: [jail] devfs_load_rulesets has to be enabled for
mount.devfs to behave like expected
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Mar 2014 15:42:09 -0000
Old Synopsis: devfs_load_rulesets has to be enabled for mount.devfs to behave like expected
New Synopsis: [jail] devfs_load_rulesets has to be enabled for mount.devfs to behave like expected
Responsible-Changed-From-To: freebsd-bugs->freebsd-jail
Responsible-Changed-By: linimon
Responsible-Changed-When: Sun Mar 9 15:41:47 UTC 2014
Responsible-Changed-Why:
reclassify.
http://www.freebsd.org/cgi/query-pr.cgi?pr=187079
From owner-freebsd-jail@FreeBSD.ORG Mon Mar 10 11:06:47 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id B0674182
for <freebsd-jail@FreeBSD.org>; Mon, 10 Mar 2014 11:06:47 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:1900:2254:206c::16:87])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mx1.freebsd.org (Postfix) with ESMTPS id 9E17A80C
for <freebsd-jail@FreeBSD.org>; Mon, 10 Mar 2014 11:06:47 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s2AB6l5F043241
for <freebsd-jail@FreeBSD.org>; Mon, 10 Mar 2014 11:06:47 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Received: (from gnats@localhost)
by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s2AB6lN8043239
for freebsd-jail@FreeBSD.org; Mon, 10 Mar 2014 11:06:47 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Date: Mon, 10 Mar 2014 11:06:47 GMT
Message-Id: <201403101106.s2AB6lN8043239@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: gnats set sender to
owner-bugmaster@FreeBSD.org using -f
From: FreeBSD bugmaster <bugmaster@freebsd.org>
To: freebsd-jail@FreeBSD.org
Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Mar 2014 11:06:47 -0000
Note: to view an individual PR, use:
http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).
The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.
S Tracker Resp. Description
--------------------------------------------------------------------------------
o kern/187079 jail [jail] devfs_load_rulesets has to be enabled for mount
o kern/184719 jail [jail] Starting jails: cannot start jail "domain_com":
o conf/181650 jail [jail] [patch] /etc/rc.d/jail fails if a kernel built
o kern/180916 jail [jail] [regression] jail startup is broken for 8.4 wit
o kern/180067 jail [jail] [patch] fix multicast support within jails
o bin/178302 jail jail(8): unknown parameter: ip6.addr when kernel compi
o kern/176112 jail [jail] [panic] kernel panic when starting jails
o kern/174902 jail [jail] jail should provide validator for jail names
o bin/173469 jail [jail] regression: security.jail.sysvipc_allowed=1 no
o kern/169751 jail [jail] reading routing information does not work in ja
o bin/167911 jail new jail(8) problem with removal, ifconfg -alias and k
o kern/159918 jail [jail] inter-jail communication failure
o kern/156111 jail [jail] procstat -b not supported in jail
o misc/155765 jail [patch] `buildworld' does not honors WITHOUT_JAIL
o conf/154246 jail [jail] [patch] Bad symlink created if devfs mount poin
s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail
o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail
o kern/133265 jail [jail] is there a solution how to run nfs client in ja
o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail
o bin/99566 jail [jail] [patch] fstat(1) according to specified jid
20 problems total.
From owner-freebsd-jail@FreeBSD.ORG Mon Mar 17 11:06:47 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 695399F7
for <freebsd-jail@FreeBSD.org>; Mon, 17 Mar 2014 11:06:47 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:1900:2254:206c::16:87])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mx1.freebsd.org (Postfix) with ESMTPS id 55E87296
for <freebsd-jail@FreeBSD.org>; Mon, 17 Mar 2014 11:06:47 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s2HB6lA6011284
for <freebsd-jail@FreeBSD.org>; Mon, 17 Mar 2014 11:06:47 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Received: (from gnats@localhost)
by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s2HB6kOP011282
for freebsd-jail@FreeBSD.org; Mon, 17 Mar 2014 11:06:46 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Date: Mon, 17 Mar 2014 11:06:46 GMT
Message-Id: <201403171106.s2HB6kOP011282@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: gnats set sender to
owner-bugmaster@FreeBSD.org using -f
From: FreeBSD bugmaster <bugmaster@freebsd.org>
To: freebsd-jail@FreeBSD.org
Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Mar 2014 11:06:47 -0000
Note: to view an individual PR, use:
http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).
The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.
S Tracker Resp. Description
--------------------------------------------------------------------------------
o kern/187079 jail [jail] devfs_load_rulesets has to be enabled for mount
o kern/184719 jail [jail] Starting jails: cannot start jail "domain_com":
o conf/181650 jail [jail] [patch] /etc/rc.d/jail fails if a kernel built
o kern/180916 jail [jail] [regression] jail startup is broken for 8.4 wit
o kern/180067 jail [jail] [patch] fix multicast support within jails
o bin/178302 jail jail(8): unknown parameter: ip6.addr when kernel compi
o kern/176112 jail [jail] [panic] kernel panic when starting jails
o kern/174902 jail [jail] jail should provide validator for jail names
o bin/173469 jail [jail] regression: security.jail.sysvipc_allowed=1 no
o kern/169751 jail [jail] reading routing information does not work in ja
o bin/167911 jail new jail(8) problem with removal, ifconfg -alias and k
o kern/159918 jail [jail] inter-jail communication failure
o kern/156111 jail [jail] procstat -b not supported in jail
o misc/155765 jail [patch] `buildworld' does not honors WITHOUT_JAIL
o conf/154246 jail [jail] [patch] Bad symlink created if devfs mount poin
s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail
o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail
o kern/133265 jail [jail] is there a solution how to run nfs client in ja
o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail
o bin/99566 jail [jail] [patch] fstat(1) according to specified jid
20 problems total.
From owner-freebsd-jail@FreeBSD.ORG Fri Mar 21 19:33:59 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 2A851F6C
for <freebsd-jail@freebsd.org>; Fri, 21 Mar 2014 19:33:59 +0000 (UTC)
Received: from chkenon.earlham.edu (chkenon.earlham.edu [159.28.1.87])
by mx1.freebsd.org (Postfix) with ESMTP id ECBF38FF
for <freebsd-jail@freebsd.org>; Fri, 21 Mar 2014 19:33:58 +0000 (UTC)
X-ASG-Debug-ID: 1395429418-079a1f4fe3c9aa0001-dVRlEP
Received: from sunstone.earlham.edu (sunstone.earlham.edu [159.28.3.91]) by
chkenon.earlham.edu with ESMTP id zAJv3X2nUxsTW0P5 for
<freebsd-jail@freebsd.org>; Fri, 21 Mar 2014 15:16:58 -0400 (EDT)
X-Barracuda-Envelope-From: schulra@earlham.edu
X-Barracuda-Apparent-Source-IP: 159.28.3.91
Received: from tdream.lly.earlham.edu (tdream.lly.earlham.edu [159.28.7.241])
by sunstone.earlham.edu (Postfix) with ESMTP id 5D908171D53E
for <freebsd-jail@freebsd.org>; Fri, 21 Mar 2014 15:16:58 -0400 (EDT)
Date: Fri, 21 Mar 2014 15:16:58 -0400 (EDT)
From: Randy Schultz <schulra@earlham.edu>
X-X-Sender: schulra@localhost
To: freebsd-jail@freebsd.org
Subject: jails and X forwarding
Message-ID: <alpine.BSF.2.00.1403211453110.68818@localhost>
X-ASG-Orig-Subj: jails and X forwarding
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
X-Barracuda-Connect: sunstone.earlham.edu[159.28.3.91]
X-Barracuda-Start-Time: 1395429418
X-Barracuda-URL: http://159.28.1.87:8000/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at earlham.edu
X-Barracuda-BRTS-Status: 1
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0
QUARANTINE_LEVEL=1000.0 KILL_LEVEL=1000.0 tests=
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.4128
Rule breakdown below
pts rule name description
---- ---------------------- --------------------------------------------------
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Mar 2014 19:33:59 -0000
Hiya,
I am trying to allow a jail to do X forwarding ala ssh -Y, but seem to be
missing something. I have narrowed it down to something with the jail, having
successfully done this with non-jails. IOW, sshd_config has "X11Forwarding
yes" etc. The system is fbsd 9.2-STABLE. The jail is set up using ezjail. I
have tweaked various jail sysctl settings in case there was something there I
was missing. I disabled the firewall rules to removed potential interference
from that angle. All to no avail. I keep getting ye olde
xclock
X11 connection rejected because of wrong authentication.
Error: Can't open display: localhost:10.0
What am I missing?
--
Randy (schulra@earlham.edu) 765.983.1283 <*>
Hatred does not cease by hatred, but only by love; this is the eternal rule.
- Siddhartha Gautama
From owner-freebsd-jail@FreeBSD.ORG Fri Mar 21 19:51:50 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 8B149806;
Fri, 21 Mar 2014 19:51:50 +0000 (UTC)
Received: from mx1.fisglobal.com (mx1.fisglobal.com [199.200.24.190])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by mx1.freebsd.org (Postfix) with ESMTPS id 5761DB08;
Fri, 21 Mar 2014 19:51:50 +0000 (UTC)
Received: from smarthost.fisglobal.com ([10.132.206.191])
by ltcfislmsgpa04.fnfis.com (8.14.5/8.14.5) with ESMTP id s2LJpfe0015172
(version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT);
Fri, 21 Mar 2014 14:51:41 -0500
Received: from THEMADHATTER (10.242.181.54) by smarthost.fisglobal.com
(10.132.206.191) with Microsoft SMTP Server id 14.3.174.1; Fri, 21 Mar 2014
14:51:40 -0500
From: <dteske@FreeBSD.org>
Sender: Devin Teske <devin.teske@fisglobal.com>
To: "'Randy Schultz'" <schulra@earlham.edu>, <freebsd-jail@freebsd.org>
References: <alpine.BSF.2.00.1403211453110.68818@localhost>
In-Reply-To: <alpine.BSF.2.00.1403211453110.68818@localhost>
Subject: RE: jails and X forwarding
Date: Fri, 21 Mar 2014 12:51:26 -0700
Message-ID: <008e01cf453e$f31d0d10$d9572730$@FreeBSD.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQJGrH9nTyXn+835lHae6SCs1d/utpn9IbxA
Content-Language: en-us
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.11.87, 1.0.14,
0.0.0000
definitions=2014-03-21_06:2014-03-21,2014-03-21,1970-01-01 signatures=0
Cc: 'Devin Teske' <dteske@freebsd.org>
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Mar 2014 19:51:50 -0000
> -----Original Message-----
> From: Randy Schultz [mailto:schulra@earlham.edu]
> Sent: Friday, March 21, 2014 12:17 PM
> To: freebsd-jail@freebsd.org
> Subject: jails and X forwarding
>
> Hiya,
>
> I am trying to allow a jail to do X forwarding ala ssh -Y, but seem to be
missing
> something. I have narrowed it down to something with the jail, having
> successfully done this with non-jails. IOW, sshd_config has
"X11Forwarding
> yes" etc. The system is fbsd 9.2-STABLE. The jail is set up using
ezjail. I have
> tweaked various jail sysctl settings in case there was something there I
was
> missing. I disabled the firewall rules to removed potential interference
from
> that angle. All to no avail. I keep getting ye olde
>
> xclock
> X11 connection rejected because of wrong authentication.
> Error: Can't open display: localhost:10.0
>
> What am I missing?
>
[Devin Teske]
Try installing xauth.
--
Devin
_____________
The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.
From owner-freebsd-jail@FreeBSD.ORG Sat Mar 22 01:01:53 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 6DF8A248
for <freebsd-jail@freebsd.org>; Sat, 22 Mar 2014 01:01:53 +0000 (UTC)
Received: from chibanda.earlham.edu (chibanda.earlham.edu [159.28.1.168])
by mx1.freebsd.org (Postfix) with ESMTP id 3CEFCB2A
for <freebsd-jail@freebsd.org>; Sat, 22 Mar 2014 01:01:52 +0000 (UTC)
X-ASG-Debug-ID: 1395449188-06e52b16d0eca10001-dVRlEP
Received: from sunstone.earlham.edu (sunstone.earlham.edu [159.28.3.91]) by
chibanda.earlham.edu with ESMTP id rv1pohjImobHmJzn;
Fri, 21 Mar 2014 20:46:28 -0400 (EDT)
X-Barracuda-Envelope-From: schulra@earlham.edu
X-Barracuda-Apparent-Source-IP: 159.28.3.91
Received: from tdream.lly.earlham.edu (tdream.lly.earlham.edu [159.28.7.241])
by sunstone.earlham.edu (Postfix) with ESMTP id 84339171D540;
Fri, 21 Mar 2014 20:46:28 -0400 (EDT)
Date: Fri, 21 Mar 2014 20:46:28 -0400 (EDT)
From: Randy Schultz <schulra@earlham.edu>
X-X-Sender: schulra@localhost
To: 'Devin Teske' <dteske@FreeBSD.org>
Subject: RE: jails and X forwarding
In-Reply-To: <008e01cf453e$f31d0d10$d9572730$@FreeBSD.org>
X-ASG-Orig-Subj: RE: jails and X forwarding
Message-ID: <alpine.BSF.2.00.1403212045410.28807@localhost>
References: <alpine.BSF.2.00.1403211453110.68818@localhost>
<008e01cf453e$f31d0d10$d9572730$@FreeBSD.org>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Barracuda-Connect: sunstone.earlham.edu[159.28.3.91]
X-Barracuda-Start-Time: 1395449188
X-Barracuda-URL: http://159.28.1.168:8000/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at earlham.edu
X-Barracuda-BRTS-Status: 1
X-Barracuda-Spam-Score: -1002.00
X-Barracuda-Spam-Status: No, SCORE=-1002.00 using global scores of
TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=1000.0
Cc: freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Mar 2014 01:01:53 -0000
On Fri, 21 Mar 2014, dteske@FreeBSD.org wrote:
-}
-}> I am trying to allow a jail to do X forwarding ala ssh -Y, but seem to be
-}missing
-}> something. I have narrowed it down to something with the jail, having
-}> successfully done this with non-jails. IOW, sshd_config has
-}"X11Forwarding
-}> yes" etc. The system is fbsd 9.2-STABLE. The jail is set up using
-}ezjail. I have
-}> tweaked various jail sysctl settings in case there was something there I
-}was
-}> missing. I disabled the firewall rules to removed potential interference
-}from
-}> that angle. All to no avail. I keep getting ye olde
-}>
-}> xclock
-}> X11 connection rejected because of wrong authentication.
-}> Error: Can't open display: localhost:10.0
-}>
-}> What am I missing?
-}>
-}[Devin Teske]
-}
-}Try installing xauth.
Ah, I had already done that:
Dude ? pkg_info|egrep xauth
xauth-1.0.8 X authority file utility
--
Randy (schulra@earlham.edu) 765.983.1283 <*>
Hatred does not cease by hatred, but only by love; this is the eternal rule.
- Siddhartha Gautama
From owner-freebsd-jail@FreeBSD.ORG Sat Mar 22 01:30:10 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 9833F462;
Sat, 22 Mar 2014 01:30:10 +0000 (UTC)
Received: from mx1.fisglobal.com (mx1.fisglobal.com [199.200.24.190])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by mx1.freebsd.org (Postfix) with ESMTPS id 639C3D36;
Sat, 22 Mar 2014 01:30:10 +0000 (UTC)
Received: from smarthost.fisglobal.com ([10.132.206.191])
by ltcfislmsgpa05.fnfis.com (8.14.5/8.14.5) with ESMTP id s2M1U7pP030425
(version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT);
Fri, 21 Mar 2014 20:30:07 -0500
Received: from THEMADHATTER (10.242.181.54) by smarthost.fisglobal.com
(10.132.206.191) with Microsoft SMTP Server id 14.3.174.1; Fri, 21 Mar 2014
20:30:06 -0500
From: <dteske@FreeBSD.org>
Sender: Devin Teske <devin.teske@fisglobal.com>
To: "'Randy Schultz'" <schulra@earlham.edu>,
"'Devin Teske'" <dteske@FreeBSD.org>
References: <alpine.BSF.2.00.1403211453110.68818@localhost>
<008e01cf453e$f31d0d10$d9572730$@FreeBSD.org>
<alpine.BSF.2.00.1403212045410.28807@localhost>
In-Reply-To: <alpine.BSF.2.00.1403212045410.28807@localhost>
Subject: RE: jails and X forwarding
Date: Fri, 21 Mar 2014 18:29:52 -0700
Message-ID: <00e301cf456e$39fdfee0$adf9fca0$@FreeBSD.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQJGrH9nTyXn+835lHae6SCs1d/utgGBtqxEAa12kHCZ5AmUYA==
Content-Language: en-us
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.11.87, 1.0.14,
0.0.0000
definitions=2014-03-21_07:2014-03-21,2014-03-21,1970-01-01 signatures=0
Cc: freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Mar 2014 01:30:10 -0000
> -----Original Message-----
> From: Randy Schultz [mailto:schulra@earlham.edu]
> Sent: Friday, March 21, 2014 5:46 PM
> To: 'Devin Teske'
> Cc: freebsd-jail@freebsd.org
> Subject: RE: jails and X forwarding
>
> On Fri, 21 Mar 2014, dteske@FreeBSD.org wrote:
>
> -}
> -}> I am trying to allow a jail to do X forwarding ala ssh -Y, but seem to
be -
> }missing -}> something. I have narrowed it down to something with the
jail,
> having -}> successfully done this with non-jails. IOW, sshd_config has -
> }"X11Forwarding -}> yes" etc. The system is fbsd 9.2-STABLE. The jail is
set
> up using -}ezjail. I have -}> tweaked various jail sysctl settings in
case there
> was something there I -}was -}> missing. I disabled the firewall rules to
> removed potential interference -}from -}> that angle. All to no avail. I
keep
> getting ye olde -}>
> -}> xclock
> -}> X11 connection rejected because of wrong authentication.
> -}> Error: Can't open display: localhost:10.0
> -}>
> -}> What am I missing?
> -}>
> -}[Devin Teske]
> -}
> -}Try installing xauth.
>
> Ah, I had already done that:
>
> Dude ? pkg_info|egrep xauth
> xauth-1.0.8 X authority file utility
>
Dunno what to say. Sounds like a regression because I'm X11
forwarding off of jails every day.
Admittedly, the jails I'm using are FreeBSD-8. Some of these
FreeBSD-8 jails are running under a FreeBSD-9 host. I'm using
both Xming on Windows and Xserver on Mac OS X.
--
Devin
_____________
The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.
From owner-freebsd-jail@FreeBSD.ORG Mon Mar 24 11:06:47 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 7B59CFCD
for <freebsd-jail@FreeBSD.org>; Mon, 24 Mar 2014 11:06:47 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:1900:2254:206c::16:87])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mx1.freebsd.org (Postfix) with ESMTPS id 67EC4171
for <freebsd-jail@FreeBSD.org>; Mon, 24 Mar 2014 11:06:47 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s2OB6lfd013891
for <freebsd-jail@FreeBSD.org>; Mon, 24 Mar 2014 11:06:47 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Received: (from gnats@localhost)
by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s2OB6kYo013889
for freebsd-jail@FreeBSD.org; Mon, 24 Mar 2014 11:06:46 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Date: Mon, 24 Mar 2014 11:06:46 GMT
Message-Id: <201403241106.s2OB6kYo013889@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: gnats set sender to
owner-bugmaster@FreeBSD.org using -f
From: FreeBSD bugmaster <bugmaster@freebsd.org>
To: freebsd-jail@FreeBSD.org
Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Mar 2014 11:06:47 -0000
Note: to view an individual PR, use:
http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).
The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.
S Tracker Resp. Description
--------------------------------------------------------------------------------
o kern/187079 jail [jail] devfs_load_rulesets has to be enabled for mount
o kern/184719 jail [jail] Starting jails: cannot start jail "domain_com":
o conf/181650 jail [jail] [patch] /etc/rc.d/jail fails if a kernel built
o kern/180916 jail [jail] [regression] jail startup is broken for 8.4 wit
o kern/180067 jail [jail] [patch] fix multicast support within jails
o bin/178302 jail jail(8): unknown parameter: ip6.addr when kernel compi
o kern/176112 jail [jail] [panic] kernel panic when starting jails
o kern/174902 jail [jail] jail should provide validator for jail names
o bin/173469 jail [jail] regression: security.jail.sysvipc_allowed=1 no
o kern/169751 jail [jail] reading routing information does not work in ja
o bin/167911 jail new jail(8) problem with removal, ifconfg -alias and k
o kern/159918 jail [jail] inter-jail communication failure
o kern/156111 jail [jail] procstat -b not supported in jail
o misc/155765 jail [patch] `buildworld' does not honors WITHOUT_JAIL
o conf/154246 jail [jail] [patch] Bad symlink created if devfs mount poin
s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail
o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail
o kern/133265 jail [jail] is there a solution how to run nfs client in ja
o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail
o bin/99566 jail [jail] [patch] fstat(1) according to specified jid
20 problems total.
From owner-freebsd-jail@FreeBSD.ORG Mon Mar 24 17:26:28 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 01F59127
for <jail@freebsd.org>; Mon, 24 Mar 2014 17:26:28 +0000 (UTC)
Received: from system.jails.se (system.jails.se [IPv6:2001:16d8:cc1e:1::1])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mx1.freebsd.org (Postfix) with ESMTPS id 4133FF93
for <jail@freebsd.org>; Mon, 24 Mar 2014 17:26:23 +0000 (UTC)
Received: from localhost (system.jails.se [91.205.63.85])
by system.jails.se (Postfix) with SMTP id 9F4404BC685
for <jail@freebsd.org>; Mon, 24 Mar 2014 18:26:19 +0100 (CET)
Received: from mobius.uppmax.uu.se (h148n9-u-a31.ias.bredband.telia.com
[213.67.100.148])
(using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits))
(No client certificate requested)
by system.jails.se (Postfix) with ESMTPSA id 18A6E4BC681
for <jail@freebsd.org>; Mon, 24 Mar 2014 18:26:19 +0100 (CET)
Message-ID: <53306ABD.7010105@pean.org>
Date: Mon, 24 Mar 2014 18:26:21 +0100
From: =?ISO-8859-1?Q?Peter_Ankerst=E5l?= <peter@pean.org>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: jail@freebsd.org
Subject: Problem running bsnmpd inside jail.
Content-Type: multipart/signed; protocol="application/pkcs7-signature";
micalg=sha1; boundary="------------ms000005010803020805020909"
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Mar 2014 17:26:28 -0000
This is a cryptographically signed message in MIME format.
--------------ms000005010803020805020909
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
(previously posted to stable)
Hi!
Im running a few jails on FreeBSD 10.0-RELEASE (amd64) but I cant get=20
bsnmpd to work inside
a jail. It has worked in the past but that was FreeBSD 9.
its a standard bsnmpd config without any large changes to the config.=20
The exact same configs works fine when run outside a jail.
# /usr/sbin/bsnmpd -d -p /var/run/snmpd.pid
snmpd[38890]: disk_OS_get_disks: adding device 'cd0' to device list
snmpd[38890]: disk_OS_get_disks: adding device 'da2' to device list
snmpd[38890]: disk_OS_get_disks: adding device 'da1' to device list
snmpd[38890]: disk_OS_get_disks: adding device 'da0' to device list
snmpd[38890]: Failed to connect socket for /var/run/devd.pipe: No such=20
file or directory
snmpd[38890]: sendmsg: Invalid argument # I get these when i try =
to snmpwalk.
snmpd[38890]: sendmsg: Invalid argument
snmpd[38890]: sendmsg: Invalid argument
truss says:
select(14,{4 12 13},{},{},{0.999936 }) =3D 0 (0x0)
gettimeofday({1395507232.011776 },0x0) =3D 0 (0x0)
gettimeofday({1395507232.011836 },0x0) =3D 0 (0x0)
select(14,{4 12 13},{},{},{0.999940 }) =3D 0 (0x0)
gettimeofday({1395507233.012739 },0x0) =3D 0 (0x0)
gettimeofday({1395507233.012801 },0x0) =3D 0 (0x0)
select(14,{4 12 13},{},{},{0.999938 }) =3D 1 (0x1)
recvmsg(0xc,0x7fffffffac40,0x0,0x7fffffffaca0,0x801c23010,0x2) =3D 43 (0x=
2b)
sigprocmask(SIG_BLOCK,0x0,0x0) =3D 0 (0x0)
open("/etc/hosts.allow",O_RDONLY,0666) =3D 14 (0xe)
fstat(14,{ mode=3D-rw-r--r-- ,inode=3D3849888,size=3D18,blksize=3D4096 })=
=3D 0 (0x0)
read(14,"ALL : ALL : allow\n",4096) =3D 18 (0x12)
close(14) =3D 0 (0x0)
sigprocmask(SIG_SETMASK,0x0,0x0) =3D 0 (0x0)
gettimeofday({1395507233.562291 },0x0) =3D 0 (0x0)
sendmsg(0xc,0x7ffffffe1120,0x0,0x5cea9fbe35c62e6e,0x3,0x2) ERR#22=20
'Invalid argument'
clock_gettime(13,{1395507233.000000000 }) =3D 0 (0x0)
getpid() =3D 38997 (0x9855)
snmpd[38997]: sendmsg: Invalid argument
writev(0x2,0x7ffffffe0320,0x2,0xffffffffffffffec,0x14,0x800f98370) =3D 40=
=20
(0x28)
sendto(8,"<11>Mar 22 17:53:53 snmpd[38997]"...,59,0x0,NULL,0x0) =3D 59 (0=
x3b)
gettimeofday({1395507233.562815 },0x0) =3D 0 (0x0)
gettimeofday({1395507233.562869 },0x0) =3D 0 (0x0)
select(14,{4 12 13},{},{},{0.449870 }) =3D 0 (0x0)
gettimeofday({1395507234.041473 },0x0) =3D 0 (0x0)
gettimeofday({1395507234.041535 },0x0) =3D 0 (0x0)
select(14,{4 12 13},{},{},{0.948960 }) =3D 1 (0x1)
recvmsg(0xc,0x7fffffffac40,0x0,0x7fffffffaca0,0x64,0x0) =3D 43 (0x2b)
sigprocmask(SIG_BLOCK,0x0,0x0) =3D 0 (0x0)
open("/etc/hosts.allow",O_RDONLY,0666) =3D 14 (0xe)
fstat(14,{ mode=3D-rw-r--r-- ,inode=3D3849888,size=3D18,blksize=3D4096 })=
=3D 0 (0x0)
read(14,"ALL : ALL : allow\n",4096) =3D 18 (0x12)
close(14) =3D 0 (0x0)
sigprocmask(SIG_SETMASK,0x0,0x0) =3D 0 (0x0)
gettimeofday({1395507234.567052 },0x0) =3D 0 (0x0)
sendmsg(0xc,0x7ffffffe1120,0x0,0x5cea9fbe35c62e6e,0x3,0x2) ERR#22=20
'Invalid argument'
clock_gettime(13,{1395507234.000000000 }) =3D 0 (0x0)
getpid()
snmpd[38997]: sendmsg: Invalid argument
writev(0x2,0x7ffffffe0320,0x2,0xffffffffffffffec,0x14,0x800f98370) =3D 40=
=20
(0x28)
sendto(8,"<11>Mar 22 17:53:54 snmpd[38997]"...,59,0x0,NULL,0x0) =3D 59 (0=
x3b)
gettimeofday({1395507234.567457 },0x0) =3D 0 (0x0)
gettimeofday({1395507234.567512 },0x0) =3D 0 (0x0)
select(14,{4 12 13},{},{},{0.422983 }) =3D 0 (0x0)
gettimeofday({1395507235.010734 },0x0) =3D 0 (0x0)
__sysctl(0x7fffffffafc0,0x2,0x7fffffffb000,0x7fffffffaff8,0x8030855ea,0x1=
7)=20
=3D 0 (0x0)
__sysctl(0x7fffffffb000,0x4,0x7fffffffb0d8,0x7fffffffb0a8,0x0,0x0) =3D 0 =
(0x0)
__sysctl(0x7fffffffafc0,0x2,0x7fffffffb000,0x7fffffffaff8,0x803085602,0x1=
8)=20
=3D 0 (0x0)
__sysctl(0x7fffffffb000,0x4,0x7fffffffb0d8,0x7fffffffb0a8,0x0,0x0) =3D 0 =
(0x0)
__sysctl(0x7fffffffafc0,0x2,0x7fffffffb000,0x7fffffffaff8,0x80308561b,0x1=
3)=20
=3D 0 (0x0)
__sysctl(0x7fffffffb000,0x4,0x7fffffffb0d8,0x7fffffffb0a8,0x0,0x0) =3D 0 =
(0x0)
__sysctl(0x7fffffffafc0,0x2,0x7fffffffb000,0x7fffffffaff8,0x80308562f,0x1=
4)=20
=3D 0 (0x0)
__sysctl(0x7fffffffb000,0x4,0x7fffffffb0d8,0x7fffffffb0a8,0x0,0x0) =3D 0 =
(0x0)
__sysctl(0x7fffffffafe0,0x2,0x7fffffffb020,0x7fffffffb018,0x803085644,0xc=
)=20
=3D 0 (0x0)
__sysctl(0x7fffffffb020,0x2,0x803294a00,0x7fffffffb0e0,0x0,0x0) =3D 0 (0x=
0)
gettimeofday({1395507235.011369 },0x0) =3D 0 (0x0)
clock_gettime(4,{335225.177478505 }) =3D 0 (0x0)
__sysctl(0x7fffffffac20,0x2,0x7fffffffac60,0x7fffffffac58,0x803c03cf3,0x1=
4)=20
=3D 0 (0x0)
__sysctl(0x7fffffffac60,0x3,0x7fffffffad04,0x7fffffffad08,0x0,0x0) =3D 0 =
(0x0)
__sysctl(0x7fffffffac80,0x2,0x7fffffffacc0,0x7fffffffacb8,0x803c03efb,0x1=
0)=20
=3D 0 (0x0)
__sysctl(0x7fffffffacc0,0x3,0x801c99600,0x7fffffffad98,0x0,0x0) =3D 0 (0x=
0)
__sysctl(0x7fffffffac20,0x2,0x7fffffffac60,0x7fffffffac58,0x803c03cf3,0x1=
4)=20
=3D 0 (0x0)
__sysctl(0x7fffffffac60,0x3,0x7fffffffad04,0x7fffffffad08,0x0,0x0) =3D 0 =
(0x0)
gettimeofday({1395507235.011811 },0x0) =3D 0 (0x0)
gettimeofday({1395507235.011868 },0x0) =3D 0 (0x0)
gettimeofday({1395507235.011915 },0x0) =3D 0 (0x0)
gettimeofday({1395507235.011959 },0x0) =3D 0 (0x0)
open("/dev/null",O_CLOEXEC,00) =3D 14 (0xe)
fstat(14,{ mode=3Dcrw-rw-rw- ,inode=3D20,size=3D0,blksize=3D4096 }) =3D 0=
(0x0)
open("/dev/null",O_CLOEXEC,00) =3D 15 (0xf)
__sysctl(0x7fffffffa880,0x3,0x0,0x7fffffffa870,0x0,0x0) =3D 0 (0x0)
__sysctl(0x7fffffffa880,0x3,0x801d92000,0x7fffffffa870,0x0,0x0) =3D 0 (0x=
0)
close(14) =3D 0 (0x0)
close(15) =3D 0 (0x0)
gettimeofday({1395507235.015009 },0x0) =3D 0 (0x0)
gettimeofday({1395507235.015057 },0x0) =3D 0 (0x0)
gettimeofday({1395507235.015106 },0x0) =3D 0 (0x0)
select(14,{4 12 13},{},{},{0.026367 }) =3D 0 (0x0)
gettimeofday({1395507235.043455 },0x0) =3D 0 (0x0)
gettimeofday({1395507235.043505 },0x0) =3D 0 (0x0)
select(14,{4 12 13},{},{},{0.999950 }) =3D 0 (0x0)
gettimeofday({1395507236.062471 },0x0) =3D 0 (0x0)
gettimeofday({1395507236.062525 },0x0) =3D 0 (0x0)
select(14,{4 12 13},{},{},{0.999946 }) =3D 0 (0x0)
gettimeofday({1395507237.065759 },0x0) =3D 0 (0x0)
gettimeofday({1395507237.065819 },0x0) =3D 0 (0x0)
^Cselect(14,{4 12 13},{},{},{0.999940 }) ERR#4=20
'Interrupted system call'
SIGNAL 2 (SIGINT)
unlink("/var/run/snmpd.pid") =3D 0 (0x0)
lstat("/var/run/snmpd.sock",{ mode=3Dsrw-rw-rw-=20
,inode=3D4965221,size=3D0,blksize=3D131072 }) =3D 0 (0x0)
unlink("/var/run/snmpd.sock") =3D 0 (0x0)
--------------ms000005010803020805020909
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIMbzCC
BjMwggUboAMCAQICAwiyiDANBgkqhkiG9w0BAQUFADCBjDELMAkGA1UEBhMCSUwxFjAUBgNV
BAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRl
IFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlh
dGUgQ2xpZW50IENBMB4XDTE0MDEyMDA3NTIzOFoXDTE1MDEyMTA4NTkyMVowUzEZMBcGA1UE
DRMQMWlGRkxHbTV3RmVTWjZ6OTEXMBUGA1UEAwwOcGV0ZXJAcGVhbi5vcmcxHTAbBgkqhkiG
9w0BCQEWDnBldGVyQHBlYW4ub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
zoKHiOE9vdQgax/GZyTaqtNvfjGIHwG1tsMOXZELs49KJY66oD//szW3yoIl8nQapUBn+hZq
s3QT5PxqfElXxljYszYE6yk3kWR7EVtlIEfT7Pf24XlFw4uzoZzEjaxPJBt4+BWwb1MpqBmw
TNZwZGYI9SO6JW23G9o+e+hPmlXFTovW9B36J0M2Qu0+IE6MsDIG0y5CwuiXMqNz+vEBiIBv
def3CIidRn3/K7DQYBYn9gj/UNB1yf1GRhsNDO124T9+9bhlplov0srt7pqQjaSiiqVOCCWd
pxvM/eF0LFBkEFATy45RKtl2vk9zM1wmI+sU29vodHoDDuf8t4bTtQIDAQABo4IC1DCCAtAw
CQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwME
MB0GA1UdDgQWBBSAhVDjVwheLV39/7XFsz9rQP0sVDAfBgNVHSMEGDAWgBRTcu2SnODaywFc
fH6WNU7y1LhRgjAZBgNVHREEEjAQgQ5wZXRlckBwZWFuLm9yZzCCAUwGA1UdIASCAUMwggE/
MIIBOwYLKwYBBAGBtTcBAgMwggEqMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3LnN0YXJ0c3Ns
LmNvbS9wb2xpY3kucGRmMIH3BggrBgEFBQcCAjCB6jAnFiBTdGFydENvbSBDZXJ0aWZpY2F0
aW9uIEF1dGhvcml0eTADAgEBGoG+VGhpcyBjZXJ0aWZpY2F0ZSB3YXMgaXNzdWVkIGFjY29y
ZGluZyB0byB0aGUgQ2xhc3MgMSBWYWxpZGF0aW9uIHJlcXVpcmVtZW50cyBvZiB0aGUgU3Rh
cnRDb20gQ0EgcG9saWN5LCByZWxpYW5jZSBvbmx5IGZvciB0aGUgaW50ZW5kZWQgcHVycG9z
ZSBpbiBjb21wbGlhbmNlIG9mIHRoZSByZWx5aW5nIHBhcnR5IG9ibGlnYXRpb25zLjA2BgNV
HR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9jcnR1MS1jcmwuY3JsMIGO
BggrBgEFBQcBAQSBgTB/MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcC5zdGFydHNzbC5jb20v
c3ViL2NsYXNzMS9jbGllbnQvY2EwQgYIKwYBBQUHMAKGNmh0dHA6Ly9haWEuc3RhcnRzc2wu
Y29tL2NlcnRzL3N1Yi5jbGFzczEuY2xpZW50LmNhLmNydDAjBgNVHRIEHDAahhhodHRwOi8v
d3d3LnN0YXJ0c3NsLmNvbS8wDQYJKoZIhvcNAQEFBQADggEBAFiVjpZEkQoHYAtb0E6MVJgz
o1K6d6eEjLsCNbaw833a0jws4Rh0KG/MjqjJzUwa2G6mVZb/JaodRK8VENnpxJ8WhjWqyQL8
/lKnGa88XYMtl+i4ICur08IfQLG7zNFnyG/kOAiMNkgF4H6lZx/ezup9fowUOt0hxERXMcqo
4p+RzPShx35EGRv+5gZNQ7XW4s2rzFzt9CHaDar8SyAGHK3oFapKpHsVSUYik0QCLwnGcaHE
HNUkCp1YMsjKwvmxVtQQs/2WfsqQlult8UYe0bTrnwDyLbgJDbvp9R5mZDrkUcXYlgP+mAmz
TOrT1JhHbyYQjbbxJAmqkAIDcwVyDRAwggY0MIIEHKADAgECAgEeMA0GCSqGSIb3DQEBBQUA
MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1
cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkwJwYDVQQDEyBTdGFydENvbSBDZXJ0
aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzEwMjQyMTAxNTVaFw0xNzEwMjQyMTAxNTVaMIGM
MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJl
IERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3Mg
MSBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDHCYPMzi3YGrEppC4Tq5a+ijKDjKaIQZZVR63UbxIP6uq/I0fhCu+cQhoU
fE6ERKKnu8zPf1Jwuk0tsvVCk6U9b+0UjM0dLep3ZdE1gblK/1FwYT5Pipsu2yOMluLqwvsu
z9/9f1+1PKHG/FaR/wpbfuIqu54qzHDYeqiUfsYzoVflR80DAC7hmJ+SmZnNTWyUGHJbBpA8
Q89lGxahNvuryGaC/o2/ceD2uYDX9U8Eg5DpIpGQdcbQeGarV04WgAUjjXX5r/2dabmtxWMZ
whZna//jdiSyrrSMTGKkDiXm6/3/4ebfeZuCYKzN2P8O2F/Xe2AC/Y7zeEsnR7FOp+uXAgMB
AAGjggGtMIIBqTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU
U3Ltkpzg2ssBXHx+ljVO8tS4UYIwHwYDVR0jBBgwFoAUTgvvGqRAW6UXaYcwyjRoQ9BBrvIw
ZgYIKwYBBQUHAQEEWjBYMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5zdGFydHNzbC5jb20v
Y2EwLQYIKwYBBQUHMAKGIWh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3Nmc2NhLmNydDBbBgNV
HR8EVDBSMCegJaAjhiFodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwJ6AloCOG
IWh0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL3Nmc2NhLmNybDCBgAYDVR0gBHkwdzB1BgsrBgEE
AYG1NwECATBmMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3ku
cGRmMDQGCCsGAQUFBwIBFihodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9pbnRlcm1lZGlhdGUu
cGRmMA0GCSqGSIb3DQEBBQUAA4ICAQAKgwh9eKssBly4Y4xerhy5I3dNoXHYfYa8PlVLL/qt
XnkFgdtY1o95CfegFJTwqBBmf8pyTUnFsukDFUI22zF5bVHzuJ+GxhnSqN2sD1qetbYwBYK2
iyYA5Pg7Er1A+hKMIzEzcduRkIMmCeUTyMyikfbUFvIBivtvkR8ZFAk22BZy+pJfAoedO61H
Tz4qSfQoCRcLN5A0t4DkuVhTMXIzuQ8CnykhExD6x4e6ebIbrjZLb7L+ocR0y4YjCl/Pd4MX
U91y0vTipgr/O75CDUHDRHCCKBVmz/Rzkc/b970MEeHt5LC3NiWTgBSvrLEuVzBKM586YoRD
9Dy3OHQgWI270g+5MYA8GfgI/EPT5G7xPbCDz+zjdH89PeR3U4So4lSXur6H6vp+m9TQXPF3
a0LwZrp8MQ+Z77U1uL7TelWO5lApsbAonrqASfTpaprFVkL4nyGH+NHST2ZJPWIBk81i6Vw0
ny0qZW2Niy/QvVNKbb43A43ny076khXO7cNbBIRdJ/6qQNq9Bqb5C0Q5nEsFcj75oxQRqlKf
6TcvGbjxkJh8BYtv9ePsXklAxtm8J7GCUBthHSQgepbkOexhJ0wP8imUkyiPHQ0GvEnd8312
9fZjoEhdGwXV27ioRKbj/cIq7JRXun0NbeY+UdMYu9jGfIpDLtUUGSgsg2zMGs5R4jGCA90w
ggPZAgEBMIGUMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkG
A1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3Rh
cnRDb20gQ2xhc3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAwiyiDAJBgUr
DgMCGgUAoIICHTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0x
NDAzMjQxNzI2MjFaMCMGCSqGSIb3DQEJBDEWBBTP6DSSPVAgUFoU/SUwtSS7WbIgtjBsBgkq
hkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYI
KoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIGl
BgkrBgEEAYI3EAQxgZcwgZQwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBM
dGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYD
VQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQID
CLKIMIGnBgsqhkiG9w0BCRACCzGBl6CBlDCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0
YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25p
bmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xp
ZW50IENBAgMIsogwDQYJKoZIhvcNAQEBBQAEggEAKWJE+veH6V0M28SArb9qItT44jrjB/n1
5uGIrtDkk/ErlXtXUk0rprFz0pR0z8lUtP6jUGxk07QRFt6gF0ASPJXnNFR2Tyqucy6WaL2c
oeqpdeg8IqxgjbCpxp1fjeec97Etp6E1wk4q5lSvGgfTHOtGq7Fh05nyt1pkPhN6Woi7o5ww
6ksMj0soW7dQBFS6132QlnZ31cpogVAauLIk30PCNOGFHLfcULzno4Ruwiu+gqwCVQ7Dt38k
gRMWs7IL0Ec5d7fZcNpwDDMzvACR4omUfAEbWhECZ310F8d1jWwWjChVV9XEpzlfVecVtN5q
elUvy+bCxTCVsBlz6BxT8gAAAAAAAA==
--------------ms000005010803020805020909--
From owner-freebsd-jail@FreeBSD.ORG Mon Mar 31 11:06:46 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 6F0AF9CB
for <freebsd-jail@FreeBSD.org>; Mon, 31 Mar 2014 11:06:46 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:1900:2254:206c::16:87])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 5B33DB9D
for <freebsd-jail@FreeBSD.org>; Mon, 31 Mar 2014 11:06:46 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s2VB6k5Z058725
for <freebsd-jail@FreeBSD.org>; Mon, 31 Mar 2014 11:06:46 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Received: (from gnats@localhost)
by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s2VB6jDV058723
for freebsd-jail@FreeBSD.org; Mon, 31 Mar 2014 11:06:45 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Date: Mon, 31 Mar 2014 11:06:45 GMT
Message-Id: <201403311106.s2VB6jDV058723@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: gnats set sender to
owner-bugmaster@FreeBSD.org using -f
From: FreeBSD bugmaster <bugmaster@freebsd.org>
To: freebsd-jail@FreeBSD.org
Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Mar 2014 11:06:46 -0000
Note: to view an individual PR, use:
http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).
The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.
S Tracker Resp. Description
--------------------------------------------------------------------------------
o kern/187079 jail [jail] devfs_load_rulesets has to be enabled for mount
o kern/184719 jail [jail] Starting jails: cannot start jail "domain_com":
o conf/181650 jail [jail] [patch] /etc/rc.d/jail fails if a kernel built
o kern/180916 jail [jail] [regression] jail startup is broken for 8.4 wit
o kern/180067 jail [jail] [patch] fix multicast support within jails
o bin/178302 jail jail(8): unknown parameter: ip6.addr when kernel compi
o kern/176112 jail [jail] [panic] kernel panic when starting jails
o kern/174902 jail [jail] jail should provide validator for jail names
o bin/173469 jail [jail] regression: security.jail.sysvipc_allowed=1 no
o kern/169751 jail [jail] reading routing information does not work in ja
o bin/167911 jail new jail(8) problem with removal, ifconfg -alias and k
o kern/159918 jail [jail] inter-jail communication failure
o kern/156111 jail [jail] procstat -b not supported in jail
o misc/155765 jail [patch] `buildworld' does not honors WITHOUT_JAIL
o conf/154246 jail [jail] [patch] Bad symlink created if devfs mount poin
s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail
o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail
o kern/133265 jail [jail] is there a solution how to run nfs client in ja
o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail
o bin/99566 jail [jail] [patch] fstat(1) according to specified jid
20 problems total.
From owner-freebsd-jail@FreeBSD.ORG Mon Apr 7 11:06:46 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 4C331A7B
for <freebsd-jail@FreeBSD.org>; Mon, 7 Apr 2014 11:06:46 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:1900:2254:206c::16:87])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 35C52BF6
for <freebsd-jail@FreeBSD.org>; Mon, 7 Apr 2014 11:06:46 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s37B6kCC071094
for <freebsd-jail@FreeBSD.org>; Mon, 7 Apr 2014 11:06:46 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Received: (from gnats@localhost)
by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s37B6jJf071092
for freebsd-jail@FreeBSD.org; Mon, 7 Apr 2014 11:06:45 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Date: Mon, 7 Apr 2014 11:06:45 GMT
Message-Id: <201404071106.s37B6jJf071092@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: gnats set sender to
owner-bugmaster@FreeBSD.org using -f
From: FreeBSD bugmaster <bugmaster@freebsd.org>
To: freebsd-jail@FreeBSD.org
Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Apr 2014 11:06:46 -0000
Note: to view an individual PR, use:
http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).
The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.
S Tracker Resp. Description
--------------------------------------------------------------------------------
o kern/187079 jail [jail] devfs_load_rulesets has to be enabled for mount
o kern/184719 jail [jail] Starting jails: cannot start jail "domain_com":
o conf/181650 jail [jail] [patch] /etc/rc.d/jail fails if a kernel built
o kern/180916 jail [jail] [regression] jail startup is broken for 8.4 wit
o kern/180067 jail [jail] [patch] fix multicast support within jails
o bin/178302 jail jail(8): unknown parameter: ip6.addr when kernel compi
o kern/176112 jail [jail] [panic] kernel panic when starting jails
o kern/174902 jail [jail] jail should provide validator for jail names
o bin/173469 jail [jail] regression: security.jail.sysvipc_allowed=1 no
o kern/169751 jail [jail] reading routing information does not work in ja
o bin/167911 jail new jail(8) problem with removal, ifconfg -alias and k
o kern/159918 jail [jail] inter-jail communication failure
o kern/156111 jail [jail] procstat -b not supported in jail
o misc/155765 jail [patch] `buildworld' does not honors WITHOUT_JAIL
o conf/154246 jail [jail] [patch] Bad symlink created if devfs mount poin
s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail
o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail
o kern/133265 jail [jail] is there a solution how to run nfs client in ja
o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail
o bin/99566 jail [jail] [patch] fstat(1) according to specified jid
20 problems total.
From owner-freebsd-jail@FreeBSD.ORG Mon Apr 14 11:06:47 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 54EC8FBA
for <freebsd-jail@FreeBSD.org>; Mon, 14 Apr 2014 11:06:47 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:1900:2254:206c::16:87])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 41F44165E
for <freebsd-jail@FreeBSD.org>; Mon, 14 Apr 2014 11:06:47 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s3EB6lvx025914
for <freebsd-jail@FreeBSD.org>; Mon, 14 Apr 2014 11:06:47 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Received: (from gnats@localhost)
by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s3EB6kbr025912
for freebsd-jail@FreeBSD.org; Mon, 14 Apr 2014 11:06:46 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Date: Mon, 14 Apr 2014 11:06:46 GMT
Message-Id: <201404141106.s3EB6kbr025912@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: gnats set sender to
owner-bugmaster@FreeBSD.org using -f
From: FreeBSD bugmaster <bugmaster@freebsd.org>
To: freebsd-jail@FreeBSD.org
Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Apr 2014 11:06:47 -0000
Note: to view an individual PR, use:
http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).
The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.
S Tracker Resp. Description
--------------------------------------------------------------------------------
o kern/187079 jail [jail] devfs_load_rulesets has to be enabled for mount
o kern/184719 jail [jail] Starting jails: cannot start jail "domain_com":
o conf/181650 jail [jail] [patch] /etc/rc.d/jail fails if a kernel built
o kern/180916 jail [jail] [regression] jail startup is broken for 8.4 wit
o kern/180067 jail [jail] [patch] fix multicast support within jails
o bin/178302 jail jail(8): unknown parameter: ip6.addr when kernel compi
o kern/176112 jail [jail] [panic] kernel panic when starting jails
o kern/174902 jail [jail] jail should provide validator for jail names
o bin/173469 jail [jail] regression: security.jail.sysvipc_allowed=1 no
o kern/169751 jail [jail] reading routing information does not work in ja
o bin/167911 jail new jail(8) problem with removal, ifconfg -alias and k
o kern/159918 jail [jail] inter-jail communication failure
o kern/156111 jail [jail] procstat -b not supported in jail
o misc/155765 jail [patch] `buildworld' does not honors WITHOUT_JAIL
o conf/154246 jail [jail] [patch] Bad symlink created if devfs mount poin
s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail
o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail
o kern/133265 jail [jail] is there a solution how to run nfs client in ja
o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail
o bin/99566 jail [jail] [patch] fstat(1) according to specified jid
20 problems total.
From owner-freebsd-jail@FreeBSD.ORG Sun Apr 20 00:25:12 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 6DF99AD;
Sun, 20 Apr 2014 00:25:12 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:1900:2254:206c::16:87])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 42A3011E8;
Sun, 20 Apr 2014 00:25:12 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s3K0PCj0060110;
Sun, 20 Apr 2014 00:25:12 GMT
(envelope-from linimon@freefall.freebsd.org)
Received: (from linimon@localhost)
by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s3K0PCmC060109;
Sun, 20 Apr 2014 00:25:12 GMT (envelope-from linimon)
Date: Sun, 20 Apr 2014 00:25:12 GMT
Message-Id: <201404200025.s3K0PCmC060109@freefall.freebsd.org>
To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-jail@FreeBSD.org
From: linimon@FreeBSD.org
Subject: Re: kern/188753: [jail] mount devfs ruleset ignored
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Apr 2014 00:25:12 -0000
Old Synopsis: mount devfs ruleset ignored
New Synopsis: [jail] mount devfs ruleset ignored
Responsible-Changed-From-To: freebsd-bugs->freebsd-jail
Responsible-Changed-By: linimon
Responsible-Changed-When: Sun Apr 20 00:24:47 UTC 2014
Responsible-Changed-Why:
Over to maintainer(s).
http://www.freebsd.org/cgi/query-pr.cgi?pr=188753
From owner-freebsd-jail@FreeBSD.ORG Sun Apr 20 00:38:19 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 17B6A2E4;
Sun, 20 Apr 2014 00:38:19 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:1900:2254:206c::16:87])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id DFD1F12BC;
Sun, 20 Apr 2014 00:38:18 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s3K0cI6Y063328;
Sun, 20 Apr 2014 00:38:18 GMT
(envelope-from linimon@freefall.freebsd.org)
Received: (from linimon@localhost)
by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s3K0cIUr063327;
Sun, 20 Apr 2014 00:38:18 GMT (envelope-from linimon)
Date: Sun, 20 Apr 2014 00:38:18 GMT
Message-Id: <201404200038.s3K0cIUr063327@freefall.freebsd.org>
To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-jail@FreeBSD.org
From: linimon@FreeBSD.org
Subject: Re: kern/188018: [jail] [vimage] Running pfctl -sr -v in Jail with
VIMAGE crashes host
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Apr 2014 00:38:19 -0000
Old Synopsis: Running pfctl -sr -v in Jail with VIMAGE crashes host
New Synopsis: [jail] [vimage] Running pfctl -sr -v in Jail with VIMAGE crashes host
Responsible-Changed-From-To: freebsd-bugs->freebsd-jail
Responsible-Changed-By: linimon
Responsible-Changed-When: Sun Apr 20 00:37:33 UTC 2014
Responsible-Changed-Why:
Over to maintainer(s).
http://www.freebsd.org/cgi/query-pr.cgi?pr=188018
From owner-freebsd-jail@FreeBSD.ORG Sun Apr 20 03:18:13 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id CA3A34F9;
Sun, 20 Apr 2014 03:18:13 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:1900:2254:206c::16:87])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 9E7AE10C2;
Sun, 20 Apr 2014 03:18:13 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s3K3IDmX020407;
Sun, 20 Apr 2014 03:18:13 GMT
(envelope-from linimon@freefall.freebsd.org)
Received: (from linimon@localhost)
by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s3K3IDtR020406;
Sun, 20 Apr 2014 03:18:13 GMT (envelope-from linimon)
Date: Sun, 20 Apr 2014 03:18:13 GMT
Message-Id: <201404200318.s3K3IDtR020406@freefall.freebsd.org>
To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-jail@FreeBSD.org
From: linimon@FreeBSD.org
Subject: Re: kern/186360: [jail] jail using nullfs and unionfs doesn't mount
devfs
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Apr 2014 03:18:13 -0000
Old Synopsis: jail using nullfs and unionfs doesn't mount devfs
New Synopsis: [jail] jail using nullfs and unionfs doesn't mount devfs
Responsible-Changed-From-To: freebsd-bugs->freebsd-jail
Responsible-Changed-By: linimon
Responsible-Changed-When: Sun Apr 20 03:17:50 UTC 2014
Responsible-Changed-Why:
Over to maintainer(s).
http://www.freebsd.org/cgi/query-pr.cgi?pr=186360
From owner-freebsd-jail@FreeBSD.ORG Sun Apr 20 11:50:02 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id AF96887D
for <freebsd-jail@smarthost.ysv.freebsd.org>;
Sun, 20 Apr 2014 11:50:02 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:1900:2254:206c::16:87])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 9D29116EE
for <freebsd-jail@smarthost.ysv.freebsd.org>;
Sun, 20 Apr 2014 11:50:02 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s3KBo21g011318
for <freebsd-jail@freefall.freebsd.org>; Sun, 20 Apr 2014 11:50:02 GMT
(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s3KBo2um011317;
Sun, 20 Apr 2014 11:50:02 GMT (envelope-from gnats)
Date: Sun, 20 Apr 2014 11:50:02 GMT
Message-Id: <201404201150.s3KBo2um011317@freefall.freebsd.org>
To: freebsd-jail@FreeBSD.org
Cc:
From: "Herbert J. Skuhra" <h.skuhra@gmail.com>
Subject: Re: kern/188753: [jail] mount devfs ruleset ignored
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: "Herbert J. Skuhra" <h.skuhra@gmail.com>
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Apr 2014 11:50:02 -0000
The following reply was made to PR kern/188753; it has been noted by GNATS.
From: "Herbert J. Skuhra" <h.skuhra@gmail.com>
To: bug-followup@FreeBSD.org, gizd@tortenboxer.de
Cc:
Subject: Re: kern/188753: [jail] mount devfs ruleset ignored
Date: Sun, 20 Apr 2014 13:42:49 +0200
Hi,
you can add the following line to your /etc/rc.conf
devfs_load_rulesets="YES"
and run '/etc/rc.d/devfs restart'.
Or check /etc/defaults/rc.conf:
devfs_rulesets="/etc/defaults/devfs.rules /etc/devfs.rules" # Files containing
# devfs(8) rules.
devfs_system_ruleset="" # The name (NOT number) of a ruleset to apply to /dev
devfs_set_rulesets="" # A list of /mount/dev=ruleset_name settings to
# apply (must be mounted already, i.e. fstab(5))
devfs_load_rulesets="NO" # Enable to always load the default rulesets
--
Herbert
From owner-freebsd-jail@FreeBSD.ORG Mon Apr 21 11:06:48 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id E392EFB2
for <freebsd-jail@FreeBSD.org>; Mon, 21 Apr 2014 11:06:48 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:1900:2254:206c::16:87])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id B6A8E195E
for <freebsd-jail@FreeBSD.org>; Mon, 21 Apr 2014 11:06:48 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s3LB6mvG085747
for <freebsd-jail@FreeBSD.org>; Mon, 21 Apr 2014 11:06:48 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Received: (from gnats@localhost)
by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s3LB6mk3085745
for freebsd-jail@FreeBSD.org; Mon, 21 Apr 2014 11:06:48 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Date: Mon, 21 Apr 2014 11:06:48 GMT
Message-Id: <201404211106.s3LB6mk3085745@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: gnats set sender to
owner-bugmaster@FreeBSD.org using -f
From: FreeBSD bugmaster <bugmaster@freebsd.org>
To: freebsd-jail@FreeBSD.org
Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Apr 2014 11:06:48 -0000
Note: to view an individual PR, use:
http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).
The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.
S Tracker Resp. Description
--------------------------------------------------------------------------------
o kern/188753 jail [jail] mount devfs ruleset ignored
o kern/188018 jail [jail] [vimage] Running pfctl -sr -v in Jail with VIMA
o kern/187079 jail [jail] devfs_load_rulesets has to be enabled for mount
o kern/186360 jail [jail] jail using nullfs and unionfs doesn't mount dev
o kern/184719 jail [jail] Starting jails: cannot start jail "domain_com":
o conf/181650 jail [jail] [patch] /etc/rc.d/jail fails if a kernel built
o kern/180916 jail [jail] [regression] jail startup is broken for 8.4 wit
o kern/180067 jail [jail] [patch] fix multicast support within jails
o bin/178302 jail jail(8): unknown parameter: ip6.addr when kernel compi
o kern/176112 jail [jail] [panic] kernel panic when starting jails
o kern/174902 jail [jail] jail should provide validator for jail names
o bin/173469 jail [jail] regression: security.jail.sysvipc_allowed=1 no
o kern/169751 jail [jail] reading routing information does not work in ja
o bin/167911 jail new jail(8) problem with removal, ifconfg -alias and k
o kern/159918 jail [jail] inter-jail communication failure
o kern/156111 jail [jail] procstat -b not supported in jail
o misc/155765 jail [patch] `buildworld' does not honors WITHOUT_JAIL
o conf/154246 jail [jail] [patch] Bad symlink created if devfs mount poin
s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail
o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail
o kern/133265 jail [jail] is there a solution how to run nfs client in ja
o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail
o bin/99566 jail [jail] [patch] fstat(1) according to specified jid
23 problems total.
From owner-freebsd-jail@FreeBSD.ORG Mon Apr 28 11:06:49 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 64481463
for <freebsd-jail@FreeBSD.org>; Mon, 28 Apr 2014 11:06:49 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:1900:2254:206c::16:87])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 37E921AA7
for <freebsd-jail@FreeBSD.org>; Mon, 28 Apr 2014 11:06:49 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s3SB6nRp086166
for <freebsd-jail@FreeBSD.org>; Mon, 28 Apr 2014 11:06:49 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Received: (from gnats@localhost)
by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s3SB6mR1086164
for freebsd-jail@FreeBSD.org; Mon, 28 Apr 2014 11:06:48 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Date: Mon, 28 Apr 2014 11:06:48 GMT
Message-Id: <201404281106.s3SB6mR1086164@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: gnats set sender to
owner-bugmaster@FreeBSD.org using -f
From: FreeBSD bugmaster <bugmaster@freebsd.org>
To: freebsd-jail@FreeBSD.org
Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Apr 2014 11:06:49 -0000
Note: to view an individual PR, use:
http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).
The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.
S Tracker Resp. Description
--------------------------------------------------------------------------------
o kern/188753 jail [jail] mount devfs ruleset ignored
o kern/188018 jail [jail] [vimage] Running pfctl -sr -v in Jail with VIMA
o kern/187079 jail [jail] devfs_load_rulesets has to be enabled for mount
o kern/186360 jail [jail] jail using nullfs and unionfs doesn't mount dev
o kern/184719 jail [jail] Starting jails: cannot start jail "domain_com":
o conf/181650 jail [jail] [patch] /etc/rc.d/jail fails if a kernel built
o kern/180916 jail [jail] [regression] jail startup is broken for 8.4 wit
o kern/180067 jail [jail] [patch] fix multicast support within jails
o bin/178302 jail jail(8): unknown parameter: ip6.addr when kernel compi
o kern/176112 jail [jail] [panic] kernel panic when starting jails
o kern/174902 jail [jail] jail should provide validator for jail names
o bin/173469 jail [jail] regression: security.jail.sysvipc_allowed=1 no
o kern/169751 jail [jail] reading routing information does not work in ja
o bin/167911 jail new jail(8) problem with removal, ifconfg -alias and k
o kern/159918 jail [jail] inter-jail communication failure
o kern/156111 jail [jail] procstat -b not supported in jail
o misc/155765 jail [patch] `buildworld' does not honors WITHOUT_JAIL
o conf/154246 jail [jail] [patch] Bad symlink created if devfs mount poin
s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail
o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail
o kern/133265 jail [jail] is there a solution how to run nfs client in ja
o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail
o bin/99566 jail [jail] [patch] fstat(1) according to specified jid
23 problems total.
From owner-freebsd-jail@FreeBSD.ORG Wed Apr 30 08:20:01 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id D6F6B819
for <freebsd-jail@smarthost.ysv.freebsd.org>;
Wed, 30 Apr 2014 08:20:01 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:1900:2254:206c::16:87])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id A55E81066
for <freebsd-jail@smarthost.ysv.freebsd.org>;
Wed, 30 Apr 2014 08:20:01 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s3U8K1Ff093852
for <freebsd-jail@freefall.freebsd.org>; Wed, 30 Apr 2014 08:20:01 GMT
(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s3U8K1Fh093851;
Wed, 30 Apr 2014 08:20:01 GMT (envelope-from gnats)
Date: Wed, 30 Apr 2014 08:20:01 GMT
Message-Id: <201404300820.s3U8K1Fh093851@freefall.freebsd.org>
To: freebsd-jail@FreeBSD.org
Cc:
From: Robert Schulze <rs@bytecamp.net>
Subject: Re: kern/187079: devfs_load_rulesets has to be enabled for mount.devfs
to behave like expected
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: Robert Schulze <rs@bytecamp.net>
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Apr 2014 08:20:01 -0000
The following reply was made to PR kern/187079; it has been noted by GNATS.
From: Robert Schulze <rs@bytecamp.net>
To: bug-followup@freebsd.org
Cc:
Subject: Re: kern/187079: devfs_load_rulesets has to be enabled for mount.devfs
to behave like expected
Date: Wed, 30 Apr 2014 10:12:18 +0200
This PR can be closed as of FreeBSD-SA-14:07.devfs
From owner-freebsd-jail@FreeBSD.ORG Thu May 1 09:39:43 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 60D3F312
for <freebsd-jail@freebsd.org>; Thu, 1 May 2014 09:39:43 +0000 (UTC)
Received: from mail-wi0-x22f.google.com (mail-wi0-x22f.google.com
[IPv6:2a00:1450:400c:c05::22f])
(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
(Client CN "smtp.gmail.com",
Issuer "Google Internet Authority G2" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id E61C214E5
for <freebsd-jail@freebsd.org>; Thu, 1 May 2014 09:39:42 +0000 (UTC)
Received: by mail-wi0-f175.google.com with SMTP id cc10so387704wib.2
for <freebsd-jail@freebsd.org>; Thu, 01 May 2014 02:39:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlemail.com; s=20120113;
h=from:to:date:mime-version:subject:message-id:priority:in-reply-to
:references:content-type:content-transfer-encoding
:content-description;
bh=Q/3PCZkJOENRUQeEfeJ6xhC9Xw4Kg9kq7UmZyp2KJRM=;
b=ZAc2ApeAytfi7bpsUHDdi1gUllALZjTudEmMACwe14dZooWWPUQy5e17BDHUzuBv6e
X8DHLFwQahDaf/TyrAYSzBZaQoJ96iTAXCK5LZXHvvipKf0khPkHmBubEI33OPXCdt/G
wvIclGUZLnNLOSRXLdA1nzYapfqXFeV3I8Q6QcqMuyAxB3LlQRiN06jk2gFjc183nhA7
0RGTifX1+HQRVOJ6gdvKg6E3/0phrOnQUoWIiYw4KFDyo961JzN9AQqQqaCaxIPPhR69
xYIZjpzH+jaolPm6WL5seeUSvAaP26frAQdynaMRzrN5Aks4hZlS6eyrK/xsiKLWZkb3
7Fqw==
X-Received: by 10.180.77.165 with SMTP id t5mr1495688wiw.38.1398937180957;
Thu, 01 May 2014 02:39:40 -0700 (PDT)
Received: from [192.168.16.70] ([217.41.35.220])
by mx.google.com with ESMTPSA id xm20sm2584930wib.19.2014.05.01.02.39.39
for <freebsd-jail@freebsd.org>
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Thu, 01 May 2014 02:39:40 -0700 (PDT)
X-Google-Original-From: "Dave B" <g8kbvdave@gmail.com>
From: Dave B <g8kbvdave@googlemail.com>
To: freebsd-jail@freebsd.org
Date: Thu, 01 May 2014 10:39:38 +0100
MIME-Version: 1.0
Subject: Re: Advice/guidance requested.
Message-ID: <5362165A.3144.1D910671@g8kbvdave.gmail.com>
Priority: normal
In-reply-to: <52D3C8E6.5030907@wasikowski.net>
References: <52D1A7D5.32720.65E995@g8kbvdave.gmail.com>,
<1389516744.523477025.przufqea@frv34.ukr.net>,
<52D3C8E6.5030907@wasikowski.net>
X-mailer: Pegasus Mail for Windows (4.62)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 01 May 2014 09:39:43 -0000
Try QJail.
http://qjail.sourceforge.net/
There is a good "howto" section listed here.
http://qjail.sourceforge.net/Qjail-howto.html
If I can manage it, anyone can..
(I'm running on F'BSD 9.2)
Yes, like ezJail, the base jail takes up a bit of space, but others built on that take
up a lot less, unless you load them up with stuff of course.
Updating is not that dificult either.
Regards.
Dave B.
> W dniu 2014-01-12 10:09, wishmaster pisze:
>
> >> I would also recommend ezjails. Using fat jails is often completely
> >> unnecessary.
> >
> > Do you think using ezjail you will obtain "thin" jails? You are
> > wrong. Setup 5...10 jails for applications: one jail for
> > web-applications on php, one for java and so on. And you will see
> > how your jails will be FAT! And now imagine update system and
> > software procedure. So, if you need a lot of "light" isolation
> > containers, ezjail is not your way. I use self written scripts
> > which creates one base system with all needed packages and a lot of
> > "containers" with vnet supports and with "security in mind".
> > Upgrading is very easy, just one jail.
>
> Sounds nice, maybe write some blog post or even a more detailed mail
> to this list with some how-to? I'm sure many people would find this
> very interesting.
>
> --
> best regards,
> Lukasz Wasikowski
> _______________________________________________
> freebsd-jail@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to
> "freebsd-jail-unsubscribe@freebsd.org"
From owner-freebsd-jail@FreeBSD.ORG Thu May 1 11:21:00 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id E5250D14
for <freebsd-jail@freebsd.org>; Thu, 1 May 2014 11:21:00 +0000 (UTC)
Received: from mail.wasikowski.net (unknown [IPv6:2001:6a0:1cb::b])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 9A6791D8E
for <freebsd-jail@freebsd.org>; Thu, 1 May 2014 11:21:00 +0000 (UTC)
Received: from mail.wasikowski.net (mail.wasikowski.net [IPv6:2001:6a0:1cb::b])
by mail.wasikowski.net (Postfix) with ESMTP id C628C9D8;
Thu, 1 May 2014 13:20:55 +0200 (CEST)
X-Virus-Scanned: amavisd-new at wasikowski.net
Received: from mail.wasikowski.net ([91.204.91.44])
by mail.wasikowski.net (scan.wasikowski.net [91.204.91.44]) (amavisd-new,
port 10026)
with ESMTP id hur1yK1KQjWM; Thu, 1 May 2014 13:20:55 +0200 (CEST)
Received: from [192.168.168.1] (89-71-136-148.dynamic.chello.pl
[89.71.136.148])
(using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits))
(No client certificate requested)
by mail.wasikowski.net (Postfix) with ESMTPSA id 212F49D5;
Thu, 1 May 2014 13:20:55 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=wasikowski.net;
s=default; t=1398943255;
bh=KLvxzfseInt2t4y9AOtfkZkK3UkkbsqLmVEB/SjY9lI=;
h=Date:From:To:References:In-Reply-To;
b=Y7Ll/QshTh0DM4/ve6762VTYmFPxjtWlVXGTEfQDd7BCWz/iinn60u9SRRVlu5s4o
6KL+58rbyxGm7dWT/7zHZKf5zC8W1fynYI1aVMqS5taj1ZQFcWkKQ6jQZqRMsxuWCq
YNB4SW6SHZ/SjR5qZUIIY0n/k1c9eafMiw3wTeklXJrcpVZL0Wn+BnZ3tp3KAfRBcQ
3PFIsQ71EfP+DmNRKcDvIwrO6HqAGlSkMu0gsmsD46agrgHeZRZ2K+mOaYvX8zr5pY
HHuOWxkCVfYcNDh4Wqjh53+CtjdXHWWJ8EaqfmxDPvwYuN/BiaisYm7xL16jeAQtc7
n+N84Pv2aYa4A==
Message-ID: <53622E18.4070804@wasikowski.net>
Date: Thu, 01 May 2014 13:20:56 +0200
From: =?UTF-8?B?xYF1a2FzeiBXxIVzaWtvd3NraQ==?= <lukasz@wasikowski.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: Dave B <g8kbvdave@googlemail.com>, freebsd-jail@freebsd.org
Subject: Re: Advice/guidance requested.
References: <52D1A7D5.32720.65E995@g8kbvdave.gmail.com>,
<1389516744.523477025.przufqea@frv34.ukr.net>,
<52D3C8E6.5030907@wasikowski.net> <5362165A.3144.1D910671@g8kbvdave.gmail.com>
In-Reply-To: <5362165A.3144.1D910671@g8kbvdave.gmail.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 01 May 2014 11:21:01 -0000
W dniu 2014-05-01 11:39, Dave B pisze:
> Try QJail.
> http://qjail.sourceforge.net/
>
> There is a good "howto" section listed here.
> http://qjail.sourceforge.net/Qjail-howto.html
>
> If I can manage it, anyone can..
> (I'm running on F'BSD 9.2)
>
> Yes, like ezJail, the base jail takes up a bit of space, but others built on that take
> up a lot less, unless you load them up with stuff of course.
>
> Updating is not that dificult either.
I don't want to use qjail, especially after reading all this thread:
http://lists.freebsd.org/pipermail/freebsd-jail//2013-March/002147.html
BTW: Please, don't top post.
--
best regards,
Lukasz Wasikowski
From owner-freebsd-jail@FreeBSD.ORG Sun May 4 02:54:06 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 5716A8FF;
Sun, 4 May 2014 02:54:06 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:1900:2254:206c::16:87])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 2A4961268;
Sun, 4 May 2014 02:54:06 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s442s6gm037952;
Sun, 4 May 2014 02:54:06 GMT
(envelope-from linimon@freefall.freebsd.org)
Received: (from linimon@localhost)
by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s442s59G037951;
Sun, 4 May 2014 02:54:05 GMT (envelope-from linimon)
Date: Sun, 4 May 2014 02:54:05 GMT
Message-Id: <201405040254.s442s59G037951@freefall.freebsd.org>
To: rs@bytecamp.net, linimon@FreeBSD.org, freebsd-jail@FreeBSD.org
From: linimon@FreeBSD.org
Subject: Re: kern/187079: [jail] devfs_load_rulesets has to be enabled for
mount.devfs to behave like expected
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 04 May 2014 02:54:06 -0000
Synopsis: [jail] devfs_load_rulesets has to be enabled for mount.devfs to behave like expected
State-Changed-From-To: open->closed
State-Changed-By: linimon
State-Changed-When: Sun May 4 02:53:09 UTC 2014
State-Changed-Why:
>From submitter:
This PR can be closed as of FreeBSD-SA-14:07.devfs .
http://www.freebsd.org/cgi/query-pr.cgi?pr=187079
From owner-freebsd-jail@FreeBSD.ORG Sun May 4 02:54:45 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 6A7E5926;
Sun, 4 May 2014 02:54:45 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:1900:2254:206c::16:87])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 3F48A1271;
Sun, 4 May 2014 02:54:45 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s442sjOq038061;
Sun, 4 May 2014 02:54:45 GMT
(envelope-from linimon@freefall.freebsd.org)
Received: (from linimon@localhost)
by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s442sjtI038060;
Sun, 4 May 2014 02:54:45 GMT (envelope-from linimon)
Date: Sun, 4 May 2014 02:54:45 GMT
Message-Id: <201405040254.s442sjtI038060@freefall.freebsd.org>
To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-jail@FreeBSD.org
From: linimon@FreeBSD.org
Subject: Re: bin/189139: [patch] fix bug in jail(8) variable substitution
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 04 May 2014 02:54:45 -0000
Synopsis: [patch] fix bug in jail(8) variable substitution
Responsible-Changed-From-To: freebsd-bugs->freebsd-jail
Responsible-Changed-By: linimon
Responsible-Changed-When: Sun May 4 02:54:32 UTC 2014
Responsible-Changed-Why:
Over to maintainer(s).
http://www.freebsd.org/cgi/query-pr.cgi?pr=189139
From owner-freebsd-jail@FreeBSD.ORG Sun May 4 05:30:06 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 2C108117;
Sun, 4 May 2014 05:30:06 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:1900:2254:206c::16:87])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 018B61FF5;
Sun, 4 May 2014 05:30:06 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s445U5m9098199;
Sun, 4 May 2014 05:30:05 GMT
(envelope-from linimon@freefall.freebsd.org)
Received: (from linimon@localhost)
by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s445U5FT098198;
Sun, 4 May 2014 05:30:05 GMT (envelope-from linimon)
Date: Sun, 4 May 2014 05:30:05 GMT
Message-Id: <201405040530.s445U5FT098198@freefall.freebsd.org>
To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-jail@FreeBSD.org
From: linimon@FreeBSD.org
Subject: Re: bin/181794: jexec(8) runs commands in Jails without taking into
account of the Jail's FIB
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 04 May 2014 05:30:06 -0000
Old Synopsis: jexec runs commands in Jails without taking into account of the Jail's FIB
New Synopsis: jexec(8) runs commands in Jails without taking into account of the Jail's FIB
Responsible-Changed-From-To: freebsd-bugs->freebsd-jail
Responsible-Changed-By: linimon
Responsible-Changed-When: Sun May 4 05:29:38 UTC 2014
Responsible-Changed-Why:
Over to maintainer(s).
http://www.freebsd.org/cgi/query-pr.cgi?pr=181794
From owner-freebsd-jail@FreeBSD.ORG Mon May 5 03:11:35 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 62A944EA;
Mon, 5 May 2014 03:11:35 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:1900:2254:206c::16:87])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 38400155B;
Mon, 5 May 2014 03:11:35 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s453BYY2096841;
Mon, 5 May 2014 03:11:34 GMT
(envelope-from linimon@freefall.freebsd.org)
Received: (from linimon@localhost)
by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s453BY0Q096840;
Mon, 5 May 2014 03:11:34 GMT (envelope-from linimon)
Date: Mon, 5 May 2014 03:11:34 GMT
Message-Id: <201405050311.s453BY0Q096840@freefall.freebsd.org>
To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-jail@FreeBSD.org
From: linimon@FreeBSD.org
Subject: Re: kern/188495: [jail] /etc/rc.d/jail,
ezjail and Linux jails don't work with FreeBSD 10.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 05 May 2014 03:11:35 -0000
Old Synopsis: /etc/rc.d/jail, ezjail and Linux jails don't work with FreeBSD 10.0
New Synopsis: [jail] /etc/rc.d/jail, ezjail and Linux jails don't work with FreeBSD 10.0
Responsible-Changed-From-To: freebsd-bugs->freebsd-jail
Responsible-Changed-By: linimon
Responsible-Changed-When: Mon May 5 03:09:42 UTC 2014
Responsible-Changed-Why:
Over to maintainer(s).
http://www.freebsd.org/cgi/query-pr.cgi?pr=188495
From owner-freebsd-jail@FreeBSD.ORG Mon May 5 11:06:46 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 2AF53DF9
for <freebsd-jail@FreeBSD.org>; Mon, 5 May 2014 11:06:46 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:1900:2254:206c::16:87])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id F3D741CED
for <freebsd-jail@FreeBSD.org>; Mon, 5 May 2014 11:06:45 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s45B6jYU083150
for <freebsd-jail@FreeBSD.org>; Mon, 5 May 2014 11:06:45 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Received: (from gnats@localhost)
by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s45B6jQU083148
for freebsd-jail@FreeBSD.org; Mon, 5 May 2014 11:06:45 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Date: Mon, 5 May 2014 11:06:45 GMT
Message-Id: <201405051106.s45B6jQU083148@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: gnats set sender to
owner-bugmaster@FreeBSD.org using -f
From: FreeBSD bugmaster <bugmaster@freebsd.org>
To: freebsd-jail@FreeBSD.org
Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 05 May 2014 11:06:46 -0000
Note: to view an individual PR, use:
http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).
The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.
S Tracker Resp. Description
--------------------------------------------------------------------------------
o bin/189139 jail [patch] fix bug in jail(8) variable substitution
o kern/188753 jail [jail] mount devfs ruleset ignored
o kern/188495 jail [jail] /etc/rc.d/jail, ezjail and Linux jails don't wo
o kern/188018 jail [jail] [vimage] Running pfctl -sr -v in Jail with VIMA
o kern/186360 jail [jail] jail using nullfs and unionfs doesn't mount dev
o kern/184719 jail [jail] Starting jails: cannot start jail "domain_com":
o bin/181794 jail jexec(8) runs commands in Jails without taking into ac
o conf/181650 jail [jail] [patch] /etc/rc.d/jail fails if a kernel built
o kern/180916 jail [jail] [regression] jail startup is broken for 8.4 wit
o kern/180067 jail [jail] [patch] fix multicast support within jails
o bin/178302 jail jail(8): unknown parameter: ip6.addr when kernel compi
o kern/176112 jail [jail] [panic] kernel panic when starting jails
o kern/174902 jail [jail] jail should provide validator for jail names
o bin/173469 jail [jail] regression: security.jail.sysvipc_allowed=1 no
o kern/169751 jail [jail] reading routing information does not work in ja
o bin/167911 jail new jail(8) problem with removal, ifconfg -alias and k
o kern/159918 jail [jail] inter-jail communication failure
o kern/156111 jail [jail] procstat -b not supported in jail
o misc/155765 jail [patch] `buildworld' does not honors WITHOUT_JAIL
o conf/154246 jail [jail] [patch] Bad symlink created if devfs mount poin
s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail
o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail
o kern/133265 jail [jail] is there a solution how to run nfs client in ja
o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail
o bin/99566 jail [jail] [patch] fstat(1) according to specified jid
25 problems total.
From owner-freebsd-jail@FreeBSD.ORG Mon May 5 11:58:58 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id D73F8DF4
for <freebsd-jail@freebsd.org>; Mon, 5 May 2014 11:58:58 +0000 (UTC)
Received: from alogt.com (alogt.com [69.36.191.58])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id B1F6714FC
for <freebsd-jail@freebsd.org>; Mon, 5 May 2014 11:58:58 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=alogt.com;
s=default;
h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Subject:To:From:Date;
bh=dOsybuKTFFvVY1/FrEz9jkJFUGtKKvAf/JNhCdU+WJg=;
b=Pm/epVanbcPLg86ptBjdCjLnGNY1LPLPAHLg72NabakiVFu/4Ba85eytrCtpDqPITzaR9ZW50DUj4OXWNd8FAcI1OFSbbjiSNYYA15ky1QBoST+EUmXzhzV388EcKw98mh98T9PEA++tK1eq44QioBmL7wlQ42wFTbtvZKuA8vU=;
Received: from [182.10.137.14] (port=37208 helo=X220.alogt.com)
by sl-508-2.slc.westdc.net with esmtpsa (SSLv3:DHE-RSA-AES128-SHA:128)
(Exim 4.82) (envelope-from <erichsfreebsdlist@alogt.com>)
id 1WhHXt-002RQZ-86
for freebsd-jail@freebsd.org; Mon, 05 May 2014 05:58:57 -0600
Date: Mon, 5 May 2014 19:58:52 +0800
From: Erich Dollansky <erichsfreebsdlist@alogt.com>
To: freebsd-jail@freebsd.org
Subject: Can Firefox break out of a jail
Message-ID: <20140505195852.140ddb1b@X220.alogt.com>
X-Mailer: Claws Mail 3.9.3 (GTK+ 2.24.22; amd64-portbld-freebsd10.0)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse,
please include it with any abuse report
X-AntiAbuse: Primary Hostname - sl-508-2.slc.westdc.net
X-AntiAbuse: Original Domain - freebsd.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - alogt.com
X-Get-Message-Sender-Via: sl-508-2.slc.westdc.net: authenticated_id:
erichsfreebsdlist@alogt.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 05 May 2014 11:58:58 -0000
Hi,
I do some experimenting with jails at the moment on a FreeBSD 10.0
machine. The jails are all setup manually according to the handbook and
man jail. Each jail gets a name and an IP address. Individual ports are
then installed via the ports tree.
X is running on the host system. Telnet is used to connect to the jails.
When I install now firefox in a jail and also in the host system, I get
the following behaviour.
Scene A
Firefox runs already on the host system. I start then firefox inside
the jail firefox. It all seems fine as long as I do not use the history
or want to save the visited page. The jailed firefox sees then the
history of the firefox running on the host.
Scene B
Firefox is first started inside the jail firefox. When then the host
system also starts a firefox, this firefox sees now the history and the
filesystem of the jailed firefox.
Is it X that allows the jailed firefox to communicate directly with
firefox running directly on the host?
Is there then a way to secure the system?
I have tried then programs like gedit or kate and saw only the
behaviour I expected. Both programs either saw only resources from
inside the jail or from outside but never resources from the other side
of the fence.
Erich
From owner-freebsd-jail@FreeBSD.ORG Mon May 5 12:22:52 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id E5FFB7E5
for <freebsd-jail@freebsd.org>; Mon, 5 May 2014 12:22:52 +0000 (UTC)
Received: from relay.mailchannels.net (si-002-i152.relay.mailchannels.net
[108.178.49.164])
by mx1.freebsd.org (Postfix) with ESMTP id 453CD178D
for <freebsd-jail@freebsd.org>; Mon, 5 May 2014 12:22:51 +0000 (UTC)
X-Sender-Id: _forwarded-from|107.201.34.133
Received: from mail-24.name-services.com
(ip-10-237-3-9.us-west-2.compute.internal [10.237.3.9])
by relay.mailchannels.net (Postfix) with ESMTPA id 35EA16055D;
Mon, 5 May 2014 12:22:44 +0000 (UTC)
X-Sender-Id: _forwarded-from|107.201.34.133
Received: from mail-24.name-services.com (mail-24.name-services.com
[10.235.16.137]) (using TLSv1 with cipher AES128-SHA)
by 0.0.0.0:2500 (trex/5.1.2); Mon, 05 May 2014 12:22:44 GMT
X-MC-Relay: Forwarding
X-MailChannels-SenderId: _forwarded-from%7C107.201.34.133
X-MailChannels-Auth-Id: demandmedia
Received: from [10.0.10.1] (107-201-34-133.lightspeed.bcvloh.sbcglobal.net
[107.201.34.133]) by mail-24.name-services.com with SMTP;
Mon, 5 May 2014 05:22:36 -0700
Message-ID: <5367828D.8080506@a1poweruser.com>
Date: Mon, 05 May 2014 08:22:37 -0400
From: Fbsd8 <fbsd8@a1poweruser.com>
User-Agent: Thunderbird 2.0.0.17 (Windows/20080914)
MIME-Version: 1.0
To: Erich Dollansky <erichsfreebsdlist@alogt.com>
Subject: Re: Can Firefox break out of a jail
References: <20140505195852.140ddb1b@X220.alogt.com>
In-Reply-To: <20140505195852.140ddb1b@X220.alogt.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 05 May 2014 12:22:53 -0000
Erich Dollansky wrote:
> Hi,
>
> I do some experimenting with jails at the moment on a FreeBSD 10.0
> machine. The jails are all setup manually according to the handbook and
> man jail. Each jail gets a name and an IP address. Individual ports are
> then installed via the ports tree.
>
> X is running on the host system. Telnet is used to connect to the jails.
>
> When I install now firefox in a jail and also in the host system, I get
> the following behaviour.
>
> Scene A
>
> Firefox runs already on the host system. I start then firefox inside
> the jail firefox. It all seems fine as long as I do not use the history
> or want to save the visited page. The jailed firefox sees then the
> history of the firefox running on the host.
>
> Scene B
>
> Firefox is first started inside the jail firefox. When then the host
> system also starts a firefox, this firefox sees now the history and the
> filesystem of the jailed firefox.
>
> Is it X that allows the jailed firefox to communicate directly with
> firefox running directly on the host?
>
> Is there then a way to secure the system?
>
> I have tried then programs like gedit or kate and saw only the
> behaviour I expected. Both programs either saw only resources from
> inside the jail or from outside but never resources from the other side
> of the fence.
>
firefox has to be installed where you have xorg and your desktop
installed. Installing firefox in a jail be it self does nothing.
What you think you are seeing is wrong. ssh into jail having firefox is
not running firefox. ssh into the host where xorg and desktop and
firefox is the only to have firefox work to the best of my knowledge.
From owner-freebsd-jail@FreeBSD.ORG Mon May 5 12:27:24 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id BF54B952
for <freebsd-jail@freebsd.org>; Mon, 5 May 2014 12:27:24 +0000 (UTC)
Received: from mail-ob0-x233.google.com (mail-ob0-x233.google.com
[IPv6:2607:f8b0:4003:c01::233])
(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
(Client CN "smtp.gmail.com",
Issuer "Google Internet Authority G2" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 8960817C5
for <freebsd-jail@freebsd.org>; Mon, 5 May 2014 12:27:24 +0000 (UTC)
Received: by mail-ob0-f179.google.com with SMTP id gq1so651289obb.38
for <freebsd-jail@freebsd.org>; Mon, 05 May 2014 05:27:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:cc:content-type;
bh=krTm321d2NjoMhBsy2F+EwAol6A2r/WPyJBU8L1RSUs=;
b=b0Bw8m0+hWTwszCazxc2Nl+ZuMbLc5c9bA3CM6ECC5NsWMBbpwC6zZmQcvJs/Nrgsf
fXCxnkwXUONi6miztPeg5xKC5tlxeDzAtzXgbO40gzO4ogGlBx6x4f1/Y6L5+Tx0Jat3
WluOKTJhuDCUi4h9vHO33c1m4YTqiThmp60heFOj1UX/SDzOGk1BRNRN3HE31bSda2Xf
x4mEDmxKvbHM4+q5FtR8eJttvLhwLqggT0stHsMBKEPcS0uckpMyAIODUWXxPBEoyVwh
0n5pgkIKNNh3kWOrTXVp41cbmcc392kHYbCpEMoxkc5hVKyPHcR8nI26D9hcDRLeWsfU
IEBQ==
MIME-Version: 1.0
X-Received: by 10.60.132.236 with SMTP id ox12mr1366514oeb.81.1399292843735;
Mon, 05 May 2014 05:27:23 -0700 (PDT)
Received: by 10.76.173.229 with HTTP; Mon, 5 May 2014 05:27:23 -0700 (PDT)
In-Reply-To: <20140505195852.140ddb1b@X220.alogt.com>
References: <20140505195852.140ddb1b@X220.alogt.com>
Date: Mon, 5 May 2014 14:27:23 +0200
Message-ID: <CAPS9+SsdoagXmR_HpeVwrmcnkm-Fj_Z69GVH8fP2KQUe=MM+Gw@mail.gmail.com>
Subject: Re: Can Firefox break out of a jail
From: Andreas Nilsson <andrnils@gmail.com>
To: Erich Dollansky <erichsfreebsdlist@alogt.com>
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.18
Cc: Mailinglists FreeBSD <freebsd-jail@freebsd.org>
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 05 May 2014 12:27:24 -0000
On Mon, May 5, 2014 at 1:58 PM, Erich Dollansky <erichsfreebsdlist@alogt.com
> wrote:
> Hi,
>
> I do some experimenting with jails at the moment on a FreeBSD 10.0
> machine. The jails are all setup manually according to the handbook and
> man jail. Each jail gets a name and an IP address. Individual ports are
> then installed via the ports tree.
>
> X is running on the host system. Telnet is used to connect to the jails.
>
> When I install now firefox in a jail and also in the host system, I get
> the following behaviour.
>
> Scene A
>
> Firefox runs already on the host system. I start then firefox inside
> the jail firefox. It all seems fine as long as I do not use the history
> or want to save the visited page. The jailed firefox sees then the
> history of the firefox running on the host.
>
> Scene B
>
> Firefox is first started inside the jail firefox. When then the host
> system also starts a firefox, this firefox sees now the history and the
> filesystem of the jailed firefox.
>
> Is it X that allows the jailed firefox to communicate directly with
> firefox running directly on the host?
>
> Is there then a way to secure the system?
>
> I have tried then programs like gedit or kate and saw only the
> behaviour I expected. Both programs either saw only resources from
> inside the jail or from outside but never resources from the other side
> of the fence.
>
> Erich
>
Firefox is a strange beast in regarads to running it on a remote host.
It needs to be started as firefox --no-remote to not find "local running"
instance and connect to it. How that happens I don't know...
Best regards
Andreas
From owner-freebsd-jail@FreeBSD.ORG Mon May 5 12:35:31 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 53F90A4E
for <freebsd-jail@freebsd.org>; Mon, 5 May 2014 12:35:31 +0000 (UTC)
Received: from alogt.com (alogt.com [69.36.191.58])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 2E87518A2
for <freebsd-jail@freebsd.org>; Mon, 5 May 2014 12:35:30 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=alogt.com;
s=default;
h=Content-Transfer-Encoding:Content-Type:MIME-Version:References:In-Reply-To:Message-ID:Subject:Cc:To:From:Date;
bh=HGdyKkLaSFNI9G0YDzpICgUHgiX7zWU+Bpj/h+hcGDQ=;
b=tPRN7QFSz2FtMmtrXPKJbDFQoekxts2lnTNWr8qpAH2Z2l+FuckRb63KX6aKe0LhPBylEMQ2nR5GTk/Xibdvvzk9jrRZMJdy3LYRhH71kjsgioHOW0i7v5JW9AiBszm63QLfraK9FGKTVn+jo/wzIRBg5HF0IvivY5HU2sEKQrY=;
Received: from [182.10.137.14] (port=49138 helo=X220.alogt.com)
by sl-508-2.slc.westdc.net with esmtpsa (SSLv3:DHE-RSA-AES128-SHA:128)
(Exim 4.82) (envelope-from <erichsfreebsdlist@alogt.com>)
id 1WhI7F-002jw8-Fa; Mon, 05 May 2014 06:35:30 -0600
Date: Mon, 5 May 2014 20:35:25 +0800
From: Erich Dollansky <erichsfreebsdlist@alogt.com>
To: Fbsd8 <fbsd8@a1poweruser.com>
Subject: Re: Can Firefox break out of a jail
Message-ID: <20140505203525.6f2ddfb3@X220.alogt.com>
In-Reply-To: <5367828D.8080506@a1poweruser.com>
References: <20140505195852.140ddb1b@X220.alogt.com>
<5367828D.8080506@a1poweruser.com>
X-Mailer: Claws Mail 3.9.3 (GTK+ 2.24.22; amd64-portbld-freebsd10.0)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse,
please include it with any abuse report
X-AntiAbuse: Primary Hostname - sl-508-2.slc.westdc.net
X-AntiAbuse: Original Domain - freebsd.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - alogt.com
X-Get-Message-Sender-Via: sl-508-2.slc.westdc.net: authenticated_id:
erichsfreebsdlist@alogt.com
X-Source:
X-Source-Args:
X-Source-Dir:
Cc: freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 05 May 2014 12:35:31 -0000
Hi,
On Mon, 05 May 2014 08:22:37 -0400
Fbsd8 <fbsd8@a1poweruser.com> wrote:
> Erich Dollansky wrote:
> > Hi,
> >
> > I do some experimenting with jails at the moment on a FreeBSD 10.0
> > machine. The jails are all setup manually according to the handbook
> > and man jail. Each jail gets a name and an IP address. Individual
> > ports are then installed via the ports tree.
> >
> > X is running on the host system. Telnet is used to connect to the
> > jails.
> >
> > When I install now firefox in a jail and also in the host system, I
> > get the following behaviour.
> >
> > Scene A
> >
> > Firefox runs already on the host system. I start then firefox inside
> > the jail firefox. It all seems fine as long as I do not use the
> > history or want to save the visited page. The jailed firefox sees
> > then the history of the firefox running on the host.
> >
> > Scene B
> >
> > Firefox is first started inside the jail firefox. When then the host
> > system also starts a firefox, this firefox sees now the history and
> > the filesystem of the jailed firefox.
> >
> > Is it X that allows the jailed firefox to communicate directly with
> > firefox running directly on the host?
> >
> > Is there then a way to secure the system?
> >
> > I have tried then programs like gedit or kate and saw only the
> > behaviour I expected. Both programs either saw only resources from
> > inside the jail or from outside but never resources from the other
> > side of the fence.
> >
>
> firefox has to be installed where you have xorg and your desktop
> installed. Installing firefox in a jail be it self does nothing.
> What you think you are seeing is wrong. ssh into jail having firefox
> is not running firefox. ssh into the host where xorg and desktop and
> firefox is the only to have firefox work to the best of my knowledge.
>
as you can see, I have realised my mistake with the mailing list.
Ok, why is this so? How can firefox started inside a jail see the
firefox from outside.
As I am travelling most of my time, I only have my notebook. If I
remember right, I used to have in the office a small FreeBSD server
which was running as an application server. When I started firefox
there via telnet on the other machine, it worked as expected. The
remote firefox saw only the 'remote' machine and the local firefox
saw only the local machine. Shouldn't it be the same with a jailed
firefox?
Erich
From owner-freebsd-jail@FreeBSD.ORG Mon May 5 12:52:55 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 36266D92
for <freebsd-jail@freebsd.org>; Mon, 5 May 2014 12:52:55 +0000 (UTC)
Received: from alogt.com (alogt.com [69.36.191.58])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 1006B1A2C
for <freebsd-jail@freebsd.org>; Mon, 5 May 2014 12:52:54 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=alogt.com;
s=default;
h=Content-Transfer-Encoding:Content-Type:MIME-Version:References:In-Reply-To:Message-ID:Subject:Cc:To:From:Date;
bh=7UeDQXDn254yEU2cQ0bcEqv+4CY/+cdCoB8IlKpbQsM=;
b=U8/kYuhZbX6pr/pWbsyTdWjN3upkrtbMJgqoS+oDK92Oz5f6EXT0BlwaYjsdsSjcUIm1Q8QLmoBGqVPYJz7ZQG9B6pq31OJCoeutaAox7dNvaoDrIydlxUwXzsTNSbXLfcvxd/6lTwLYRik1Afg9Y962dXFbNMMlGSbVCxGryDw=;
Received: from [182.10.137.14] (port=48529 helo=X220.alogt.com)
by sl-508-2.slc.westdc.net with esmtpsa (SSLv3:DHE-RSA-AES128-SHA:128)
(Exim 4.82) (envelope-from <erichsfreebsdlist@alogt.com>)
id 1WhIO5-002sX1-SW; Mon, 05 May 2014 06:52:54 -0600
Date: Mon, 5 May 2014 20:52:45 +0800
From: Erich Dollansky <erichsfreebsdlist@alogt.com>
To: Andreas Nilsson <andrnils@gmail.com>
Subject: Re: Can Firefox break out of a jail
Message-ID: <20140505205245.09452e54@X220.alogt.com>
In-Reply-To: <CAPS9+SsdoagXmR_HpeVwrmcnkm-Fj_Z69GVH8fP2KQUe=MM+Gw@mail.gmail.com>
References: <20140505195852.140ddb1b@X220.alogt.com>
<CAPS9+SsdoagXmR_HpeVwrmcnkm-Fj_Z69GVH8fP2KQUe=MM+Gw@mail.gmail.com>
X-Mailer: Claws Mail 3.9.3 (GTK+ 2.24.22; amd64-portbld-freebsd10.0)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse,
please include it with any abuse report
X-AntiAbuse: Primary Hostname - sl-508-2.slc.westdc.net
X-AntiAbuse: Original Domain - freebsd.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - alogt.com
X-Get-Message-Sender-Via: sl-508-2.slc.westdc.net: authenticated_id:
erichsfreebsdlist@alogt.com
X-Source:
X-Source-Args:
X-Source-Dir:
Cc: Mailinglists FreeBSD <freebsd-jail@freebsd.org>
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 05 May 2014 12:52:55 -0000
Hi,
On Mon, 5 May 2014 14:27:23 +0200
Andreas Nilsson <andrnils@gmail.com> wrote:
> On Mon, May 5, 2014 at 1:58 PM, Erich Dollansky
> <erichsfreebsdlist@alogt.com
> > wrote:
>
>
> Firefox is a strange beast in regarads to running it on a remote host.
>
> It needs to be started as firefox --no-remote to not find "local
> running" instance and connect to it. How that happens I don't know...
>
thanks, that is the solution. It seems that I used this before but
forgot about it.
Erich
From owner-freebsd-jail@FreeBSD.ORG Mon May 12 11:06:46 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 493E0B0B
for <freebsd-jail@FreeBSD.org>; Mon, 12 May 2014 11:06:46 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:1900:2254:206c::16:87])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 1DBF826C8
for <freebsd-jail@FreeBSD.org>; Mon, 12 May 2014 11:06:46 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s4CB6jkg067850
for <freebsd-jail@FreeBSD.org>; Mon, 12 May 2014 11:06:45 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Received: (from gnats@localhost)
by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s4CB6jIZ067848
for freebsd-jail@FreeBSD.org; Mon, 12 May 2014 11:06:45 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Date: Mon, 12 May 2014 11:06:45 GMT
Message-Id: <201405121106.s4CB6jIZ067848@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: gnats set sender to
owner-bugmaster@FreeBSD.org using -f
From: FreeBSD bugmaster <bugmaster@freebsd.org>
To: freebsd-jail@FreeBSD.org
Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 12 May 2014 11:06:46 -0000
Note: to view an individual PR, use:
http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).
The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.
S Tracker Resp. Description
--------------------------------------------------------------------------------
o bin/189139 jail [patch] fix bug in jail(8) variable substitution
o kern/188753 jail [jail] mount devfs ruleset ignored
o kern/188495 jail [jail] /etc/rc.d/jail, ezjail and Linux jails don't wo
o kern/188018 jail [jail] [vimage] Running pfctl -sr -v in Jail with VIMA
o kern/186360 jail [jail] jail using nullfs and unionfs doesn't mount dev
o kern/184719 jail [jail] Starting jails: cannot start jail "domain_com":
o bin/181794 jail jexec(8) runs commands in Jails without taking into ac
o conf/181650 jail [jail] [patch] /etc/rc.d/jail fails if a kernel built
o kern/180916 jail [jail] [regression] jail startup is broken for 8.4 wit
o kern/180067 jail [jail] [patch] fix multicast support within jails
o bin/178302 jail jail(8): unknown parameter: ip6.addr when kernel compi
o kern/176112 jail [jail] [panic] kernel panic when starting jails
o kern/174902 jail [jail] jail should provide validator for jail names
o bin/173469 jail [jail] regression: security.jail.sysvipc_allowed=1 no
o kern/169751 jail [jail] reading routing information does not work in ja
o bin/167911 jail new jail(8) problem with removal, ifconfg -alias and k
o kern/159918 jail [jail] inter-jail communication failure
o kern/156111 jail [jail] procstat -b not supported in jail
o misc/155765 jail [patch] `buildworld' does not honors WITHOUT_JAIL
o conf/154246 jail [jail] [patch] Bad symlink created if devfs mount poin
s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail
o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail
o kern/133265 jail [jail] is there a solution how to run nfs client in ja
o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail
o bin/99566 jail [jail] [patch] fstat(1) according to specified jid
25 problems total.
From owner-freebsd-jail@FreeBSD.ORG Tue May 13 05:18:15 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id BB680823
for <freebsd-jail@freebsd.org>; Tue, 13 May 2014 05:18:15 +0000 (UTC)
Received: from mail.dachev.info (mail.dachev.info [78.90.170.123])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 6855F2C17
for <freebsd-jail@freebsd.org>; Tue, 13 May 2014 05:18:15 +0000 (UTC)
Received: from [10.10.10.100] (helo=dachev.info)
by mail.dachev.info with esmtp (Exim 4.82 (FreeBSD))
(envelope-from <freebsd_jail@dachev.info>) id 1WjwwD-000PSs-Vi
for freebsd-jail@freebsd.org; Mon, 12 May 2014 20:35:10 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8;
format=flowed
Content-Transfer-Encoding: 7bit
Date: Mon, 12 May 2014 23:35:04 +0300
From: freebsd_jail@dachev.info
To: freebsd-jail@freebsd.org
Subject: new jail framework with vnet, zfs and jail.conf support
Message-ID: <640993be45d72e4dac19181ae6644d27@dachev.info>
X-Sender: freebsd_jail@dachev.info
User-Agent: Roundcube Webmail/0.9.5
X-Spam-Score: -1.0 (-)
X-Spam-Report: Spam detection software, running on the system "www.dachev.info",
has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
The administrator of that system for details.
Content preview: Hi, I'm currently in process of development of new tool for
easy jail administration with zfs and vimage/vnet(bridge epair interface)
support The idea is to have a single application (python script) without
any other confg files and customization This tool is written on Python, also
work only with vnet, zfs and FreeBSD 10 (probably will work on FreeBSD 9.1
but i never test it) JADM work only with native /etc/jail.conf When is started
for first time jadm generate new /etc/jail.conf in special format developed
by me. jail.conf file can be used and without JADM. [...]
Content analysis details: (-1.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 May 2014 05:18:15 -0000
Hi,
I'm currently in process of development of new tool for easy jail
administration with zfs and vimage/vnet(bridge epair interface) support
The idea is to have a single application (python script) without any
other confg files and customization
This tool is written on Python, also work only with vnet, zfs and
FreeBSD 10 (probably will work on FreeBSD 9.1 but i never test it)
JADM work only with native /etc/jail.conf
When is started for first time jadm generate new /etc/jail.conf in
special format developed by me.
jail.conf file can be used and without JADM.
for more information please contact me or visit:
https://github.com/NikolayDachev/jadm
JADM is in development status more of functions work normal (with bugs
but work :)).
Unfortunately i don't have a lot of time for it so i need test users.
At the moment last function for JADM is to support skeleton jail model
(similar to ezjail with base jail and etc.)
This function is still in progress meanwhile, if someone have a time to
test all other functions and to report any issue, bug or ideas
From owner-freebsd-jail@FreeBSD.ORG Tue May 13 06:36:33 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 88896CF6
for <freebsd-jail@freebsd.org>; Tue, 13 May 2014 06:36:33 +0000 (UTC)
Received: from frv189.fwdcdn.com (frv189.fwdcdn.com [212.42.77.189])
(using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 42C0921C2
for <freebsd-jail@freebsd.org>; Tue, 13 May 2014 06:36:32 +0000 (UTC)
Received: from [10.10.1.30] (helo=frv196.fwdcdn.com)
by frv189.fwdcdn.com with esmtp ID 1Wk5yY-000I9s-Su
for freebsd-jail@freebsd.org; Tue, 13 May 2014 09:14:06 +0300
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ukr.net;
s=ffe;
h=Content-Transfer-Encoding:Content-Type:MIME-Version:References:In-Reply-To:Message-Id:Cc:To:Subject:From:Date;
bh=ocqIk6OmJ+ZlnxNct1dtdU1urGjatmxdroM4hm+aJ4Y=;
b=LN9W+0KdV99jj1Sdts2HeqejUL8vw92u2lI6pE31S5cn4hnzdbsdj92Po8IZ81BmBOZc+pS364stcQjN/wJ5vM6MCrjBTzjjrvrIHponXaIW2fQTV6b8sVcsOlgdjjtYNNcNQHFUjrICYSNuvnthQoMS01ZamuGrvgxEVqiF3SM=;
Received: from [10.10.10.34] (helo=frv34.fwdcdn.com)
by frv196.fwdcdn.com with smtp ID 1Wk5yN-000HI4-Da
for freebsd-jail@freebsd.org; Tue, 13 May 2014 09:13:55 +0300
Date: Tue, 13 May 2014 09:13:54 +0300
From: wishmaster <artemrts@ukr.net>
Subject: Re: new jail framework with vnet, zfs and jail.conf support
To: freebsd_jail@dachev.info
X-Mailer: mail.ukr.net 5.0
Message-Id: <1399961067.719314394.ydipku70@frv34.fwdcdn.com>
In-Reply-To: <640993be45d72e4dac19181ae6644d27@dachev.info>
References: <640993be45d72e4dac19181ae6644d27@dachev.info>
MIME-Version: 1.0
Received: from artemrts@ukr.net by frv34.fwdcdn.com;
Tue, 13 May 2014 09:13:55 +0300
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: binary
Content-Disposition: inline
Cc: freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 May 2014 06:36:33 -0000
--- Original message ---
From: freebsd_jail@dachev.info
Date: 13 May 2014, 08:18:21
> Hi,
>
> I'm currently in process of development of new tool for easy jail
> administration with zfs and vimage/vnet(bridge epair interface) support
> The idea is to have a single application (python script) without any
> other confg files and customization
> This tool is written on Python, also work only with vnet, zfs and
> FreeBSD 10 (probably will work on FreeBSD 9.1 but i never test it)
> JADM work only with native /etc/jail.conf
> When is started for first time jadm generate new /etc/jail.conf in
> special format developed by me.
> jail.conf file can be used and without JADM.
>
> for more information please contact me or visit:
> https://github.com/NikolayDachev/jadm
>
> JADM is in development status more of functions work normal (with bugs
> but work :)).
>
> Unfortunately i don't have a lot of time for it so i need test users.
> At the moment last function for JADM is to support skeleton jail model
> (similar to ezjail with base jail and etc.)
> This function is still in progress meanwhile, if someone have a time to
> test all other functions and to report any issue, bug or ideas
>
This is good idea. But..
Skeleton mode is fine, but model implemented in ezjail is awful. You must install software in each jail. Therefore if I have 2 or more jails, I must install/upgrade/test software in each jail! Oh my God.
IMHO, true 'lite' jail model is: have one basejail with installed soft and the rest jails - with own /var, /tmp and so on.
I use this model.
Cheers,
Vit
From owner-freebsd-jail@FreeBSD.ORG Tue May 13 06:50:41 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id B33449F
for <freebsd-jail@freebsd.org>; Tue, 13 May 2014 06:50:41 +0000 (UTC)
Received: from mail.freebsd.systems (unknown [IPv6:2001:6a0:1cb::b])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 6859822D2
for <freebsd-jail@freebsd.org>; Tue, 13 May 2014 06:50:41 +0000 (UTC)
Received: from mail.freebsd.systems (mail.freebsd.systems
[IPv6:2001:6a0:1cb::b])
by mail.freebsd.systems (Postfix) with ESMTP id 874BF9C4;
Tue, 13 May 2014 08:50:36 +0200 (CEST)
X-Virus-Scanned: amavisd-new at freebsd.systems
Received: from mail.freebsd.systems ([91.204.91.44])
by mail.freebsd.systems (scan.freebsd.systems [91.204.91.44]) (amavisd-new,
port 10026)
with ESMTP id 2V9Jfs_SK0QZ; Tue, 13 May 2014 08:50:36 +0200 (CEST)
Received: from [192.168.168.1] (89-71-136-148.dynamic.chello.pl
[89.71.136.148])
(using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits))
(No client certificate requested)
by mail.freebsd.systems (Postfix) with ESMTPSA id AF0A39C1;
Tue, 13 May 2014 08:50:35 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=wasikowski.net;
s=default; t=1399963835;
bh=Y3AGMVeW+Gul1teP9jjr5XB6yFsorVIhdnIAbvWVWTU=;
h=Date:From:To:CC:References:In-Reply-To;
b=CUOEZV+whcdu+yvFwfCpY5KACznaz9oX3Xh2FOkpOqHp/AEsAt5/6gqWmtydf7XSQ
lUqqtFmbq4vkxGTij95uHTIX5dp5Q2gy0y1tPrr0ZIPyypJlUgH31AFwbVciEwGfW9
9tmX1efCEtfB0IRcReTakWJdLYoQSkS7T7Ii8YLFB/p3p2xA/ek72uL+YUNNg10gLH
uyuBRzk2SviCYockEx8iSzDLcLqN2/z5w48g89u4A3DGAu2ZbZvX6iRD1SJY7xo/vB
GJakV2jlv4aeGDjI9m8XBaOquTuFK8d2dPwzGUVcE+ntnbPH0DETxb8KQGFo7DTcry
M7vHu1pzKpSKA==
Message-ID: <5371C0BB.9000003@wasikowski.net>
Date: Tue, 13 May 2014 08:50:35 +0200
From: =?UTF-8?B?xYF1a2FzeiBXxIVzaWtvd3NraQ==?= <lukasz@wasikowski.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: wishmaster <artemrts@ukr.net>, freebsd_jail@dachev.info
Subject: Re: new jail framework with vnet, zfs and jail.conf support
References: <640993be45d72e4dac19181ae6644d27@dachev.info>
<1399961067.719314394.ydipku70@frv34.fwdcdn.com>
In-Reply-To: <1399961067.719314394.ydipku70@frv34.fwdcdn.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 May 2014 06:50:41 -0000
W dniu 2014-05-13 08:13, wishmaster pisze:
> --- Original message ---
> From: freebsd_jail@dachev.info
> Date: 13 May 2014, 08:18:21
>> I'm currently in process of development of new tool for easy jail
>> administration with zfs and vimage/vnet(bridge epair interface) support
>> The idea is to have a single application (python script) without any
>> other confg files and customization
>> This tool is written on Python, also work only with vnet, zfs and
>> FreeBSD 10 (probably will work on FreeBSD 9.1 but i never test it)
>> JADM work only with native /etc/jail.conf
>> When is started for first time jadm generate new /etc/jail.conf in
>> special format developed by me.
>> jail.conf file can be used and without JADM.
>>
>> for more information please contact me or visit:
>> https://github.com/NikolayDachev/jadm
>>
>> JADM is in development status more of functions work normal (with bugs
>> but work :)).
>>
>> Unfortunately i don't have a lot of time for it so i need test users.
>> At the moment last function for JADM is to support skeleton jail model
>> (similar to ezjail with base jail and etc.)
>> This function is still in progress meanwhile, if someone have a time to
>> test all other functions and to report any issue, bug or ideas
> This is good idea. But..
> Skeleton mode is fine, but model implemented in ezjail is awful. You must install software in each jail. Therefore if I have 2 or more jails, I must install/upgrade/test software in each jail! Oh my God.
> IMHO, true 'lite' jail model is: have one basejail with installed soft and the rest jails - with own /var, /tmp and so on.
> I use this model.
It all depends on what you really need. There are a bunch of us who need
"thin" jails - just like you describe it. And there are people who need
customized jails (which ezjail or jadm can provide). With pkg(8)
upgrading bunch of jails is an easy task, just go with:
jls jid | xargs -oI% pkg -j % upgrade
--
best regards,
Lukasz Wasikowski
From owner-freebsd-jail@FreeBSD.ORG Tue May 13 12:12:10 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 6CE73EB4
for <freebsd-jail@freebsd.org>; Tue, 13 May 2014 12:12:10 +0000 (UTC)
Received: from relay.mailchannels.net (si-002-i86.relay.mailchannels.net
[173.236.122.36])
by mx1.freebsd.org (Postfix) with ESMTP id AE28C2FD2
for <freebsd-jail@freebsd.org>; Tue, 13 May 2014 12:12:08 +0000 (UTC)
X-Sender-Id: _forwarded-from|107.201.34.133
Received: from mail-24.name-services.com (unknown [10.237.3.9])
by relay.mailchannels.net (Postfix) with ESMTPA id 9BCBD60242;
Tue, 13 May 2014 12:12:06 +0000 (UTC)
X-Sender-Id: _forwarded-from|107.201.34.133
Received: from mail-24.name-services.com (mail-24.name-services.com
[10.235.16.137]) (using TLSv1 with cipher AES128-SHA)
by 0.0.0.0:2500 (trex/5.1.2); Tue, 13 May 2014 12:12:07 GMT
X-MC-Relay: Forwarding
X-MailChannels-SenderId: _forwarded-from%7C107.201.34.133
X-MailChannels-Auth-Id: demandmedia
Received: from [10.0.10.1] (107-201-34-133.lightspeed.bcvloh.sbcglobal.net
[107.201.34.133]) by mail-24.name-services.com with SMTP;
Tue, 13 May 2014 05:12:00 -0700
Message-ID: <53720C0F.9010707@a1poweruser.com>
Date: Tue, 13 May 2014 08:11:59 -0400
From: Fbsd8 <fbsd8@a1poweruser.com>
User-Agent: Thunderbird 2.0.0.17 (Windows/20080914)
MIME-Version: 1.0
To: freebsd_jail@dachev.info
Subject: Re: new jail framework with vnet, zfs and jail.conf support
References: <640993be45d72e4dac19181ae6644d27@dachev.info>
In-Reply-To: <640993be45d72e4dac19181ae6644d27@dachev.info>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 May 2014 12:12:10 -0000
freebsd_jail@dachev.info wrote:
> Hi,
>
> I'm currently in process of development of new tool for easy jail
> administration with zfs and vimage/vnet(bridge epair interface) support
> The idea is to have a single application (python script) without any
> other confg files and customization
> This tool is written on Python, also work only with vnet, zfs and
> FreeBSD 10 (probably will work on FreeBSD 9.1 but i never test it)
> JADM work only with native /etc/jail.conf
> When is started for first time jadm generate new /etc/jail.conf in
> special format developed by me.
> jail.conf file can be used and without JADM.
>
> for more information please contact me or visit:
> https://github.com/NikolayDachev/jadm
>
> JADM is in development status more of functions work normal (with bugs
> but work :)).
>
> Unfortunately i don't have a lot of time for it so i need test users.
> At the moment last function for JADM is to support skeleton jail model
> (similar to ezjail with base jail and etc.)
> This function is still in progress meanwhile, if someone have a time to
> test all other functions and to report any issue, bug or ideas
>
>
>
I think you have made some poor basic design choices.
1. Requiring python as a dependent. Thats a lot of overhead just for a
script. Not a show stopper, but a csh script would have been better.
2. Using the highly experimental "vimage" as the cornerstone of the over
all design. Vimage has many long standing PRs, does not work with any of
the firewalls, has NO maintainer, requires a custom kernel to enable.
This is a major show stopper. Can not risk a production jail environment
on highly experimental software. Even if vimage gets a maintainer, all
the firewalls need to be updated to play nice in an vimage environment,
and there are existing PRs to that effect which the firewall maintainers
are reluctant to address because of vimage's status as highly
experimental. What your trying to do may never bare fruit due to things
totally out of your control.
3. Should use the allow_zfs option of jail(8) instead of embedded native
zfs commands.
With surgery JADM could become a ZFS admin script, there is a need for
that and one does not exist that I know of.
From owner-freebsd-jail@FreeBSD.ORG Tue May 13 12:19:26 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id A09CCF59
for <freebsd-jail@freebsd.org>; Tue, 13 May 2014 12:19:26 +0000 (UTC)
Received: from mail.feld.me (mail.feld.me [66.170.3.6])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.feld.me", Issuer "Gandi Standard SSL CA" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 5D3EB201C
for <freebsd-jail@freebsd.org>; Tue, 13 May 2014 12:19:26 +0000 (UTC)
Received: from mail.feld.me (mail.feld.me [66.170.3.6]);
by mail.feld.me (OpenSMTPD) with ESMTP id eeaff6af;
for <freebsd-jail@freebsd.org>; Tue, 13 May 2014 07:19:22 -0500 (CDT)
Received: from feld@feld.me by mail.feld.me (Archiveopteryx 3.2.0) with
esmtpa id 1399983561-4153-4150/5/4; Tue, 13 May 2014 12:19:21 +0000
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Date: Tue, 13 May 2014 07:19:20 -0500
From: Mark Felder <feld@FreeBSD.org>
To: freebsd-jail@freebsd.org
Subject: Re: new jail framework with vnet, zfs and jail.conf support
In-Reply-To: <53720C0F.9010707@a1poweruser.com>
References: <640993be45d72e4dac19181ae6644d27@dachev.info>
<53720C0F.9010707@a1poweruser.com>
Message-Id: <2f171efc50e58d003930369af9e0e544@mail.feld.me>
X-Sender: feld@FreeBSD.org
User-Agent: Roundcube Webmail/0.9.5
Sender: feld@feld.me
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 May 2014 12:19:26 -0000
On 2014-05-13 07:11, fbsd8@a1poweruser.com wrote:
>
> I think you have made some poor basic design choices.
>
Let him scratch his itch. Maybe it solves a problem you haven't
encountered yet?
> 1. Requiring python as a dependent. Thats a lot of overhead just for a
> script. Not a show stopper, but a csh script would have been better.
>
csh is a horrible scripting language. I think you mean POSIX sh. But
either way, Python is slowly becoming the language of choice for
utilities...
From owner-freebsd-jail@FreeBSD.ORG Tue May 13 12:56:51 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 92CCD12D
for <freebsd-jail@freebsd.org>; Tue, 13 May 2014 12:56:51 +0000 (UTC)
Received: from mail-oa0-x230.google.com (mail-oa0-x230.google.com
[IPv6:2607:f8b0:4003:c02::230])
(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
(Client CN "smtp.gmail.com",
Issuer "Google Internet Authority G2" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 5A1A22394
for <freebsd-jail@freebsd.org>; Tue, 13 May 2014 12:56:51 +0000 (UTC)
Received: by mail-oa0-f48.google.com with SMTP id i4so315477oah.35
for <freebsd-jail@freebsd.org>; Tue, 13 May 2014 05:56:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:content-type; bh=fc38v73vIErLxxfs8FfimZT7FtuvRf1gVgbn+uWmvlM=;
b=M2pG7oKnyDZeg7b+yiNYjljQ0ZPd1H8kihqQngtyzIPfJ3ENrvelw4mqpm+wJYJqvy
IYAYtNsLgjMj7L5CX6FGlOshKlBELDB43PtN8DQQtMebeC5GJEqjOFrLTCxihImxAEMF
jY8EFxevQMYveWyrrSLRSTjds40N759lfVDEdQi/ktwe+zRI03wWV+j95/5r4sq4kjam
aIye1BOfC5RhT0TUpYNtvSkMhhKVKgJgGMOh/ELrQwIICB2sWoauBR4dQaJ9LetXJvxM
mK+QOZgOQCk5BR5ecE3NlKu14GKOWV9GGhq7Uc3YGYDud/xRMtuSb61SL4hDSXtXbrHA
Pt8Q==
MIME-Version: 1.0
X-Received: by 10.182.29.225 with SMTP id n1mr41854974obh.2.1399985810665;
Tue, 13 May 2014 05:56:50 -0700 (PDT)
Received: by 10.76.170.39 with HTTP; Tue, 13 May 2014 05:56:50 -0700 (PDT)
In-Reply-To: <537212B7.8080909@a1poweruser.com>
References: <640993be45d72e4dac19181ae6644d27@dachev.info>
<53720C0F.9010707@a1poweruser.com>
<CAPS9+SsZFSOkSO+2G6P041-9nZjvpZfU0ZKxjW4k3cZHeaZhLg@mail.gmail.com>
<537212B7.8080909@a1poweruser.com>
Date: Tue, 13 May 2014 14:56:50 +0200
Message-ID: <CAPS9+Ss4JEXwENkaNsgALyGXM4=vJny0t-DfMoMyjMy+uZ-nCw@mail.gmail.com>
Subject: Re: new jail framework with vnet, zfs and jail.conf support
From: Andreas Nilsson <andrnils@gmail.com>
To: Fbsd8 <fbsd8@a1poweruser.com>,
Mailinglists FreeBSD <freebsd-jail@freebsd.org>
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.18
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 May 2014 12:56:51 -0000
On Tue, May 13, 2014 at 2:40 PM, Fbsd8 <fbsd8@a1poweruser.com> wrote:
> Andreas Nilsson wrote:
>
>>
>>
>>
>> On Tue, May 13, 2014 at 2:11 PM, Fbsd8 <fbsd8@a1poweruser.com <mailto:
>> fbsd8@a1poweruser.com>> wrote:
>>
>>
>> freebsd_jail@dachev.info <mailto:freebsd_jail@dachev.info> wrote:
>>
>> Hi,
>>
>> I'm currently in process of development of new tool for easy
>> jail administration with zfs and vimage/vnet(bridge epair
>> interface) support
>> The idea is to have a single application (python script) without
>> any other confg files and customization
>> This tool is written on Python, also work only with vnet, zfs
>> and FreeBSD 10 (probably will work on FreeBSD 9.1 but i never
>> test it)
>> JADM work only with native /etc/jail.conf
>> When is started for first time jadm generate new /etc/jail.conf
>> in special format developed by me.
>> jail.conf file can be used and without JADM.
>>
>> for more information please contact me or visit:
>> https://github.com/__NikolayDachev/jadm
>>
>> <https://github.com/NikolayDachev/jadm>
>>
>> JADM is in development status more of functions work normal
>> (with bugs but work :)).
>>
>> Unfortunately i don't have a lot of time for it so i need test
>> users.
>> At the moment last function for JADM is to support skeleton jail
>> model (similar to ezjail with base jail and etc.)
>> This function is still in progress meanwhile, if someone have a
>> time to test all other functions and to report any issue, bug or
>> ideas
>>
>>
>>
>>
>> I think you have made some poor basic design choices.
>>
>> 1. Requiring python as a dependent. Thats a lot of overhead just for
>> a script. Not a show stopper, but a csh script would have been better.
>>
>> Why is csh better than sh?
>>
>> 2. Using the highly experimental "vimage" as the cornerstone of the
>> over all design. Vimage has many long standing PRs, does not work
>> with any of the firewalls, has NO maintainer, requires a custom
>> kernel to enable.
>> This is a major show stopper. Can not risk a production jail
>> environment on highly experimental software. Even if vimage gets a
>> maintainer, all the firewalls need to be updated to play nice in an
>> vimage environment, and there are existing PRs to that effect which
>> the firewall maintainers are reluctant to address because of
>> vimage's status as highly experimental. What your trying to do may
>> never bare fruit due to things totally out of your control.
>>
>> What do you mean by "not work with any of the firewalls"?
>>
>
> When enabled with a kernel that has vimage they hang the system on boot,
> page fault, or in the case of ipfw, Nat page faults. Just check the
> outstanding pr list for the gory details.
And that is a gross overstatement. I run vimage-kernel and ipfw on a number
of machines. Not one kernel panic.
>
>
>> And for people who require separate networking, vimage is the answer. I
>> say it is a shame vimage is not in generic yet.
>>
>>
> I agree with you. But its out of our control. If I remember correctly, the
> vimage author completed his dissertation which was based on his writing
> vimage, graduated college and moved on with his life.
>
> That would be very sad. Maybe the foundation could sponsor him and/or
someone else to have another go at it. It's not like pf and ipfilter are
the most well-maintained things either.
I however long for the day when FreeBSD catches up with illumos in terms of
light-weight virtualization with separate networking (seeing as jails were
the model for zones). But maybe netmap+vale-switches with vimage could be
made to play better together. But I guess we each want different things.
Best regards
Andreas
From owner-freebsd-jail@FreeBSD.ORG Tue May 13 18:00:03 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 231002F2
for <freebsd-jail@smarthost.ysv.freebsd.org>;
Tue, 13 May 2014 18:00:03 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:1900:2254:206c::16:87])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 10B532FA0
for <freebsd-jail@smarthost.ysv.freebsd.org>;
Tue, 13 May 2014 18:00:03 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s4DI02kS002555
for <freebsd-jail@freefall.freebsd.org>; Tue, 13 May 2014 18:00:02 GMT
(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s4DI02sn002554;
Tue, 13 May 2014 18:00:02 GMT (envelope-from gnats)
Date: Tue, 13 May 2014 18:00:02 GMT
Message-Id: <201405131800.s4DI02sn002554@freefall.freebsd.org>
To: freebsd-jail@FreeBSD.org
Cc:
From: Mark Linimon <linimon@lonesome.com>
Subject: Re: kern/176112: [jail] [panic] kernel panic when starting jails
Reply-To: Mark Linimon <linimon@lonesome.com>
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 May 2014 18:00:03 -0000
The following reply was made to PR kern/176112; it has been noted by GNATS.
From: Mark Linimon <linimon@lonesome.com>
To: bug-followup@FreeBSD.org
Cc:
Subject: Re: kern/176112: [jail] [panic] kernel panic when starting jails
Date: Tue, 13 May 2014 12:53:58 -0500
----- Forwarded message from Dustin Wenz <dustinwenz@ebureau.com> -----
Date: Tue, 13 May 2014 10:35:18 -0500
From: Dustin Wenz <dustinwenz@ebureau.com>
To: bugbusters@FreeBSD.org
Subject: Update request: kernel panic when starting jails
X-Mailer: Apple Mail (2.1874)
I would like to update PR:
kern/176112: [jail] [panic] kernel panic when starting jails
This problem is still present in FreeBSD 10.0-STABLE #0 r265159, when
built for amd64. Is there any way this PR could be bumped up in priority?
The current description of the bug appears adequate, even if it's over
a year old. Please let me know if any more information would be helpful.
Thanks,
- .Dustin Wenz
----- End forwarded message -----
From owner-freebsd-jail@FreeBSD.ORG Mon May 19 11:06:47 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id AD2483A9
for <freebsd-jail@FreeBSD.org>; Mon, 19 May 2014 11:06:47 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:1900:2254:206c::16:87])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 815F02DB2
for <freebsd-jail@FreeBSD.org>; Mon, 19 May 2014 11:06:47 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s4JB6lRo080054
for <freebsd-jail@FreeBSD.org>; Mon, 19 May 2014 11:06:47 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Received: (from gnats@localhost)
by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s4JB6lhB080051
for freebsd-jail@FreeBSD.org; Mon, 19 May 2014 11:06:47 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Date: Mon, 19 May 2014 11:06:47 GMT
Message-Id: <201405191106.s4JB6lhB080051@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: gnats set sender to
owner-bugmaster@FreeBSD.org using -f
From: FreeBSD bugmaster <bugmaster@freebsd.org>
To: freebsd-jail@FreeBSD.org
Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 19 May 2014 11:06:47 -0000
Note: to view an individual PR, use:
http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).
The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.
S Tracker Resp. Description
--------------------------------------------------------------------------------
o bin/189139 jail [patch] fix bug in jail(8) variable substitution
o kern/188753 jail [jail] mount devfs ruleset ignored
o kern/188495 jail [jail] /etc/rc.d/jail, ezjail and Linux jails don't wo
o kern/188018 jail [jail] [vimage] Running pfctl -sr -v in Jail with VIMA
o kern/186360 jail [jail] jail using nullfs and unionfs doesn't mount dev
o kern/184719 jail [jail] Starting jails: cannot start jail "domain_com":
o bin/181794 jail jexec(8) runs commands in Jails without taking into ac
o conf/181650 jail [jail] [patch] /etc/rc.d/jail fails if a kernel built
o kern/180916 jail [jail] [regression] jail startup is broken for 8.4 wit
o kern/180067 jail [jail] [patch] fix multicast support within jails
o bin/178302 jail jail(8): unknown parameter: ip6.addr when kernel compi
o kern/176112 jail [jail] [panic] kernel panic when starting jails
o kern/174902 jail [jail] jail should provide validator for jail names
o bin/173469 jail [jail] regression: security.jail.sysvipc_allowed=1 no
o kern/169751 jail [jail] reading routing information does not work in ja
o bin/167911 jail new jail(8) problem with removal, ifconfg -alias and k
o kern/159918 jail [jail] inter-jail communication failure
o kern/156111 jail [jail] procstat -b not supported in jail
o misc/155765 jail [patch] `buildworld' does not honors WITHOUT_JAIL
o conf/154246 jail [jail] [patch] Bad symlink created if devfs mount poin
s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail
o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail
o kern/133265 jail [jail] is there a solution how to run nfs client in ja
o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail
o bin/99566 jail [jail] [patch] fstat(1) according to specified jid
25 problems total.
From owner-freebsd-jail@FreeBSD.ORG Wed May 21 14:53:27 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id B018AC9D
for <freebsd-jail@freebsd.org>; Wed, 21 May 2014 14:53:27 +0000 (UTC)
Received: from mail-pb0-f52.google.com (mail-pb0-f52.google.com
[209.85.160.52])
(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
(Client CN "smtp.gmail.com",
Issuer "Google Internet Authority G2" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 867602EA2
for <freebsd-jail@freebsd.org>; Wed, 21 May 2014 14:53:27 +0000 (UTC)
Received: by mail-pb0-f52.google.com with SMTP id rr13so1480129pbb.25
for <freebsd-jail@freebsd.org>; Wed, 21 May 2014 07:53:26 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to
:subject:content-type:content-transfer-encoding;
bh=RIZk50aO0dNApTIpmEENsjkEWibAhnk6konvLDr2BBI=;
b=igFpLdqgSUNp8zIAlDI4/URg+IjyDz2g6CaRo4MA9qgHVrLjea3LL9c8Uwemdvz/z9
FbmJDETCuLb+hp20ndrrikwjyqOUkY5HN9P7Rln70tZQGaPw/ibtSCdzjpS5rqOkJScW
VUco1w9ZO/FbZEU8JocUDJ304iLpoi6yHCKYeb8zZQpsKGyeHemj8rezCitIY+vilhKR
d8BoY5BewIZHEsoyZoVXIOIYvKZwPoGOBzqCEc16O6xkBoXhSdPPw8/Q0VEL4T2DF2Rd
C0NvwnpP8wQidziRrh2EUXATpUsN30FWFx8x1cfXI8gPT3qXGqOcXRjyBWtNDYU55Ngk
dKDg==
X-Gm-Message-State: ALoCoQlU3Wz9NNEeigkrUHuANsfrNPMiEgEfwYlQXuDC2V393rgSistNS+WvHFqGgotjDa0m9JiH
X-Received: by 10.66.141.144 with SMTP id ro16mr58718701pab.131.1400684006183;
Wed, 21 May 2014 07:53:26 -0700 (PDT)
Received: from blackbox.krakensys.lokal ([121.54.58.145])
by mx.google.com with ESMTPSA id qv9sm8523603pbc.71.2014.05.21.07.53.24
for <freebsd-jail@freebsd.org>
(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
Wed, 21 May 2014 07:53:25 -0700 (PDT)
Message-ID: <537CBDDE.5080008@anarchy.in.the.ph>
Date: Wed, 21 May 2014 22:53:18 +0800
From: "Mars G. Miro" <spry@anarchy.in.the.ph>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: freebsd-jail@freebsd.org
Subject: 9.2X installworld on fresh jail bsdconfig fix
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 May 2014 14:53:27 -0000
Hi
I've been hitting this snag on installworld on a fresh jail:
...
install: /usr/jails/turkb2/usr/libexec/bsdconfig/050.diskmgmt/diskmgmt:
No such file or directory
*** [_SCRIPTSINS_diskmgmt] Error code 71
install -o root -g wheel -m 444 INDEX USAGE
/usr/jails/turkb2/usr/libexec/bsdconfig/050.diskmgmt
1 error
...
Happens on my fast box everytime.
Seems that it's caused by this race on bsdconfig directories installed,
w/c got fixed by this
http://lists.freebsd.org/pipermail/svn-src-head/2013-August/051090.html
http://svnweb.freebsd.org/base/stable/9/etc/mtree/BSD.usr.dist?revision=256129&view=co&pathrev=256129
Anyways, grabbing the mtree above and doing
# mtree -eU -f BSD.usr.dist.92X -p /path/to/jail's/usr/
and then installing the world on the fresh jail fixes it.
Sending this on the list, to propagate my notes ;-)
--
Reporter, n.:
A writer who guesses his way to the truth and dispels it with a
tempest of words.
-- Ambrose Bierce, "The Devil's Dictionary"
From owner-freebsd-jail@FreeBSD.ORG Mon May 26 11:06:48 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 3385DE2C
for <freebsd-jail@FreeBSD.org>; Mon, 26 May 2014 11:06:48 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:1900:2254:206c::16:87])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 0611B24DE
for <freebsd-jail@FreeBSD.org>; Mon, 26 May 2014 11:06:48 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s4QB6lrg032058
for <freebsd-jail@FreeBSD.org>; Mon, 26 May 2014 11:06:47 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Received: (from gnats@localhost)
by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s4QB6lPb032056
for freebsd-jail@FreeBSD.org; Mon, 26 May 2014 11:06:47 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Date: Mon, 26 May 2014 11:06:47 GMT
Message-Id: <201405261106.s4QB6lPb032056@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: gnats set sender to
owner-bugmaster@FreeBSD.org using -f
From: FreeBSD bugmaster <bugmaster@freebsd.org>
To: freebsd-jail@FreeBSD.org
Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 26 May 2014 11:06:48 -0000
Note: to view an individual PR, use:
http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).
The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.
S Tracker Resp. Description
--------------------------------------------------------------------------------
o bin/189139 jail [patch] fix bug in jail(8) variable substitution
o kern/188753 jail [jail] mount devfs ruleset ignored
o kern/188495 jail [jail] /etc/rc.d/jail, ezjail and Linux jails don't wo
o kern/188018 jail [jail] [vimage] Running pfctl -sr -v in Jail with VIMA
o kern/186360 jail [jail] jail using nullfs and unionfs doesn't mount dev
o kern/184719 jail [jail] Starting jails: cannot start jail "domain_com":
o bin/181794 jail jexec(8) runs commands in Jails without taking into ac
o conf/181650 jail [jail] [patch] /etc/rc.d/jail fails if a kernel built
o kern/180916 jail [jail] [regression] jail startup is broken for 8.4 wit
o kern/180067 jail [jail] [patch] fix multicast support within jails
o bin/178302 jail jail(8): unknown parameter: ip6.addr when kernel compi
o kern/176112 jail [jail] [panic] kernel panic when starting jails
o kern/174902 jail [jail] jail should provide validator for jail names
o bin/173469 jail [jail] regression: security.jail.sysvipc_allowed=1 no
o kern/169751 jail [jail] reading routing information does not work in ja
o bin/167911 jail new jail(8) problem with removal, ifconfg -alias and k
o kern/159918 jail [jail] inter-jail communication failure
o kern/156111 jail [jail] procstat -b not supported in jail
o misc/155765 jail [patch] `buildworld' does not honors WITHOUT_JAIL
o conf/154246 jail [jail] [patch] Bad symlink created if devfs mount poin
s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail
o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail
o kern/133265 jail [jail] is there a solution how to run nfs client in ja
o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail
o bin/99566 jail [jail] [patch] fstat(1) according to specified jid
25 problems total.
From owner-freebsd-jail@FreeBSD.ORG Mon May 26 19:20:01 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 813D25C5
for <freebsd-jail@smarthost.ysv.freebsd.org>;
Mon, 26 May 2014 19:20:01 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:1900:2254:206c::16:87])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 52B8422B8
for <freebsd-jail@smarthost.ysv.freebsd.org>;
Mon, 26 May 2014 19:20:01 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s4QJK0qb052181
for <freebsd-jail@freefall.freebsd.org>; Mon, 26 May 2014 19:20:00 GMT
(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s4QJK0Ke052180;
Mon, 26 May 2014 19:20:00 GMT (envelope-from gnats)
Date: Mon, 26 May 2014 19:20:00 GMT
Message-Id: <201405261920.s4QJK0Ke052180@freefall.freebsd.org>
To: freebsd-jail@FreeBSD.org
Cc:
From: Scott Robbins <scottro@nyc.rr.com>
Subject: Re: kern/186360: jail using nullfs and unionfs doesn't mount devfs
Reply-To: Scott Robbins <scottro@nyc.rr.com>
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 26 May 2014 19:20:01 -0000
The following reply was made to PR kern/186360; it has been noted by GNATS.
From: Scott Robbins <scottro@nyc.rr.com>
To: bug-followup@FreeBSD.org
Cc:
Subject: Re: kern/186360: jail using nullfs and unionfs doesn't mount devfs
Date: Mon, 26 May 2014 15:14:02 -0400
Just an additional note--the roadrunner page listed will be defunct after
May 31, 2014. However, the page is available at
http://www.srobb.net/nullfsjail.html
--
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6
From owner-freebsd-jail@FreeBSD.ORG Mon May 26 23:10:02 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id E9D91254
for <freebsd-jail@smarthost.ysv.freebsd.org>;
Mon, 26 May 2014 23:10:02 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:1900:2254:206c::16:87])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id D76E424D6
for <freebsd-jail@smarthost.ysv.freebsd.org>;
Mon, 26 May 2014 23:10:02 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s4QNA2Eo029086
for <freebsd-jail@freefall.freebsd.org>; Mon, 26 May 2014 23:10:02 GMT
(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s4QNA2Nt029085;
Mon, 26 May 2014 23:10:02 GMT (envelope-from gnats)
Date: Mon, 26 May 2014 23:10:02 GMT
Message-Id: <201405262310.s4QNA2Nt029085@freefall.freebsd.org>
To: freebsd-jail@FreeBSD.org
Cc:
From: "joeb1" <joeb1@a1poweruser.com>
Subject: Re: kern/186360: [jail] jail using nullfs and unionfs doesn'
t mount devfs
Reply-To: "joeb1" <joeb1@a1poweruser.com>
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 26 May 2014 23:10:03 -0000
The following reply was made to PR kern/186360; it has been noted by GNATS.
From: "joeb1" <joeb1@a1poweruser.com>
To: <bug-followup@FreeBSD.org>,
<scottro11@gmail.com>
Cc:
Subject: Re: kern/186360: [jail] jail using nullfs and unionfs doesn't mount devfs
Date: Mon, 26 May 2014 18:56:31 -0400
jail(8) became available in 9.1-RELEASE and was very buggy.
Some things got fixed in 9.2 but not the mount devfs function.
Even in 10.0-RELEASE the mount devfs function was still broken.
It finally got fixed in 10.0-RELEASE-p1
The legacy rc.conf rc.d jail method is deprecated in 10.0 and scheduled for
removal in 11.0.
Suggest you test your jails using jail(8) method on 10.0-RELEASE-p1 to
verify your pr problem is still in effect.
The sysutils/qjail utility uses the same jail config as your now building by
hand.
From owner-freebsd-jail@FreeBSD.ORG Wed May 28 01:10:01 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id C13F8D6C
for <freebsd-jail@smarthost.ysv.freebsd.org>;
Wed, 28 May 2014 01:10:01 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:1900:2254:206c::16:87])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id AE45A295A
for <freebsd-jail@smarthost.ysv.freebsd.org>;
Wed, 28 May 2014 01:10:01 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s4S1A16J029654
for <freebsd-jail@freefall.freebsd.org>; Wed, 28 May 2014 01:10:01 GMT
(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s4S1A1Io029653;
Wed, 28 May 2014 01:10:01 GMT (envelope-from gnats)
Date: Wed, 28 May 2014 01:10:01 GMT
Message-Id: <201405280110.s4S1A1Io029653@freefall.freebsd.org>
To: freebsd-jail@FreeBSD.org
Cc:
From: Scott Robbins <scottro@nyc.rr.com>
Subject: Re: kern/186360: [jail] jail using nullfs and unionfs doesn't
mount devfs
Reply-To: Scott Robbins <scottro@nyc.rr.com>
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 28 May 2014 01:10:01 -0000
The following reply was made to PR kern/186360; it has been noted by GNATS.
From: Scott Robbins <scottro@nyc.rr.com>
To: joeb1 <joeb1@a1poweruser.com>
Cc: bug-followup@FreeBSD.org
Subject: Re: kern/186360: [jail] jail using nullfs and unionfs doesn't
mount devfs
Date: Tue, 27 May 2014 21:05:18 -0400
On Mon, May 26, 2014 at 06:56:31PM -0400, joeb1 wrote:
> jail(8) became available in 9.1-RELEASE and was very buggy.
> Some things got fixed in 9.2 but not the mount devfs function.
> Even in 10.0-RELEASE the mount devfs function was still broken.
>
> It finally got fixed in 10.0-RELEASE-p1
I am still having the issue with 10.0-RELEASE-p1
--
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6
From owner-freebsd-jail@FreeBSD.ORG Sat May 31 06:43:16 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id A2B2BDC3
for <freebsd-jail@freebsd.org>; Sat, 31 May 2014 06:43:16 +0000 (UTC)
Received: from mail-wg0-x231.google.com (mail-wg0-x231.google.com
[IPv6:2a00:1450:400c:c00::231])
(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
(Client CN "smtp.gmail.com",
Issuer "Google Internet Authority G2" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 390F12C11
for <freebsd-jail@freebsd.org>; Sat, 31 May 2014 06:43:16 +0000 (UTC)
Received: by mail-wg0-f49.google.com with SMTP id m15so2913004wgh.20
for <freebsd-jail@freebsd.org>; Fri, 30 May 2014 23:43:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=date:message-id:from:to:cc:subject:in-reply-to:references
:user-agent:mime-version:content-type;
bh=3RAmhPHR3kqszy/221Jv3BA9cilV1rxg4spVQtGo48o=;
b=UEZIy7+SDUrwiLfgHKhxx/47RYJ/ZI+k4O1I/uH1FGsq7UwwRcfUstR6hfvjtuJXIp
6yWIKJBSTzuVVhZkH1gEFc2RCLy5VPByi6aJSdrOfR3Wl/xOpjoku3Z1dmHh4WOjM/eP
aWzi5cbLtXvPyEFk0d/KYzIwliOIsTXOC5yqEAU9PMgY/cIdyCVJfnoSIBVvURlaRC90
op9BL0e98D3ZC/nm4XC9DeULfW0pjYwCa0tc5OQ09zkoQTs4P6f7I3s3eEh3b/nDueDl
NvBbdD8ZyrPI7apqFl/wY6kuCjo++yOIEQCsuUPXmoW+gx8ibGEA7eZk/F4WdUWq09cp
ZWNA==
X-Received: by 10.194.157.226 with SMTP id wp2mr28808849wjb.58.1401518594503;
Fri, 30 May 2014 23:43:14 -0700 (PDT)
Received: from oslo.ath.cx ([2001:470:1f0b:11bc:ad3c:2d0a:e16a:d4cc])
by mx.google.com with ESMTPSA id m1sm12184699wib.20.2014.05.30.23.43.13
for <multiple recipients>
(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Fri, 30 May 2014 23:43:13 -0700 (PDT)
Date: Sat, 31 May 2014 08:43:12 +0200
Message-ID: <86vbsmv473.wl%h.skuhra@gmail.com>
From: "Herbert J. Skuhra" <h.skuhra@gmail.com>
To: Scott Robbins <scottro@nyc.rr.com>
Subject: Re: kern/186360: [jail] jail using nullfs and unionfs doesn'
t mount devfs
In-Reply-To: <201405280110.s4S1A1Io029653@freefall.freebsd.org>
References: <201405280110.s4S1A1Io029653@freefall.freebsd.org>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue)
FLIM/1.14.9 (=?ISO-8859-4?Q?Goj=F2?=) APEL/10.8 EasyPG/1.0.0 Emacs/24.4.50
(i386-pc-freebsd10.0) MULE/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset=US-ASCII
Cc: freebsd-jail@FreeBSD.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 31 May 2014 06:43:16 -0000
On Wed, 28 May 2014 01:10:01 GMT
Scott Robbins wrote:
> The following reply was made to PR kern/186360; it has been noted by GNATS.
>
> From: Scott Robbins <scottro@nyc.rr.com>
> To: joeb1 <joeb1@a1poweruser.com>
> Cc: bug-followup@FreeBSD.org
> Subject: Re: kern/186360: [jail] jail using nullfs and unionfs doesn't
> mount devfs
> Date: Tue, 27 May 2014 21:05:18 -0400
>
> On Mon, May 26, 2014 at 06:56:31PM -0400, joeb1 wrote:
> > jail(8) became available in 9.1-RELEASE and was very buggy.
> > Some things got fixed in 9.2 but not the mount devfs function.
> > Even in 10.0-RELEASE the mount devfs function was still broken.
> >
> > It finally got fixed in 10.0-RELEASE-p1
>
> I am still having the issue with 10.0-RELEASE-p1
It has been fixed in 10.0-RELEASE-p2.
Make sure that you have
devfs_load_rulesets="YES" # Enable to always load the default rulesets
instead of
devfs_load_rulesets="NO" # Enable to always load the default rulesets
in /etc/defaults/rc.conf.
http://svnweb.freebsd.org/base?view=revision&revision=265124
http://svnweb.freebsd.org/base/releng/10.0/etc/defaults/rc.conf?r1=265124&r2=265123&pathrev=265124
--
Herbert
From owner-freebsd-jail@FreeBSD.ORG Sat May 31 16:02:30 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 9A84938F
for <freebsd-jail@FreeBSD.org>; Sat, 31 May 2014 16:02:30 +0000 (UTC)
Received: from cdptpa-oedge-vip.email.rr.com
(cdptpa-outbound-snat.email.rr.com [107.14.166.228])
by mx1.freebsd.org (Postfix) with ESMTP id 5F093246D
for <freebsd-jail@FreeBSD.org>; Sat, 31 May 2014 16:02:26 +0000 (UTC)
Received: from [74.73.41.31] ([74.73.41.31:33563] helo=localhost)
by cdptpa-oedge03 (envelope-from <scottro@nyc.rr.com>)
(ecelerity 3.5.0.35861 r(Momo-dev:tip)) with ESMTP
id DA/E6-25046-C0DF9835; Sat, 31 May 2014 16:02:20 +0000
Date: Sat, 31 May 2014 12:02:19 -0400
From: Scott Robbins <scottro@nyc.rr.com>
To: "Herbert J. Skuhra" <h.skuhra@gmail.com>
Subject: Re: kern/186360: [jail] jail using nullfs and unionfs doesn't
mount devfs
Message-ID: <20140531160219.GB14608@scott1.scottro.net>
Mail-Followup-To: "Herbert J. Skuhra" <h.skuhra@gmail.com>,
freebsd-jail@FreeBSD.org
References: <201405280110.s4S1A1Io029653@freefall.freebsd.org>
<86vbsmv473.wl%h.skuhra@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <86vbsmv473.wl%h.skuhra@gmail.com>
User-Agent: Mutt/1.5.20 (2009-12-10)
X-RR-Connecting-IP: 107.14.168.142:25
X-Cloudmark-Score: 0
Cc: freebsd-jail@FreeBSD.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 31 May 2014 16:02:30 -0000
On Sat, May 31, 2014 at 08:43:12AM +0200, Herbert J. Skuhra wrote:
> On Wed, 28 May 2014 01:10:01 GMT
> Scott Robbins wrote:
>
> > The following reply was made to PR kern/186360; it has been noted by GNATS.
> >
> > From: Scott Robbins <scottro@nyc.rr.com>
> > To: joeb1 <joeb1@a1poweruser.com>
> > Cc: bug-followup@FreeBSD.org
> > Subject: Re: kern/186360: [jail] jail using nullfs and unionfs doesn't
> > mount devfs
> > Date: Tue, 27 May 2014 21:05:18 -0400
> >
> > On Mon, May 26, 2014 at 06:56:31PM -0400, joeb1 wrote:
> > > jail(8) became available in 9.1-RELEASE and was very buggy.
> > > Some things got fixed in 9.2 but not the mount devfs function.
> > > Even in 10.0-RELEASE the mount devfs function was still broken.
> > >
> > > It finally got fixed in 10.0-RELEASE-p1
> >
> > I am still having the issue with 10.0-RELEASE-p1
>
> It has been fixed in 10.0-RELEASE-p2.
>
> Make sure that you have
>
> devfs_load_rulesets="YES" # Enable to always load the default rulesets
>
> instead of
I tried this on 10.0-RELEASE-p3. The problem wasn't that a ruleset wasn't applied, the
problem is that there is nothing mounted on <myjail>/dev. It's still not
working for me, however, I've only tried it on one machine, and probably
won't have a chance to try on others for a few days.
--
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6
From owner-freebsd-jail@FreeBSD.ORG Sun Jun 1 00:23:11 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id B699B880
for <freebsd-jail@freebsd.org>; Sun, 1 Jun 2014 00:23:11 +0000 (UTC)
Received: from outbound.mailhostbox.com (outbound.mailhostbox.com
[162.222.225.28])
by mx1.freebsd.org (Postfix) with ESMTP id 7DAAE2B43
for <freebsd-jail@freebsd.org>; Sun, 1 Jun 2014 00:23:11 +0000 (UTC)
Received: from [0.0.0.0] (bolobolo1.torservers.net [96.47.226.20])
(using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
(No client certificate requested)
(Authenticated sender: s7r@sky-ip.org)
by outbound.mailhostbox.com (Postfix) with ESMTPSA id 11C88868AFC
for <freebsd-jail@freebsd.org>; Sun, 1 Jun 2014 00:14:22 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sky-ip.org;
s=20110108; t=1401581664;
bh=6elF7P5iNpvgGCf1Tuy26nbKLua/XA+lQ5LXXu1sMso=;
h=Message-ID:Date:From:Reply-To:MIME-Version:To:Subject:
Content-Type:Content-Transfer-Encoding;
b=B8Bw4pTAgV8KKD7IfQqWav6Hdww7N0jiWS8npp8htBDZCp1x1SzeznWV6pHWyQ93g
v6eoSEQHB0NBeT5yfosRaE6rZ3LZ+wd6mI1w52R43LJyERExEanpm7nJHBBAodDcNh
kmcFThKc79iZp2qfJalHd8MHfehm7N6K70IGaoR8=
Message-ID: <538A7059.7070500@sky-ip.org>
Date: Sun, 01 Jun 2014 03:14:17 +0300
From: s7r <s7r@sky-ip.org>
Reply-To: s7r@sky-ip.org
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64;
rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: freebsd-jail@freebsd.org
Subject: cannot access internet from jail, help needed please
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-CTCH-RefID: str=0001.0A020204.538A705E.008A, ss=1, re=0.000, recu=0.000,
reip=0.000, cl=1, cld=1, fgs=0
X-CTCH-VOD: Unknown
X-CTCH-Spam: Unknown
X-CTCH-Score: 0.000
X-CTCH-Rules:
X-CTCH-Flags: 0
X-CTCH-ScoreCust: 0.000
X-CTCH-SenderID: s7r@sky-ip.org
X-CTCH-SenderID-TotalMessages: 1
X-CTCH-SenderID-TotalSpam: 0
X-CTCH-SenderID-TotalSuspected: 0
X-CTCH-SenderID-TotalBulk: 0
X-CTCH-SenderID-TotalConfirmed: 0
X-CTCH-SenderID-TotalRecipients: 0
X-CTCH-SenderID-TotalVirus: 0
X-CTCH-SenderID-BlueWhiteFlag: 0
X-Scanned-By: MIMEDefang 2.72 on 172.18.214.93
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Jun 2014 00:23:11 -0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I am trying to build a jail on FreeBSD 10.0 amd64 and it cannot access
the internet. Here are the steps I followed:
1. install ezjail from ports and enable it in rc.conf
2. My server has 3 public IPv4 addresses. Add one of them as an alias
(for the jail):
# ifconfig em0 alias <ip> netmask 255.255.255.255
# echo 'ifconfig_em0_alias0="inet <ip> netmask 255.255.255.255"' >>
/etc/rc.conf
3. enable ip forwarding
# sysctl net.inet.ip.forwarding=1
4. create the jail with the dedicated IP added as an alias
5. provide a name resolver in jail's /etc/resolv.conf
6. start the jail
# service ezjail start
7. console into the jail
# ezjail-admin console <jailname>
8. cannot access the internet. cannot use ports, cannot do anything.
The public IP address assigned to the jail is PINGable from the
outside (another server) and also PINGable from the host.
What is wrong here? I have searched the forums and everywhere on the
internet and saw no mistake or no steps missed.
- --
s7r
PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11
PGP Pubkey: http://www.sky-ip.org/s7r@sky-ip.org.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJTinBZAAoJEIN/pSyBJlsRh/UIAJL0CHmlZ7xh2nAn/cbAWv67
zjIYpaubYOOAVfTm6d8LRL+8dtqpag+jE3VOB4oz9mfG3HRHyYxHFB7+bwTJajuS
DXg8GnuG49OHO/FNBAEew0PzfVmjuNsMkztZcJJqWHxrHnQcwZYWth5eZj8WSSJ0
MgQi4lLbYwZerFmezozO4wgBRS7Ing1raOgwtHZOXTuiHIglf9t1LGgbkzu3AuPO
BDeYJQn159un6tkI5luoT6DTX+2wF+at2f//31KEoFNNT70lBKV3G/jKk+k0/s92
5ZS6jalTCDQ+jrpJmjTYrrkU+jQbMOcjoe9UlPpgo26kQftp2Z/Cu/3mW0qIUYA=
=2BuA
-----END PGP SIGNATURE-----
From owner-freebsd-jail@FreeBSD.ORG Sun Jun 1 00:31:04 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id EAB0F939
for <freebsd-jail@freebsd.org>; Sun, 1 Jun 2014 00:31:04 +0000 (UTC)
Received: from elektropost.org (elektropost.org [217.115.13.199])
by mx1.freebsd.org (Postfix) with ESMTP id 359252B67
for <freebsd-jail@freebsd.org>; Sun, 1 Jun 2014 00:31:03 +0000 (UTC)
Received: (qmail 58683 invoked from network); 1 Jun 2014 00:30:55 -0000
Received: from elektropost.org (HELO elektropost.org) (erdgeist@erdgeist.org)
by elektropost.org with AES128-SHA encrypted SMTP;
1 Jun 2014 00:30:55 -0000
Message-ID: <538A743E.2030203@erdgeist.org>
Date: Sun, 01 Jun 2014 02:30:54 +0200
From: Dirk Engling <erdgeist@erdgeist.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9;
rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: s7r@sky-ip.org, freebsd-jail@freebsd.org
Subject: Re: cannot access internet from jail, help needed please
References: <538A7059.7070500@sky-ip.org>
In-Reply-To: <538A7059.7070500@sky-ip.org>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Jun 2014 00:31:05 -0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01.06.14 02:14, s7r wrote:
> 8. cannot access the internet. cannot use ports, cannot do
> anything.
>
> The public IP address assigned to the jail is PINGable from the
> outside (another server) and also PINGable from the host.
If you run ifconfig em0 inside the jail, can you see the ip address
configured?
What exactly is the error message if your try something like
connecting to google.com:
telnet 173.194.32.243 80
I am currently working on a troubleshooting subcommand to ezjail that
tries to identify all possible causes of head aches. So failing
connections from jails to the outside world should be diagnosed and I
hope I can include your (solved) case to the tests ;)
erdgeist
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAlOKdD4ACgkQuN1wFypsMNOw4ACbBI0h5NkgJ3+6E47dOgjiJY6h
3tYAn2+m1cUtQugAQ23bekvUVVIFbgN+
=Rx5q
-----END PGP SIGNATURE-----
From owner-freebsd-jail@FreeBSD.ORG Sun Jun 1 00:33:35 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id DEE38970
for <freebsd-jail@freebsd.org>; Sun, 1 Jun 2014 00:33:35 +0000 (UTC)
Received: from elektropost.org (elektropost.org [217.115.13.199])
by mx1.freebsd.org (Postfix) with ESMTP id 295422BE0
for <freebsd-jail@freebsd.org>; Sun, 1 Jun 2014 00:33:34 +0000 (UTC)
Received: (qmail 58921 invoked from network); 1 Jun 2014 00:33:33 -0000
Received: from elektropost.org (HELO elektropost.org) (erdgeist@erdgeist.org)
by elektropost.org with AES128-SHA encrypted SMTP;
1 Jun 2014 00:33:33 -0000
Message-ID: <538A74D9.6050401@erdgeist.org>
Date: Sun, 01 Jun 2014 02:33:29 +0200
From: Dirk Engling <erdgeist@erdgeist.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9;
rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: s7r@sky-ip.org, freebsd-jail@freebsd.org
Subject: Re: cannot access internet from jail, help needed please
References: <538A7059.7070500@sky-ip.org>
In-Reply-To: <538A7059.7070500@sky-ip.org>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Jun 2014 00:33:35 -0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01.06.14 02:14, s7r wrote:
> 2. My server has 3 public IPv4 addresses. Add one of them as an
> alias (for the jail): # ifconfig em0 alias <ip> netmask
> 255.255.255.255
Also did you check that the jail's addresses are inside the net
configured netblock and you do not have routing table entries that
might divert or block traffic, i.e. is there a firewalls, if so what
are its rules?
erdgeist
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAlOKdNkACgkQuN1wFypsMNN1nwCeNoEbJkskow8Vw+Y/BfWCcyQt
kgYAn0syfyunUNyiCzE8a+0jqSTrL+cr
=fJZ6
-----END PGP SIGNATURE-----
From owner-freebsd-jail@FreeBSD.ORG Sun Jun 1 00:38:52 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 652069E8
for <freebsd-jail@freebsd.org>; Sun, 1 Jun 2014 00:38:52 +0000 (UTC)
Received: from mail-ie0-x22a.google.com (mail-ie0-x22a.google.com
[IPv6:2607:f8b0:4001:c03::22a])
(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
(Client CN "smtp.gmail.com",
Issuer "Google Internet Authority G2" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 20DA82BF4
for <freebsd-jail@freebsd.org>; Sun, 1 Jun 2014 00:38:52 +0000 (UTC)
Received: by mail-ie0-f170.google.com with SMTP id to1so1931731ieb.15
for <freebsd-jail@freebsd.org>; Sat, 31 May 2014 17:38:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa;
h=references:mime-version:in-reply-to:content-type
:content-transfer-encoding:message-id:cc:from:subject:date:to;
bh=4E91haZIwwilO6jOh6PbnPEQfRT9+9QLKsmhb8rCeDI=;
b=ZlKf0nTiYgfK0Km1xMyOD4uEgbXAU15fhwd2teANzJUv9DlNksyOEO05eNX9l69gjY
Nt0T08AzKAbwz1tTI9+KN6bWBMsmU1UMh30X1gzfGwF7JCtjlWo029OeoBEpjNV92GRy
GUAOR5VrbQ1iMtsYxmsaD3IfR8BgVcErSvvnM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:references:mime-version:in-reply-to:content-type
:content-transfer-encoding:message-id:cc:from:subject:date:to;
bh=4E91haZIwwilO6jOh6PbnPEQfRT9+9QLKsmhb8rCeDI=;
b=aoRiehxk9cpermWn0NIgJpyIGxLCDaber111oW7Sv4Q6BhTi84RK0GurXzI68XgIp9
MNXw909etTUUp4ZayV2/wDx0Oo8viCeWMlKa8bY2JPC4HXTPHpIjstgUDji8LvqmtgnH
H//W7N9CpzX30FnBxLjVwoGpnGOW6v0rFpTW+/2WcWkD36JHGAr1+c7khs80YqMEIiv0
WTGE4WaEn9UB6dvOVAV7QGhasz2WVI15tU2GPOkTzrcQky2r1FtiH3zgQIqvj8/0MhkU
P44qRlIZ+MIOCW6zP7vC1OGhA4YRFvnGZgH3kllPAdZf8J7UZrgUZozl4Wu6Pee3Tn2e
aMGw==
X-Gm-Message-State: ALoCoQmVq0PCj6FDoUaD+lwTN9k3LLtbBsUBjNSYGI1bTFa6V8RjQ54+QKPm1CgHlPcvhp8ZvbLQ
X-Received: by 10.50.62.40 with SMTP id v8mr8641855igr.21.1401583131431;
Sat, 31 May 2014 17:38:51 -0700 (PDT)
Received: from [172.31.35.2] (75-128-101-59.dhcp.sgnw.mi.charter.com.
[75.128.101.59])
by mx.google.com with ESMTPSA id g2sm17045729igc.12.2014.05.31.17.38.50
for <multiple recipients>
(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
Sat, 31 May 2014 17:38:50 -0700 (PDT)
References: <538A7059.7070500@sky-ip.org> <538A74D9.6050401@erdgeist.org>
Mime-Version: 1.0 (1.0)
In-Reply-To: <538A74D9.6050401@erdgeist.org>
Content-Type: multipart/signed; micalg=sha1;
boundary=Apple-Mail-AC5E9367-B0D2-4AE8-BE3E-7D34FEFF7929;
protocol="application/pkcs7-signature"
Content-Transfer-Encoding: 7bit
Message-Id: <C29A48C2-93FF-4F23-BAE6-CFAA82F71CFA@dataix.net>
X-Mailer: iPhone Mail (11B554a)
From: Jason Hellenthal <jhellenthal@dataix.net>
Subject: Re: cannot access internet from jail, help needed please
Date: Sat, 31 May 2014 20:38:47 -0400
To: Dirk Engling <erdgeist@erdgeist.org>
X-Content-Filtered-By: Mailman/MimeDel 2.1.18
Cc: "freebsd-jail@freebsd.org" <freebsd-jail@freebsd.org>
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Jun 2014 00:38:52 -0000
--Apple-Mail-AC5E9367-B0D2-4AE8-BE3E-7D34FEFF7929
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Also note . . . does the jail have a default route installed for the public=
network . . .=20
--=20
Jason Hellenthal
Voice: 95.30.17.6/616
JJH48-ARIN
> On May 31, 2014, at 20:33, Dirk Engling <erdgeist@erdgeist.org> wrote:
>=20
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>=20
>> On 01.06.14 02:14, s7r wrote:
>>=20
>> 2. My server has 3 public IPv4 addresses. Add one of them as an
>> alias (for the jail): # ifconfig em0 alias <ip> netmask
>> 255.255.255.255
>=20
> Also did you check that the jail's addresses are inside the net
> configured netblock and you do not have routing table entries that
> might divert or block traffic, i.e. is there a firewalls, if so what
> are its rules?
>=20
> erdgeist
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (Darwin)
>=20
> iEYEARECAAYFAlOKdNkACgkQuN1wFypsMNN1nwCeNoEbJkskow8Vw+Y/BfWCcyQt
> kgYAn0syfyunUNyiCzE8a+0jqSTrL+cr
> =3DfJZ6
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-jail@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"
--Apple-Mail-AC5E9367-B0D2-4AE8-BE3E-7D34FEFF7929
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Disposition: attachment;
filename=smime.p7s
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIUOTCCBjAw
ggUYoAMCAQICAwaijjANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0
YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcx
ODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENB
MB4XDTEzMDUxODA4NTA0OFoXDTE0MDUxOTIyMDk0N1owSDEfMB0GA1UEAwwWamhlbGxlbnRoYWxA
ZGF0YWl4Lm5ldDElMCMGCSqGSIb3DQEJARYWamhlbGxlbnRoYWxAZGF0YWl4Lm5ldDCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBALgnYFS1bWZr3KhKBzWAdRwrY+En+RRV8nCaYubqrMG+
YJbuenaIKSbIuFiDWipW4RHYTpE28pKaSnaVTG9WtAZvsWj0gYN9g2fYCnCOUceES2Yvi3RavxpB
hsuzKIfsHb8iNNSEuczLu6gn4mQyaHwE4x6xSUKmbK8njR+YoF522F60wjsnq5dlOJdTrhDfObE5
5P23279WbRp8azgZX1VRB66wdKRDuSI1vBts4Nsha2paXd6HUUduHrPACBQREJTGXN8XtEKVwo63
aKUhRgtUwHNEuSWck/xwVl7PBUWH2dORAWTCqHjNuCKNOQ1/0LMiyMj7FdsBjN4dgL4YZpsCAwEA
AaOCAtwwggLYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggr
BgEFBQcDBDAdBgNVHQ4EFgQU29qUrmZtgQ7ZVoDKogfpJOSfk+YwHwYDVR0jBBgwFoAUU3Ltkpzg
2ssBXHx+ljVO8tS4UYIwIQYDVR0RBBowGIEWamhlbGxlbnRoYWxAZGF0YWl4Lm5ldDCCAUwGA1Ud
IASCAUMwggE/MIIBOwYLKwYBBAGBtTcBAgMwggEqMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3LnN0
YXJ0c3NsLmNvbS9wb2xpY3kucGRmMIH3BggrBgEFBQcCAjCB6jAnFiBTdGFydENvbSBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTADAgEBGoG+VGhpcyBjZXJ0aWZpY2F0ZSB3YXMgaXNzdWVkIGFjY29y
ZGluZyB0byB0aGUgQ2xhc3MgMSBWYWxpZGF0aW9uIHJlcXVpcmVtZW50cyBvZiB0aGUgU3RhcnRD
b20gQ0EgcG9saWN5LCByZWxpYW5jZSBvbmx5IGZvciB0aGUgaW50ZW5kZWQgcHVycG9zZSBpbiBj
b21wbGlhbmNlIG9mIHRoZSByZWx5aW5nIHBhcnR5IG9ibGlnYXRpb25zLjA2BgNVHR8ELzAtMCug
KaAnhiVodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9jcnR1MS1jcmwuY3JsMIGOBggrBgEFBQcBAQSB
gTB/MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcC5zdGFydHNzbC5jb20vc3ViL2NsYXNzMS9jbGll
bnQvY2EwQgYIKwYBBQUHMAKGNmh0dHA6Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL3N1Yi5jbGFz
czEuY2xpZW50LmNhLmNydDAjBgNVHRIEHDAahhhodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS8wDQYJ
KoZIhvcNAQELBQADggEBAHsw8/Hw07gsNTKYnld74NBFtHnQOPkXYuccWx3j0PGQe9nqNxeingBf
2yvx+xBQzBoi4J1u84Jbrbe8Ii3+LLD/QMW9cN0SBIgRStPQLVee4STdjeabGmpXQa7omC02wYYO
83qh6CgJEIbmrsBSZH8ZSVrjkC4UmZS8wAQMS3qTWAPF0ZQGWx2+Gks2fXuacyt2LpNR+p9ogjAZ
1/rmUKjNhQZLswytaLRUdwAwSfQ3+TNs68h6Kv1LC3bNGBT3NEtr2q/nzzb5MzuFcDE6f9exroAC
4BHmokAprhna/vZdb6BrPjpXgRAlWAh3wEMxw75M9S/Nbzj/jNp+I+lvUJYwggY0MIIEHKADAgEC
AgEeMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQu
MSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkwJwYDVQQDEyBT
dGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzEwMjQyMTAxNTVaFw0xNzEwMjQy
MTAxNTVaMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh
c3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDHCYPMzi3YGrEppC4Tq5a+ijKDjKaIQZZVR63UbxIP6uq/I0fhCu+cQhoUfE6E
RKKnu8zPf1Jwuk0tsvVCk6U9b+0UjM0dLep3ZdE1gblK/1FwYT5Pipsu2yOMluLqwvsuz9/9f1+1
PKHG/FaR/wpbfuIqu54qzHDYeqiUfsYzoVflR80DAC7hmJ+SmZnNTWyUGHJbBpA8Q89lGxahNvur
yGaC/o2/ceD2uYDX9U8Eg5DpIpGQdcbQeGarV04WgAUjjXX5r/2dabmtxWMZwhZna//jdiSyrrSM
TGKkDiXm6/3/4ebfeZuCYKzN2P8O2F/Xe2AC/Y7zeEsnR7FOp+uXAgMBAAGjggGtMIIBqTAPBgNV
HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUU3Ltkpzg2ssBXHx+ljVO8tS4
UYIwHwYDVR0jBBgwFoAUTgvvGqRAW6UXaYcwyjRoQ9BBrvIwZgYIKwYBBQUHAQEEWjBYMCcGCCsG
AQUFBzABhhtodHRwOi8vb2NzcC5zdGFydHNzbC5jb20vY2EwLQYIKwYBBQUHMAKGIWh0dHA6Ly93
d3cuc3RhcnRzc2wuY29tL3Nmc2NhLmNydDBbBgNVHR8EVDBSMCegJaAjhiFodHRwOi8vd3d3LnN0
YXJ0c3NsLmNvbS9zZnNjYS5jcmwwJ6AloCOGIWh0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL3Nmc2Nh
LmNybDCBgAYDVR0gBHkwdzB1BgsrBgEEAYG1NwECATBmMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3
LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMDQGCCsGAQUFBwIBFihodHRwOi8vd3d3LnN0YXJ0c3Ns
LmNvbS9pbnRlcm1lZGlhdGUucGRmMA0GCSqGSIb3DQEBBQUAA4ICAQAKgwh9eKssBly4Y4xerhy5
I3dNoXHYfYa8PlVLL/qtXnkFgdtY1o95CfegFJTwqBBmf8pyTUnFsukDFUI22zF5bVHzuJ+GxhnS
qN2sD1qetbYwBYK2iyYA5Pg7Er1A+hKMIzEzcduRkIMmCeUTyMyikfbUFvIBivtvkR8ZFAk22BZy
+pJfAoedO61HTz4qSfQoCRcLN5A0t4DkuVhTMXIzuQ8CnykhExD6x4e6ebIbrjZLb7L+ocR0y4Yj
Cl/Pd4MXU91y0vTipgr/O75CDUHDRHCCKBVmz/Rzkc/b970MEeHt5LC3NiWTgBSvrLEuVzBKM586
YoRD9Dy3OHQgWI270g+5MYA8GfgI/EPT5G7xPbCDz+zjdH89PeR3U4So4lSXur6H6vp+m9TQXPF3
a0LwZrp8MQ+Z77U1uL7TelWO5lApsbAonrqASfTpaprFVkL4nyGH+NHST2ZJPWIBk81i6Vw0ny0q
ZW2Niy/QvVNKbb43A43ny076khXO7cNbBIRdJ/6qQNq9Bqb5C0Q5nEsFcj75oxQRqlKf6TcvGbjx
kJh8BYtv9ePsXklAxtm8J7GCUBthHSQgepbkOexhJ0wP8imUkyiPHQ0GvEnd83129fZjoEhdGwXV
27ioRKbj/cIq7JRXun0NbeY+UdMYu9jGfIpDLtUUGSgsg2zMGs5R4jCCB8kwggWxoAMCAQICAQEw
DQYJKoZIhvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzAp
BgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0
Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MDkxNzE5NDYzNloXDTM2MDkxNzE5NDYz
NlowfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3Vy
ZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwYjbCbxsRnx4
n5V7tTOQ8nJi1sE2ICIkXs7pd/JDCqIGZKTMjjb4OOYj8G5tsTzdcqOFHKHTPbQzK9Mvr/7qsEFZ
Z7bEBn0KnnSF1nlMgDd63zkFUln39BtGQ6TShYXSw3HzdWI0uiyKfx6P7u000BHHls1SPboz1t1N
3gs7SkufwiYv+rUWHHI1d8o8XebK4SaLGjZ2XAHbdBQl/u21oIgP3XjKLR8HlzABLXJ5+kbWEyqo
uaarg0kd5fLv3eQBjhgKj2NTFoViqQ4ZOsy1ZqbCa3QH5Cvhdj60bdj2ROFzYh87xL6gU1YlbFEJ
96qryr92/W2b853bvz1mvAxWqq+YSJU6S9+nWFDZOHWpW+pDDAL/mevobE1wWyllnN2qXcyvATHs
DOvSjejqnHvmbvcnZgwaSNduQuM/3iE+e+ENcPtjqqhsGlS0XCV6yaLJixamuyx+F14FTVhuEh0B
7hIQDcYyfxj//PT6zW6R6DZJvhpIaYvClk0aErJpF8EKkNb6eSJIv7p7afhwx/p6N9jYDdJ2T1f/
kLfjkdLd78Jgt2c63f6qnPDUi39yIs7Gn5e2+K+KoBCo2fsYxra1XFI8ibYZKnMBCg8DsxJg8nov
gdujbv8mMJf1i92JV7atPbOvK8W3dgLwpdYrmoYUKnL24zOMXQlLE9+7jHQTUksCAwEAAaOCAlIw
ggJOMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgGuMB0GA1UdDgQWBBROC+8apEBbpRdphzDKNGhD
0EGu8jBkBgNVHR8EXTBbMCygKqAohiZodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvc2ZzY2EtY3Js
LmNybDAroCmgJ4YlaHR0cDovL2NybC5zdGFydGNvbS5vcmcvc2ZzY2EtY3JsLmNybDCCAV0GA1Ud
IASCAVQwggFQMIIBTAYLKwYBBAGBtTcBAQEwggE7MC8GCCsGAQUFBwIBFiNodHRwOi8vY2VydC5z
dGFydGNvbS5vcmcvcG9saWN5LnBkZjA1BggrBgEFBQcCARYpaHR0cDovL2NlcnQuc3RhcnRjb20u
b3JnL2ludGVybWVkaWF0ZS5wZGYwgdAGCCsGAQUFBwICMIHDMCcWIFN0YXJ0IENvbW1lcmNpYWwg
KFN0YXJ0Q29tKSBMdGQuMAMCAQEagZdMaW1pdGVkIExpYWJpbGl0eSwgcmVhZCB0aGUgc2VjdGlv
biAqTGVnYWwgTGltaXRhdGlvbnMqIG9mIHRoZSBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eSBQb2xpY3kgYXZhaWxhYmxlIGF0IGh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9wb2xpY3ku
cGRmMBEGCWCGSAGG+EIBAQQEAwIABzA4BglghkgBhvhCAQ0EKxYpU3RhcnRDb20gRnJlZSBTU0wg
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwDQYJKoZIhvcNAQEFBQADggIBABZsmfRmDDT10IVefQrs
2hBOOBxe36YlBUuRMsHoO/E93UQJWwdJiinLZgK3sZr3JZgJPI4b4d02hytLu2jTOWY9oCbH8jmR
HVGrgnt+1c5a5OIDV3Bplwj5XlimCt+MBppFFhY4Cl5X9mLHegIF5rwetfKe9Kkpg/iyFONuKIdE
w5Aa3jipPKxDTWRFzt0oqVzyc3sE+Bfoq7HzLlxkbnMxOhK4vLMR5H2PgVGaO42J9E2TZns8A+3T
mh2a82VQ9aDQdZ8vr/DqgkOY+GmciXnEQ45GcuNkNhKv9yUeOImQd37Da2q5w8tES6x4kIvnxywe
SxFEyDRSJ80KXZ+FwYnVGnjylRBTMt2AhGZ12bVoKPthLr6EqDjAmRKGpR5nZK0GLi+pcIXHlg98
iWX1jkNUDqvdpYA5lGDANMmWcCyjEvUfSHu9HH5rt52Q9CI7rvj8Ksr6glKg769LVZPrwbXwIous
NE4mIgShhyx1SrflfRPXuAxkwDbSyS+GEowjCcEbgjtzSaNqV4eU5dZ4xZlDY+NN4Hct4WWZcmkE
GkcJ5g8BViT7H78OealYLrnECQF+lbptAAY+supKEDnY0Cv1v+x1v5cCxQkbCNxVN+KB+zeEQ2Ig
yudWS2Xq/mzBJJMkoTTrBf+aIq6bfT/xZVEKpjBqs/SIHIAN/HKK6INeMYIDbzCCA2sCAQEwgZQw
gYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUg
RGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFBy
aW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQIDBqKOMAkGBSsOAwIaBQCgggGvMBgGCSqGSIb3
DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE0MDYwMTAwMzg0OVowIwYJKoZIhvcN
AQkEMRYEFD/6yJuwmxi7r8FO/B1SDaCCpJFfMIGlBgkrBgEEAYI3EAQxgZcwgZQwgYwxCzAJBgNV
BAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBD
ZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50
ZXJtZWRpYXRlIENsaWVudCBDQQIDBqKOMIGnBgsqhkiG9w0BCRACCzGBl6CBlDCBjDELMAkGA1UE
BhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENl
cnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRl
cm1lZGlhdGUgQ2xpZW50IENBAgMGoo4wDQYJKoZIhvcNAQEBBQAEggEAOKorI09pAtRhUkrcWggf
7nSW8GXY1ODPxVgVnmT5xGEvOXp94bvf0njjN/derMoEz5YMCCA3C5Zra4Sh0IaLPbclnu/ONC5y
EcTO6nIRVrnIMoS+ZZw1SJ5fc3gFB4Wv3ajD7wTUvypk9mQyf7zRepIqqMb/ZYGR8iulVvc2jnqd
UFN02piFvF+3tOMrUB3L+gPls0BbzZeqkfK9syBKMvhkqMqIC3mObyaSRYHRM0LFHzWrkS0Sa6ic
qOCx68jb4MLEIUSY5tVdDigWPVW4SbhqHWwHfuVAbWIOhm7K6qQcMo2WzvkcxBsM0wcZFRuKhBvy
MsSGWM1TGKMAt1eJlQAAAAAAAA==
--Apple-Mail-AC5E9367-B0D2-4AE8-BE3E-7D34FEFF7929--
From owner-freebsd-jail@FreeBSD.ORG Sun Jun 1 02:54:03 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id B2ED1234
for <freebsd-jail@freebsd.org>; Sun, 1 Jun 2014 02:54:03 +0000 (UTC)
Received: from alogt.com (alogt.com [69.36.191.58])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 8C4FB253F
for <freebsd-jail@freebsd.org>; Sun, 1 Jun 2014 02:54:03 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=alogt.com;
s=default;
h=Content-Transfer-Encoding:Content-Type:MIME-Version:References:In-Reply-To:Message-ID:Subject:Cc:To:From:Date;
bh=C4e88tmFoc9G2Ld2oNnvARjHgtD120VQnvRHo+cUT5U=;
b=ChueL0K02ykcAvEFD9RJ/GjRxxvs1BuGlQJuukGeKOIcbqM5ZEtoYDHMQIMhK2Is+VcD5lU4buR93PrIDxvVidwt9IKyktabgxVYWhpxsr+Ode2ap8XDIGFivlPmLvg6muu5k0jdM5G8EV2DEFKaxLnGqgI559xxZKmV1pTuoes=;
Received: from [182.1.231.163] (port=25478 helo=X220.alogt.com)
by sl-508-2.slc.westdc.net with esmtpsa (SSLv3:DHE-RSA-AES128-SHA:128)
(Exim 4.82) (envelope-from <erichsfreebsdlist@alogt.com>)
id 1WqvuK-001YAm-Ox; Sat, 31 May 2014 20:54:01 -0600
Date: Sun, 1 Jun 2014 10:53:55 +0800
From: Erich Dollansky <erichsfreebsdlist@alogt.com>
To: s7r@sky-ip.org
Subject: Re: cannot access internet from jail, help needed please
Message-ID: <20140601105355.46b87722@X220.alogt.com>
In-Reply-To: <538A7059.7070500@sky-ip.org>
References: <538A7059.7070500@sky-ip.org>
X-Mailer: Claws Mail 3.9.3 (GTK+ 2.24.22; amd64-portbld-freebsd10.0)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse,
please include it with any abuse report
X-AntiAbuse: Primary Hostname - sl-508-2.slc.westdc.net
X-AntiAbuse: Original Domain - freebsd.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - alogt.com
X-Get-Message-Sender-Via: sl-508-2.slc.westdc.net: authenticated_id:
erichsfreebsdlist@alogt.com
X-Source:
X-Source-Args:
X-Source-Dir:
Cc: freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Jun 2014 02:54:03 -0000
Hi,
On Sun, 01 Jun 2014 03:14:17 +0300
s7r <s7r@sky-ip.org> wrote:
>
> 2. My server has 3 public IPv4 addresses. Add one of them as an alias
> (for the jail):
> # ifconfig em0 alias <ip> netmask 255.255.255.255
> # echo 'ifconfig_em0_alias0="inet <ip> netmask 255.255.255.255"' >>
> /etc/rc.conf
>
I always prepare the following files before I create a jail:
group
inetd.conf
master.passwd
rc.conf
resolv.conf
Do you have all of them inside the jail with the proper details of the
jail?
Erich
From owner-freebsd-jail@FreeBSD.ORG Wed Jun 11 00:12:25 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 5C69BC7C
for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 00:12:25 +0000 (UTC)
Received: from outbound.mailhostbox.com (outbound.mailhostbox.com
[162.222.225.22])
by mx1.freebsd.org (Postfix) with ESMTP id 261C222DD
for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 00:12:24 +0000 (UTC)
Received: from [192.168.1.2] (unknown [109.99.157.72])
(using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
(No client certificate requested)
(Authenticated sender: s7r@sky-ip.org)
by outbound.mailhostbox.com (Postfix) with ESMTPSA id E40EA6397C4
for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 00:07:02 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sky-ip.org;
s=20110108; t=1402445223;
bh=VMDhVEaHByLsdUG7010UroUbIL/JV3Su2Xs9oujj18w=;
h=Message-ID:Date:From:Reply-To:MIME-Version:To:Subject:
Content-Type:Content-Transfer-Encoding;
b=de8j7gTAVcSifmzINgSA2cVAalPrRcT+kbafxiDui0JSX8t1vNBvKFVS/LP5V95fT
TZ/wT7C2n80sOBm+fy8RdJyp9PoXILcM9AuLmpJUBuj4eoHg3XdywID8UrRFawXHcY
7ZBhKqOICyaem/ONiH6CC4rrcUBZySxQecrW25Jc=
Message-ID: <53979DA8.60002@sky-ip.org>
Date: Wed, 11 Jun 2014 03:07:04 +0300
From: "s7r@sky-ip.org" <s7r@sky-ip.org>
Reply-To: s7r@sky-ip.org
User-Agent: Mozilla/5.0 (Windows NT 5.1;
rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: freebsd-jail@freebsd.org
Subject: Assign Lookback address 127.0.0.1 to jail
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-CTCH-RefID: str=0001.0A020201.53979DA6.0012, ss=1, re=0.000, recu=0.000,
reip=0.000, cl=1, cld=1, fgs=0
X-CTCH-VOD: Unknown
X-CTCH-Spam: Unknown
X-CTCH-Score: 0.000
X-CTCH-Rules:
X-CTCH-Flags: 0
X-CTCH-ScoreCust: 0.000
X-CTCH-SenderID: s7r@sky-ip.org
X-CTCH-SenderID-TotalMessages: 1
X-CTCH-SenderID-TotalSpam: 0
X-CTCH-SenderID-TotalSuspected: 0
X-CTCH-SenderID-TotalBulk: 0
X-CTCH-SenderID-TotalConfirmed: 0
X-CTCH-SenderID-TotalRecipients: 0
X-CTCH-SenderID-TotalVirus: 0
X-CTCH-SenderID-BlueWhiteFlag: 0
X-Scanned-By: MIMEDefang 2.72 on 172.18.214.134
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jun 2014 00:12:25 -0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
Operating system is FreeBSD 10.0 64 Bit
I have installed ezjail from ports and properly configured a jail with
its own static and dedicated IP address. Everything works good, it's
just that I have an application which requires to talk to another one
via RPC on IP 127.0.0.1, and I have noticed the jail does not have a
lo0 interface or localhost 127.0.0.1 IP address.
This is bad because the application has no choice but to bind to the
public IP address assigned to the jail, and it's not safe.
How can I add a lo0 interface with IP 127.0.0.1 to a jail?
Thanks in advance.
- --
s7r
PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11
PGP Pubkey: http://www.sky-ip.org/s7r@sky-ip.org.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJTl52nAAoJEIN/pSyBJlsRAgUH/iAk37ZUDob/HOfkcRHsKlwI
hMrbPN6c6Beyx9unwKnyjtO+uP2R4PXK9acDM2vSRWlRrXWcanyQRpuf2gFlsaw4
H+MXNnHd/h5DX4ImfgNpajhpPEWB+inGJgWtP0rK4cmNAGk2YxdI1kkjgK4sCTxb
RYhD2dlbO9hSqLAV52CFEDAX1qOpl2/+sQR7mODfwCuaa/G9M4/tTwwOqK5/EAYA
ebjB2iZC0ll6Z51ARFKt9nbKuZOcD5ut1+yU4LcRHst+R/DSG/V5OzAnhsvDy7ma
zd34fEje83ZRA1v4HZRGixM/r5Hk/4mQQFHg6wQPjZPGo+JKGxP3sWOv3lJj6pI=
=ic9O
-----END PGP SIGNATURE-----
From owner-freebsd-jail@FreeBSD.ORG Wed Jun 11 00:20:48 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id A32CADCC
for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 00:20:48 +0000 (UTC)
Received: from mx1.scaleengine.net (beauharnois2.bhs1.scaleengine.net
[142.4.218.15]) by mx1.freebsd.org (Postfix) with ESMTP id 7D587232C
for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 00:20:47 +0000 (UTC)
Received: from [10.1.1.2] (S01060001abad1dea.hm.shawcable.net [50.70.146.73])
(Authenticated sender: allanjude.freebsd@scaleengine.com)
by mx1.scaleengine.net (Postfix) with ESMTPSA id DA4A785AC7
for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 00:20:39 +0000 (UTC)
Message-ID: <5397A0D9.403@freebsd.org>
Date: Tue, 10 Jun 2014 20:20:41 -0400
From: Allan Jude <allanjude@freebsd.org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: freebsd-jail@freebsd.org
Subject: Re: Assign Lookback address 127.0.0.1 to jail
References: <53979DA8.60002@sky-ip.org>
In-Reply-To: <53979DA8.60002@sky-ip.org>
X-Enigmail-Version: 1.6
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="BVhMS0lKlQaVC6l70AshcOpJpA23aPXNM"
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jun 2014 00:20:48 -0000
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--BVhMS0lKlQaVC6l70AshcOpJpA23aPXNM
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
On 2014-06-10 20:07, s7r@sky-ip.org wrote:
> Hi,
>=20
> Operating system is FreeBSD 10.0 64 Bit
>=20
> I have installed ezjail from ports and properly configured a jail with
> its own static and dedicated IP address. Everything works good, it's
> just that I have an application which requires to talk to another one
> via RPC on IP 127.0.0.1, and I have noticed the jail does not have a
> lo0 interface or localhost 127.0.0.1 IP address.
>=20
> This is bad because the application has no choice but to bind to the
> public IP address assigned to the jail, and it's not safe.
>=20
> How can I add a lo0 interface with IP 127.0.0.1 to a jail?
>=20
> Thanks in advance.
> _______________________________________________
> freebsd-jail@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"=
>=20
Does it have to be 127.0.0.1? You can add an alias like 127.0.0.2 to the
lo0 interface and use that.
Inside the jail, 127.0.0.1 is mapped to the IP of the jail.
Using ezjail, you can also allocate more than 1 IP address to a jail by
comma separating them
You can also make it automatically alias the IPs for you with the syntax:=
em0|192.168.0.10,lo0|127.0.0.2
etc
--=20
Allan Jude
--BVhMS0lKlQaVC6l70AshcOpJpA23aPXNM
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJTl6DbAAoJEJrBFpNRJZKfDGoP/3s7PBq7QHA1o/4hn2Mx/vZq
sbqRlXIeQVCkTgpw8tt5WayfdmgX+8UNU+KUiUt7qG9X21cFvvjUFm0EJmtvkBxG
ipsZKac8wwoXWBIS6lMB9cLfGxkrek2Nr3GJ0/w4g83E538ZQXn05n7upYWXdKeN
2lgC1RHrK4W2SEvqa958UFDerl7plU8YxTgvzSa5xvz1dGKS484XY+nkZOIAldjX
SkAYUgsYWSP6JabrlM99BGKDdybKsFNfor7QN3zNsYxNn6rywIPJPgDctCmCEn4s
bJPVX/evri66n3KJoM6vx73W6VaFe5JvJmnf90Pvkw5UQjL74dXplHpcOtbqforC
KhLB5g7qN0zENc168qpN37MQCmq3aYjuLZqjvjTOXRLc1Gc18GaR9DKKAab6D5Oh
62msKCPGQ8coBrO+mRi2gsCk5y7+VTG+uztvwG4z9nQMFXgykKXv9/98RX3Ta/hm
ULM+ClOpn/evl0xJBJbQxiTR04Fn6evvnliwTgLSLsDqmdh+YtDSPN5J9LYYf0YL
TLz+8+IluJrB4BJHcD1gDfgG0EQ5M8GaiZjfoux/+GCk8tot+7xOEt1rQsA9O4HW
V3VB5oi2UjJcu+bPSDBLa5X6TFxHg5eHf9DUeJ6iqBO6nnY1QDH4Wb+Mk/RHZVTi
R8md13GMFcxfJDqBtAb8
=um75
-----END PGP SIGNATURE-----
--BVhMS0lKlQaVC6l70AshcOpJpA23aPXNM--
From owner-freebsd-jail@FreeBSD.ORG Wed Jun 11 00:23:08 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 8123BE16
for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 00:23:08 +0000 (UTC)
Received: from outbound.mailhostbox.com (outbound.mailhostbox.com
[162.222.225.22])
by mx1.freebsd.org (Postfix) with ESMTP id 48E8F23B1
for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 00:23:08 +0000 (UTC)
Received: from [192.168.1.2] (unknown [109.99.157.72])
(using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
(No client certificate requested)
(Authenticated sender: s7r@sky-ip.org)
by outbound.mailhostbox.com (Postfix) with ESMTPSA id 7E7F3638FC5
for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 00:23:08 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sky-ip.org;
s=20110108; t=1402446189;
bh=hTsRc1MwPJDI7tDw+VcjaPVoS2jzkFs3IeDKvJZjTmE=;
h=Message-ID:Date:From:Reply-To:MIME-Version:To:Subject:References:
In-Reply-To:Content-Type:Content-Transfer-Encoding;
b=YSX/rzsxf4YU+kvmiDR7vPFqmXXpkQ98848DQZSwmgihH/cbPsFGgPTw5iNblKby1
itOCsZO+giJozpi/Zqrb40eiu2ycox4j6i0bGRbpnulJ1AkKkgdcjxRnSAZ1mz3G5U
ScfBPPDSdoAdLpetKZcYitRhSP+BZFYEvmR2Wow0=
Message-ID: <5397A16E.8080504@sky-ip.org>
Date: Wed, 11 Jun 2014 03:23:10 +0300
From: "s7r@sky-ip.org" <s7r@sky-ip.org>
Reply-To: s7r@sky-ip.org
User-Agent: Mozilla/5.0 (Windows NT 5.1;
rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: freebsd-jail@freebsd.org
Subject: Re: Assign Lookback address 127.0.0.1 to jail
References: <53979DA8.60002@sky-ip.org> <5397A0D9.403@freebsd.org>
In-Reply-To: <5397A0D9.403@freebsd.org>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-CTCH-RefID: str=0001.0A020203.5397A16B.009B, ss=1, re=0.000, recu=0.000,
reip=0.000, cl=1, cld=1, fgs=0
X-CTCH-VOD: Unknown
X-CTCH-Spam: Unknown
X-CTCH-Score: 0.000
X-CTCH-Rules:
X-CTCH-Flags: 0
X-CTCH-ScoreCust: 0.000
X-CTCH-SenderID: s7r@sky-ip.org
X-CTCH-SenderID-TotalMessages: 1
X-CTCH-SenderID-TotalSpam: 0
X-CTCH-SenderID-TotalSuspected: 0
X-CTCH-SenderID-TotalBulk: 0
X-CTCH-SenderID-TotalConfirmed: 0
X-CTCH-SenderID-TotalRecipients: 0
X-CTCH-SenderID-TotalVirus: 0
X-CTCH-SenderID-BlueWhiteFlag: 0
X-Scanned-By: MIMEDefang 2.72 on 172.18.214.134
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jun 2014 00:23:08 -0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 6/11/2014 3:20 AM, Allan Jude wrote:
> On 2014-06-10 20:07, s7r@sky-ip.org wrote:
>> Hi,
>>
>> Operating system is FreeBSD 10.0 64 Bit
>>
>> I have installed ezjail from ports and properly configured a jail
>> with its own static and dedicated IP address. Everything works
>> good, it's just that I have an application which requires to talk
>> to another one via RPC on IP 127.0.0.1, and I have noticed the
>> jail does not have a lo0 interface or localhost 127.0.0.1 IP
>> address.
>>
>> This is bad because the application has no choice but to bind to
>> the public IP address assigned to the jail, and it's not safe.
>>
>> How can I add a lo0 interface with IP 127.0.0.1 to a jail?
>>
>> Thanks in advance.
>> _______________________________________________
>> freebsd-jail@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail To
>> unsubscribe, send any mail to
>> "freebsd-jail-unsubscribe@freebsd.org"
>>
>
> Does it have to be 127.0.0.1? You can add an alias like 127.0.0.2
> to the lo0 interface and use that.
>
> Inside the jail, 127.0.0.1 is mapped to the IP of the jail.
>
> Using ezjail, you can also allocate more than 1 IP address to a
> jail by comma separating them
>
> You can also make it automatically alias the IPs for you with the
> syntax:
>
> em0|192.168.0.10,lo0|127.0.0.2 etc
>
>
Thank you Allan for your fast reply.
I have the jail already created via:
# ezjail-admin create <jailname> <em0|public IP>
How do I modify the already existing jail to have 127.0.0.2, for
example, or can't I just have 127.0.0.1 in the jail?
- --
s7r
PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11
PGP Pubkey: http://www.sky-ip.org/s7r@sky-ip.org.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJTl6FtAAoJEIN/pSyBJlsRV9MIAJtCIdKxWlHmtRPfiv7lUzoV
U8NrQ0S7qPjlhQyvHha3gqid1MIm7gUHAHMcdpV++QSlk8P6PuOHNVTfthVq2hhV
l9vIyFS7/e60a0QLOdtay9z9u4tyb2VFGa7uNewj8RSzmi9Yj0QeLvYZRMhk7SbG
DEeb4k8+7etKvjHyv4OwF1dqrnOIgNMxsmhF3wxKLieahNFJWIJBzgRXIYZJTuwj
5LbwV9CYakVWlYdNNHh5gc9MkSvdC93MeUFXRjtsdFiHnda+kmDTwGhtXoI+NIZJ
zpfQLAQZv8j7awkQnxpgiTNGfJ3NyZaMRGZZsLp007uiA1JahDggXIt6l0g1fqI=
=LY3I
-----END PGP SIGNATURE-----
From owner-freebsd-jail@FreeBSD.ORG Wed Jun 11 00:28:48 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id A187BE82
for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 00:28:48 +0000 (UTC)
Received: from mx1.scaleengine.net (beauharnois2.bhs1.scaleengine.net
[142.4.218.15]) by mx1.freebsd.org (Postfix) with ESMTP id 625AA23DB
for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 00:28:47 +0000 (UTC)
Received: from [10.1.1.2] (S01060001abad1dea.hm.shawcable.net [50.70.146.73])
(Authenticated sender: allanjude.freebsd@scaleengine.com)
by mx1.scaleengine.net (Postfix) with ESMTPSA id 145BC85AF5
for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 00:28:47 +0000 (UTC)
Message-ID: <5397A2C3.1090109@freebsd.org>
Date: Tue, 10 Jun 2014 20:28:51 -0400
From: Allan Jude <allanjude@freebsd.org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: freebsd-jail@freebsd.org
Subject: Re: Assign Lookback address 127.0.0.1 to jail
References: <53979DA8.60002@sky-ip.org> <5397A0D9.403@freebsd.org>
<5397A16E.8080504@sky-ip.org>
In-Reply-To: <5397A16E.8080504@sky-ip.org>
X-Enigmail-Version: 1.6
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="0NibSQHfFMdJob5WP0EHfXpwP7mXahol4"
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jun 2014 00:28:48 -0000
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--0NibSQHfFMdJob5WP0EHfXpwP7mXahol4
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
On 2014-06-10 20:23, s7r@sky-ip.org wrote:
> On 6/11/2014 3:20 AM, Allan Jude wrote:
>> On 2014-06-10 20:07, s7r@sky-ip.org wrote:
>>> Hi,
>>>
>>> Operating system is FreeBSD 10.0 64 Bit
>>>
>>> I have installed ezjail from ports and properly configured a jail
>>> with its own static and dedicated IP address. Everything works
>>> good, it's just that I have an application which requires to talk
>>> to another one via RPC on IP 127.0.0.1, and I have noticed the
>>> jail does not have a lo0 interface or localhost 127.0.0.1 IP
>>> address.
>>>
>>> This is bad because the application has no choice but to bind to
>>> the public IP address assigned to the jail, and it's not safe.
>>>
>>> How can I add a lo0 interface with IP 127.0.0.1 to a jail?
>>>
>>> Thanks in advance.=20
>>> _______________________________________________=20
>>> freebsd-jail@freebsd.org mailing list=20
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail To
>>> unsubscribe, send any mail to
>>> "freebsd-jail-unsubscribe@freebsd.org"
>>>
>=20
>> Does it have to be 127.0.0.1? You can add an alias like 127.0.0.2
>> to the lo0 interface and use that.
>=20
>> Inside the jail, 127.0.0.1 is mapped to the IP of the jail.
>=20
>> Using ezjail, you can also allocate more than 1 IP address to a
>> jail by comma separating them
>=20
>> You can also make it automatically alias the IPs for you with the
>> syntax:
>=20
>> em0|192.168.0.10,lo0|127.0.0.2 etc
>=20
>=20
>=20
> Thank you Allan for your fast reply.
>=20
> I have the jail already created via:
> # ezjail-admin create <jailname> <em0|public IP>
>=20
> How do I modify the already existing jail to have 127.0.0.2, for
> example, or can't I just have 127.0.0.1 in the jail?
>=20
> _______________________________________________
> freebsd-jail@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"=
>=20
Stop the jail, and then edit /usr/local/etc/ezjail/jail_name
and change the line that defines the IPs
--=20
Allan Jude
--0NibSQHfFMdJob5WP0EHfXpwP7mXahol4
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJTl6LDAAoJEJrBFpNRJZKfJRIP/2NCXclD5N0aLE+Ek0usQoj5
Zfc7yxP+Flzd9IyQqto51WcBfuowU5QcRgRnq7sXRZC4lNdFJtOKzgJbJ+JxwjSO
pebt784HANCgR9hEekWJk81VSiaRIT9Zt5OZbzyfP7I6GrWReBt2V/KcC2jy9N+S
EE8G69rCnwgz19E12Up95DLcMSXrJcxG097n5Vs2EwvmrdwuAJpGLQkXktosA+0O
oioQbrHpiMw4fG1FfbgyXfNraKad8Ru3hRRPxDDFfhE6u9dMUjRba257vH2/utHu
jfJKS4Bn37qaQJq189sX08mzPD4j8lTL51rI0Ss38ht9/X/SX5pRInZkmJREKbwB
zVbexZIQnSqxM38g/LJdOdD6UsEFJA+U3WF10Y/43s5MKGLnjPR8dmDKKuNuXT+0
ulHOC5o9+NOAtd4xnaE8fLc/Q6A8SYt9XMHi5E/NfcHpehwedn9hV1ZEJOQ/dKuC
U3CSQYNXfj4hH5MMWNtgWz8dH1wY60FU2CxWOMNhyPLpcSho0AOdTKCTT/n63KKd
8BOr4AB+EXneipcJRwMCTtUeugbH7b5q9ensOLQs1oxdbuZgHSHdLs0vA8KSRSaH
gXsaBoeuU8JkgJnwIURBOiZ57SnIH5vjXzLRT9iX7u3xH5k+lOK3rSb1dcaxuLF3
YIFtHh/D7S2SdWT5Gp/3
=VA9N
-----END PGP SIGNATURE-----
--0NibSQHfFMdJob5WP0EHfXpwP7mXahol4--
From owner-freebsd-jail@FreeBSD.ORG Wed Jun 11 01:19:11 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id F197034F
for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 01:19:10 +0000 (UTC)
Received: from outbound.mailhostbox.com (outbound.mailhostbox.com
[162.222.225.22])
by mx1.freebsd.org (Postfix) with ESMTP id B8B2C2743
for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 01:19:10 +0000 (UTC)
Received: from [192.168.1.2] (unknown [109.99.157.72])
(using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
(No client certificate requested)
(Authenticated sender: s7r@sky-ip.org)
by outbound.mailhostbox.com (Postfix) with ESMTPSA id 0627863978E
for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 01:19:09 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sky-ip.org;
s=20110108; t=1402449551;
bh=g63zktm3Vt9OeBYi4tfkmOMbX4U5YeS0rhFSprMfvFY=;
h=Message-ID:Date:From:Reply-To:MIME-Version:To:Subject:References:
In-Reply-To:Content-Type:Content-Transfer-Encoding;
b=fXTErusD8Syj3VAuc8GCT1jzyZWfROMbb+EWfe3ypWYy4unThl934ltoThqfbbmQP
b5Uvn1br2CvPJtaamwc/BScUHJibR27U5ty0wF429Y+/97bEdWipLs7jZiMeJIDwBG
4Meci9Dl4M2/qrkvuciJvL16+ciT/AQfvtrTneSs=
Message-ID: <5397AE8F.8020000@sky-ip.org>
Date: Wed, 11 Jun 2014 04:19:11 +0300
From: "s7r@sky-ip.org" <s7r@sky-ip.org>
Reply-To: s7r@sky-ip.org
User-Agent: Mozilla/5.0 (Windows NT 5.1;
rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: freebsd-jail@freebsd.org
Subject: Re: Assign Lookback address 127.0.0.1 to jail
References: <53979DA8.60002@sky-ip.org> <5397A0D9.403@freebsd.org>
<5397A16E.8080504@sky-ip.org> <5397A2C3.1090109@freebsd.org>
In-Reply-To: <5397A2C3.1090109@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-CTCH-RefID: str=0001.0A020206.5397AE8D.00A2, ss=1, re=0.000, recu=0.000,
reip=0.000, cl=1, cld=1, fgs=0
X-CTCH-VOD: Unknown
X-CTCH-Spam: Unknown
X-CTCH-Score: 0.000
X-CTCH-Rules:
X-CTCH-Flags: 0
X-CTCH-ScoreCust: 0.000
X-CTCH-SenderID: s7r@sky-ip.org
X-CTCH-SenderID-TotalMessages: 1
X-CTCH-SenderID-TotalSpam: 0
X-CTCH-SenderID-TotalSuspected: 0
X-CTCH-SenderID-TotalBulk: 0
X-CTCH-SenderID-TotalConfirmed: 0
X-CTCH-SenderID-TotalRecipients: 0
X-CTCH-SenderID-TotalVirus: 0
X-CTCH-SenderID-BlueWhiteFlag: 0
X-Scanned-By: MIMEDefang 2.72 on 172.18.214.134
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jun 2014 01:19:11 -0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 6/11/2014 3:28 AM, Allan Jude wrote:
> On 2014-06-10 20:23, s7r@sky-ip.org wrote:
>> On 6/11/2014 3:20 AM, Allan Jude wrote:
>>> On 2014-06-10 20:07, s7r@sky-ip.org wrote:
>>>> Hi,
>>>>
>>>> Operating system is FreeBSD 10.0 64 Bit
>>>>
>>>> I have installed ezjail from ports and properly configured a
>>>> jail with its own static and dedicated IP address. Everything
>>>> works good, it's just that I have an application which
>>>> requires to talk to another one via RPC on IP 127.0.0.1, and
>>>> I have noticed the jail does not have a lo0 interface or
>>>> localhost 127.0.0.1 IP address.
>>>>
>>>> This is bad because the application has no choice but to bind
>>>> to the public IP address assigned to the jail, and it's not
>>>> safe.
>>>>
>>>> How can I add a lo0 interface with IP 127.0.0.1 to a jail?
>>>>
>>>> Thanks in advance.
>>>> _______________________________________________
>>>> freebsd-jail@freebsd.org mailing list
>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail To
>>>> unsubscribe, send any mail to
>>>> "freebsd-jail-unsubscribe@freebsd.org"
>>>>
>>
>>> Does it have to be 127.0.0.1? You can add an alias like
>>> 127.0.0.2 to the lo0 interface and use that.
>>
>>> Inside the jail, 127.0.0.1 is mapped to the IP of the jail.
>>
>>> Using ezjail, you can also allocate more than 1 IP address to
>>> a jail by comma separating them
>>
>>> You can also make it automatically alias the IPs for you with
>>> the syntax:
>>
>>> em0|192.168.0.10,lo0|127.0.0.2 etc
>>
>>
>>
>> Thank you Allan for your fast reply.
>>
>> I have the jail already created via: # ezjail-admin create
>> <jailname> <em0|public IP>
>>
>> How do I modify the already existing jail to have 127.0.0.2, for
>> example, or can't I just have 127.0.0.1 in the jail?
>>
>> _______________________________________________
>> freebsd-jail@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail To
>> unsubscribe, send any mail to
>> "freebsd-jail-unsubscribe@freebsd.org"
>>
>
> Stop the jail, and then edit /usr/local/etc/ezjail/jail_name
>
> and change the line that defines the IPs
>
Thank you it works, with 127.0.0.2
If I try to add 127.0.0.1 will this create any conflicts with the host
or will it work? Because i have something important listening on
hosts's 127.0.0.1 and don't want to mess up. I would need the same
configuration within the jail also, so that's why I need the .1
localhost IP.
- --
s7r
PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11
PGP Pubkey: http://www.sky-ip.org/s7r@sky-ip.org.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJTl66PAAoJEIN/pSyBJlsR3kQIAMONQ/3FrX9tQBbdJRc7N3eP
a/fIOnBYWZCu7ad0DF2NXfOIzfrQBuKCGhm3CLQmzVGw0k/fdD/Yu/U9/kdjgI/n
A/ZELHZmowQPfao8tK6eSqeOmw6gNzhCth5ILfH0CJvvarjBXUi7ygHhwzB1U97n
sqJzKv8cDAVf67Sd3YbNNa2FoXdM32esEpsjnB8dJEF9ijzv54ovXdREYZhgkibX
IN1XcsfUGLdtZDL14+JXlTOaBDk9WgUuoEcsWeAZtM8VVaTiN/QqYbywf598hxLN
5G3AyyfUrLAq4z2RjnzZ2SGAIqv42CyE4MSf3Sft/fFNRExxiq3xAoWmwaTqRnk=
=3gqI
-----END PGP SIGNATURE-----
From owner-freebsd-jail@FreeBSD.ORG Wed Jun 11 01:46:38 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 59FE36E5
for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 01:46:38 +0000 (UTC)
Received: from mail-ig0-x236.google.com (mail-ig0-x236.google.com
[IPv6:2607:f8b0:4001:c05::236])
(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
(Client CN "smtp.gmail.com",
Issuer "Google Internet Authority G2" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id E6E782955
for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 01:46:37 +0000 (UTC)
Received: by mail-ig0-f182.google.com with SMTP id a13so213081igq.15
for <freebsd-jail@freebsd.org>; Tue, 10 Jun 2014 18:46:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa;
h=references:mime-version:in-reply-to:content-type
:content-transfer-encoding:message-id:cc:from:subject:date:to;
bh=YnbXWfETv8lxgvqvE4+s1z1MvXQFwmsqGUN/QYCHqts=;
b=Edabu2+vDFvfDwwtE+OXzhfEDdonqOkOZM24+l4ExSMWTu0K/j8hKN9qxJsZXTFiog
jZq4uk+rzb27oGlsyBrE0JOL0kzKczs2jAOd9Woy8Rscnvur728gzg/Fbdy4Z5Z29rOB
rNm/7cnfvVOxhweDgv9saZUWTsrPrb7q9Pr58=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:references:mime-version:in-reply-to:content-type
:content-transfer-encoding:message-id:cc:from:subject:date:to;
bh=YnbXWfETv8lxgvqvE4+s1z1MvXQFwmsqGUN/QYCHqts=;
b=cQPy8EOT7j9RK6yxpg5wBUrNYtbr4j7sjHfJO4codY8FmZSgknNt8qedjjROPLdG0U
V5oEpPsJMirTFK1b+CGkjoqigAn+1dFF24BvuS55Sy4hCiRAt+UogOppFnJe4XcaC8FF
x0LBG0QkzUHoRwW6WFRXiQppYrQi6tcdzths9mjNuOTg0ViunZmrFpimWi61Y15vyn9k
+r6hc3312bnLa1tW+tgxkPbPeUQX7koj/sXZY3PELmDqYH2Ld4FBEG+uZd7ssLqPCuSD
7GwFBDrIw4ps2tuEKO1Jetf1DbhrNDEp3Jd0pggaXsP+jW547VgCKHdKPJTxB6a4MDk0
yHzw==
X-Gm-Message-State: ALoCoQlHfSOighfZZj5X3xXvJWYHScVyyI6QZkFbBSZdhmu2b23hpGop7dJEOjzQb/IYEYGKn5tM
X-Received: by 10.50.153.8 with SMTP id vc8mr49663910igb.16.1402451196728;
Tue, 10 Jun 2014 18:46:36 -0700 (PDT)
Received: from [172.31.35.2] (75-128-101-59.dhcp.sgnw.mi.charter.com.
[75.128.101.59])
by mx.google.com with ESMTPSA id jh7sm104162283igb.22.2014.06.10.18.46.35
for <multiple recipients>
(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
Tue, 10 Jun 2014 18:46:35 -0700 (PDT)
References: <53979DA8.60002@sky-ip.org> <5397A0D9.403@freebsd.org>
<5397A16E.8080504@sky-ip.org> <5397A2C3.1090109@freebsd.org>
<5397AE8F.8020000@sky-ip.org>
Mime-Version: 1.0 (1.0)
In-Reply-To: <5397AE8F.8020000@sky-ip.org>
Content-Type: multipart/signed; micalg=sha1;
boundary=Apple-Mail-B5BB1EFA-FDEE-41BC-ABFF-7049AEAE9080;
protocol="application/pkcs7-signature"
Content-Transfer-Encoding: 7bit
Message-Id: <8B8FC782-7DF2-4BD3-883D-4ADE7E07822A@dataix.net>
X-Mailer: iPhone Mail (11B554a)
From: Jason Hellenthal <jhellenthal@dataix.net>
Subject: Re: Assign Lookback address 127.0.0.1 to jail
Date: Tue, 10 Jun 2014 21:46:30 -0400
To: "s7r@sky-ip.org" <s7r@sky-ip.org>
X-Content-Filtered-By: Mailman/MimeDel 2.1.18
Cc: "freebsd-jail@freebsd.org" <freebsd-jail@freebsd.org>
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jun 2014 01:46:38 -0000
--Apple-Mail-B5BB1EFA-FDEE-41BC-ABFF-7049AEAE9080
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: quoted-printable
You could just go with building the host kernel with VIMAGE . . . Then eac=
h jail has its own virtual network stack.
=20
--=20
Jason Hellenthal
Voice: 95.30.17.6/616
JJH48-ARIN
> On Jun 10, 2014, at 21:19, "s7r@sky-ip.org" <s7r@sky-ip.org> wrote:
>=20
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>=20
>> On 6/11/2014 3:28 AM, Allan Jude wrote:
>>> On 2014-06-10 20:23, s7r@sky-ip.org wrote:
>>>> On 6/11/2014 3:20 AM, Allan Jude wrote:
>>>>> On 2014-06-10 20:07, s7r@sky-ip.org wrote:
>>>>> Hi,
>>>>>=20
>>>>> Operating system is FreeBSD 10.0 64 Bit
>>>>>=20
>>>>> I have installed ezjail from ports and properly configured a
>>>>> jail with its own static and dedicated IP address. Everything
>>>>> works good, it's just that I have an application which
>>>>> requires to talk to another one via RPC on IP 127.0.0.1, and
>>>>> I have noticed the jail does not have a lo0 interface or
>>>>> localhost 127.0.0.1 IP address.
>>>>>=20
>>>>> This is bad because the application has no choice but to bind
>>>>> to the public IP address assigned to the jail, and it's not
>>>>> safe.
>>>>>=20
>>>>> How can I add a lo0 interface with IP 127.0.0.1 to a jail?
>>>>>=20
>>>>> Thanks in advance.=20
>>>>> _______________________________________________=20
>>>>> freebsd-jail@freebsd.org mailing list=20
>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail To=20
>>>>> unsubscribe, send any mail to=20
>>>>> "freebsd-jail-unsubscribe@freebsd.org"
>>>=20
>>>> Does it have to be 127.0.0.1? You can add an alias like
>>>> 127.0.0.2 to the lo0 interface and use that.
>>>=20
>>>> Inside the jail, 127.0.0.1 is mapped to the IP of the jail.
>>>=20
>>>> Using ezjail, you can also allocate more than 1 IP address to
>>>> a jail by comma separating them
>>>=20
>>>> You can also make it automatically alias the IPs for you with
>>>> the syntax:
>>>=20
>>>> em0|192.168.0.10,lo0|127.0.0.2 etc
>>>=20
>>>=20
>>>=20
>>> Thank you Allan for your fast reply.
>>>=20
>>> I have the jail already created via: # ezjail-admin create
>>> <jailname> <em0|public IP>
>>>=20
>>> How do I modify the already existing jail to have 127.0.0.2, for=20
>>> example, or can't I just have 127.0.0.1 in the jail?
>>>=20
>>> _______________________________________________=20
>>> freebsd-jail@freebsd.org mailing list=20
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail To
>>> unsubscribe, send any mail to
>>> "freebsd-jail-unsubscribe@freebsd.org"
>>=20
>> Stop the jail, and then edit /usr/local/etc/ezjail/jail_name
>>=20
>> and change the line that defines the IPs
>=20
> Thank you it works, with 127.0.0.2
>=20
> If I try to add 127.0.0.1 will this create any conflicts with the host
> or will it work? Because i have something important listening on
> hosts's 127.0.0.1 and don't want to mess up. I would need the same
> configuration within the jail also, so that's why I need the .1
> localhost IP.
>=20
> - --=20
> s7r
> PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11
> PGP Pubkey: http://www.sky-ip.org/s7r@sky-ip.org.asc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>=20
> iQEcBAEBAgAGBQJTl66PAAoJEIN/pSyBJlsR3kQIAMONQ/3FrX9tQBbdJRc7N3eP
> a/fIOnBYWZCu7ad0DF2NXfOIzfrQBuKCGhm3CLQmzVGw0k/fdD/Yu/U9/kdjgI/n
> A/ZELHZmowQPfao8tK6eSqeOmw6gNzhCth5ILfH0CJvvarjBXUi7ygHhwzB1U97n
> sqJzKv8cDAVf67Sd3YbNNa2FoXdM32esEpsjnB8dJEF9ijzv54ovXdREYZhgkibX
> IN1XcsfUGLdtZDL14+JXlTOaBDk9WgUuoEcsWeAZtM8VVaTiN/QqYbywf598hxLN
> 5G3AyyfUrLAq4z2RjnzZ2SGAIqv42CyE4MSf3Sft/fFNRExxiq3xAoWmwaTqRnk=3D
> =3D3gqI
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-jail@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"
--Apple-Mail-B5BB1EFA-FDEE-41BC-ABFF-7049AEAE9080
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Disposition: attachment;
filename=smime.p7s
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIUOTCCBjAw
ggUYoAMCAQICAwohwzANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0
YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcx
ODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENB
MB4XDTE0MDYwMzAzMzkyN1oXDTE1MDYwMzE4MDgxM1owSDEfMB0GA1UEAwwWamhlbGxlbnRoYWxA
ZGF0YWl4Lm5ldDElMCMGCSqGSIb3DQEJARYWamhlbGxlbnRoYWxAZGF0YWl4Lm5ldDCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJKGjiPzL417iKfMoeneq5efP1IaUUtMOy8yf+e7vO6k
JF8PWpXPevNbHzgWqB+EyEqjlNdsIApe9dl8Pb4/wLxjGpeoI9h83WzblarnczZfK7s0eyT/qN0Q
d9wFoX7ScyFdpFNW4TyCUNsRrqWkW1PM+nYcix9Ro9i9N89nQjIuND/2JZBgnGVys1yAqN6XF2e8
RAKlD1e5hJ3xyM7STk74Jex9b/D8jF/gmKTbJZ8zKST3VnEVIPTNUtDyCKrfwHEUT7PlLTPFBmXS
YxbK33AkYF7hHR8YP1zzlShucaef1Fsqj1dz151XjqIvgLetfDUDQJTRKaQSqouYbQibC4sCAwEA
AaOCAtwwggLYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggr
BgEFBQcDBDAdBgNVHQ4EFgQUzDac0huOVpzovDj7gQlVDDg1z4swHwYDVR0jBBgwFoAUU3Ltkpzg
2ssBXHx+ljVO8tS4UYIwIQYDVR0RBBowGIEWamhlbGxlbnRoYWxAZGF0YWl4Lm5ldDCCAUwGA1Ud
IASCAUMwggE/MIIBOwYLKwYBBAGBtTcBAgMwggEqMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3LnN0
YXJ0c3NsLmNvbS9wb2xpY3kucGRmMIH3BggrBgEFBQcCAjCB6jAnFiBTdGFydENvbSBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTADAgEBGoG+VGhpcyBjZXJ0aWZpY2F0ZSB3YXMgaXNzdWVkIGFjY29y
ZGluZyB0byB0aGUgQ2xhc3MgMSBWYWxpZGF0aW9uIHJlcXVpcmVtZW50cyBvZiB0aGUgU3RhcnRD
b20gQ0EgcG9saWN5LCByZWxpYW5jZSBvbmx5IGZvciB0aGUgaW50ZW5kZWQgcHVycG9zZSBpbiBj
b21wbGlhbmNlIG9mIHRoZSByZWx5aW5nIHBhcnR5IG9ibGlnYXRpb25zLjA2BgNVHR8ELzAtMCug
KaAnhiVodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9jcnR1MS1jcmwuY3JsMIGOBggrBgEFBQcBAQSB
gTB/MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcC5zdGFydHNzbC5jb20vc3ViL2NsYXNzMS9jbGll
bnQvY2EwQgYIKwYBBQUHMAKGNmh0dHA6Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL3N1Yi5jbGFz
czEuY2xpZW50LmNhLmNydDAjBgNVHRIEHDAahhhodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS8wDQYJ
KoZIhvcNAQELBQADggEBABTurlkTDTe7R/3Va4AJzgeLybzHTijxvU9VE985fuKRBxS3x0cjKODM
Gv4ynlsHCZHONGouIbuU1W0dcaiWA2Qxo0gqwXoGFZ65ERgRhot1n8UKQTvVKg/qhd2RGgqaqFFY
qagXQAPglmpyvq3Hk6AN0E9XqAnbWCVaXUk0Al/TgZlCFtfE1NxfSkfF6u4ffkhj3AHHkbtBXsAe
aSVF/ZJ7ET4Ji//oozVxJktOFQzb96HgMYKMk/YSznIqt3guY3KJbahQiVouWErvQaMYsXX5JUOQ
YjnSa2/axNOTnUCPhDrgoS7BAJtJvNao8XWkRpp8RqqqhIywhrCsQlkRj7MwggY0MIIEHKADAgEC
AgEeMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQu
MSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkwJwYDVQQDEyBT
dGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzEwMjQyMTAxNTVaFw0xNzEwMjQy
MTAxNTVaMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh
c3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDHCYPMzi3YGrEppC4Tq5a+ijKDjKaIQZZVR63UbxIP6uq/I0fhCu+cQhoUfE6E
RKKnu8zPf1Jwuk0tsvVCk6U9b+0UjM0dLep3ZdE1gblK/1FwYT5Pipsu2yOMluLqwvsuz9/9f1+1
PKHG/FaR/wpbfuIqu54qzHDYeqiUfsYzoVflR80DAC7hmJ+SmZnNTWyUGHJbBpA8Q89lGxahNvur
yGaC/o2/ceD2uYDX9U8Eg5DpIpGQdcbQeGarV04WgAUjjXX5r/2dabmtxWMZwhZna//jdiSyrrSM
TGKkDiXm6/3/4ebfeZuCYKzN2P8O2F/Xe2AC/Y7zeEsnR7FOp+uXAgMBAAGjggGtMIIBqTAPBgNV
HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUU3Ltkpzg2ssBXHx+ljVO8tS4
UYIwHwYDVR0jBBgwFoAUTgvvGqRAW6UXaYcwyjRoQ9BBrvIwZgYIKwYBBQUHAQEEWjBYMCcGCCsG
AQUFBzABhhtodHRwOi8vb2NzcC5zdGFydHNzbC5jb20vY2EwLQYIKwYBBQUHMAKGIWh0dHA6Ly93
d3cuc3RhcnRzc2wuY29tL3Nmc2NhLmNydDBbBgNVHR8EVDBSMCegJaAjhiFodHRwOi8vd3d3LnN0
YXJ0c3NsLmNvbS9zZnNjYS5jcmwwJ6AloCOGIWh0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL3Nmc2Nh
LmNybDCBgAYDVR0gBHkwdzB1BgsrBgEEAYG1NwECATBmMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3
LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMDQGCCsGAQUFBwIBFihodHRwOi8vd3d3LnN0YXJ0c3Ns
LmNvbS9pbnRlcm1lZGlhdGUucGRmMA0GCSqGSIb3DQEBBQUAA4ICAQAKgwh9eKssBly4Y4xerhy5
I3dNoXHYfYa8PlVLL/qtXnkFgdtY1o95CfegFJTwqBBmf8pyTUnFsukDFUI22zF5bVHzuJ+GxhnS
qN2sD1qetbYwBYK2iyYA5Pg7Er1A+hKMIzEzcduRkIMmCeUTyMyikfbUFvIBivtvkR8ZFAk22BZy
+pJfAoedO61HTz4qSfQoCRcLN5A0t4DkuVhTMXIzuQ8CnykhExD6x4e6ebIbrjZLb7L+ocR0y4Yj
Cl/Pd4MXU91y0vTipgr/O75CDUHDRHCCKBVmz/Rzkc/b970MEeHt5LC3NiWTgBSvrLEuVzBKM586
YoRD9Dy3OHQgWI270g+5MYA8GfgI/EPT5G7xPbCDz+zjdH89PeR3U4So4lSXur6H6vp+m9TQXPF3
a0LwZrp8MQ+Z77U1uL7TelWO5lApsbAonrqASfTpaprFVkL4nyGH+NHST2ZJPWIBk81i6Vw0ny0q
ZW2Niy/QvVNKbb43A43ny076khXO7cNbBIRdJ/6qQNq9Bqb5C0Q5nEsFcj75oxQRqlKf6TcvGbjx
kJh8BYtv9ePsXklAxtm8J7GCUBthHSQgepbkOexhJ0wP8imUkyiPHQ0GvEnd83129fZjoEhdGwXV
27ioRKbj/cIq7JRXun0NbeY+UdMYu9jGfIpDLtUUGSgsg2zMGs5R4jCCB8kwggWxoAMCAQICAQEw
DQYJKoZIhvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzAp
BgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0
Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MDkxNzE5NDYzNloXDTM2MDkxNzE5NDYz
NlowfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3Vy
ZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwYjbCbxsRnx4
n5V7tTOQ8nJi1sE2ICIkXs7pd/JDCqIGZKTMjjb4OOYj8G5tsTzdcqOFHKHTPbQzK9Mvr/7qsEFZ
Z7bEBn0KnnSF1nlMgDd63zkFUln39BtGQ6TShYXSw3HzdWI0uiyKfx6P7u000BHHls1SPboz1t1N
3gs7SkufwiYv+rUWHHI1d8o8XebK4SaLGjZ2XAHbdBQl/u21oIgP3XjKLR8HlzABLXJ5+kbWEyqo
uaarg0kd5fLv3eQBjhgKj2NTFoViqQ4ZOsy1ZqbCa3QH5Cvhdj60bdj2ROFzYh87xL6gU1YlbFEJ
96qryr92/W2b853bvz1mvAxWqq+YSJU6S9+nWFDZOHWpW+pDDAL/mevobE1wWyllnN2qXcyvATHs
DOvSjejqnHvmbvcnZgwaSNduQuM/3iE+e+ENcPtjqqhsGlS0XCV6yaLJixamuyx+F14FTVhuEh0B
7hIQDcYyfxj//PT6zW6R6DZJvhpIaYvClk0aErJpF8EKkNb6eSJIv7p7afhwx/p6N9jYDdJ2T1f/
kLfjkdLd78Jgt2c63f6qnPDUi39yIs7Gn5e2+K+KoBCo2fsYxra1XFI8ibYZKnMBCg8DsxJg8nov
gdujbv8mMJf1i92JV7atPbOvK8W3dgLwpdYrmoYUKnL24zOMXQlLE9+7jHQTUksCAwEAAaOCAlIw
ggJOMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgGuMB0GA1UdDgQWBBROC+8apEBbpRdphzDKNGhD
0EGu8jBkBgNVHR8EXTBbMCygKqAohiZodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvc2ZzY2EtY3Js
LmNybDAroCmgJ4YlaHR0cDovL2NybC5zdGFydGNvbS5vcmcvc2ZzY2EtY3JsLmNybDCCAV0GA1Ud
IASCAVQwggFQMIIBTAYLKwYBBAGBtTcBAQEwggE7MC8GCCsGAQUFBwIBFiNodHRwOi8vY2VydC5z
dGFydGNvbS5vcmcvcG9saWN5LnBkZjA1BggrBgEFBQcCARYpaHR0cDovL2NlcnQuc3RhcnRjb20u
b3JnL2ludGVybWVkaWF0ZS5wZGYwgdAGCCsGAQUFBwICMIHDMCcWIFN0YXJ0IENvbW1lcmNpYWwg
KFN0YXJ0Q29tKSBMdGQuMAMCAQEagZdMaW1pdGVkIExpYWJpbGl0eSwgcmVhZCB0aGUgc2VjdGlv
biAqTGVnYWwgTGltaXRhdGlvbnMqIG9mIHRoZSBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eSBQb2xpY3kgYXZhaWxhYmxlIGF0IGh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9wb2xpY3ku
cGRmMBEGCWCGSAGG+EIBAQQEAwIABzA4BglghkgBhvhCAQ0EKxYpU3RhcnRDb20gRnJlZSBTU0wg
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwDQYJKoZIhvcNAQEFBQADggIBABZsmfRmDDT10IVefQrs
2hBOOBxe36YlBUuRMsHoO/E93UQJWwdJiinLZgK3sZr3JZgJPI4b4d02hytLu2jTOWY9oCbH8jmR
HVGrgnt+1c5a5OIDV3Bplwj5XlimCt+MBppFFhY4Cl5X9mLHegIF5rwetfKe9Kkpg/iyFONuKIdE
w5Aa3jipPKxDTWRFzt0oqVzyc3sE+Bfoq7HzLlxkbnMxOhK4vLMR5H2PgVGaO42J9E2TZns8A+3T
mh2a82VQ9aDQdZ8vr/DqgkOY+GmciXnEQ45GcuNkNhKv9yUeOImQd37Da2q5w8tES6x4kIvnxywe
SxFEyDRSJ80KXZ+FwYnVGnjylRBTMt2AhGZ12bVoKPthLr6EqDjAmRKGpR5nZK0GLi+pcIXHlg98
iWX1jkNUDqvdpYA5lGDANMmWcCyjEvUfSHu9HH5rt52Q9CI7rvj8Ksr6glKg769LVZPrwbXwIous
NE4mIgShhyx1SrflfRPXuAxkwDbSyS+GEowjCcEbgjtzSaNqV4eU5dZ4xZlDY+NN4Hct4WWZcmkE
GkcJ5g8BViT7H78OealYLrnECQF+lbptAAY+supKEDnY0Cv1v+x1v5cCxQkbCNxVN+KB+zeEQ2Ig
yudWS2Xq/mzBJJMkoTTrBf+aIq6bfT/xZVEKpjBqs/SIHIAN/HKK6INeMYIDbzCCA2sCAQEwgZQw
gYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUg
RGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFBy
aW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQIDCiHDMAkGBSsOAwIaBQCgggGvMBgGCSqGSIb3
DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE0MDYxMTAxNDYzMlowIwYJKoZIhvcN
AQkEMRYEFEBsCDhdiH56hsKPNan5GjpPkPDAMIGlBgkrBgEEAYI3EAQxgZcwgZQwgYwxCzAJBgNV
BAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBD
ZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50
ZXJtZWRpYXRlIENsaWVudCBDQQIDCiHDMIGnBgsqhkiG9w0BCRACCzGBl6CBlDCBjDELMAkGA1UE
BhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENl
cnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRl
cm1lZGlhdGUgQ2xpZW50IENBAgMKIcMwDQYJKoZIhvcNAQEBBQAEggEASrWk+bTy1+1qdAs2pbON
kHoPKuE6THWdKpJBL15RArR2y06tTP/CfxE31PegSWuX/aVaisZ6wPvG09xIwkbbGzsuR9n1Pcvr
zJDfx2vETZ1dl9xH2SITCnNlp+l+CGaXlhe+HIJKt04GqosIpfmM6jN8VLvrMX0gQH7/5rYpIFtE
4cE2oM1kf/2jm2TWaaf1qVw0IGQPOiJcLVC+AogZB1tj+zb+Z0pZQ8iklltd4QiPjLKmVXLE8mcR
gwtVX+pTTB3SCLdiMkmG/yqwPrZTBJ7s2EZrf3OriNuydfzWEeVGtEt2oqJ8T/HeiNMRsU3pcYo+
ga3Satk6+Q7Bxp+CtAAAAAAAAA==
--Apple-Mail-B5BB1EFA-FDEE-41BC-ABFF-7049AEAE9080--
From owner-freebsd-jail@FreeBSD.ORG Wed Jun 11 01:49:33 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id B6CAB7C2
for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 01:49:33 +0000 (UTC)
Received: from mx1.scaleengine.net (beauharnois2.bhs1.scaleengine.net
[142.4.218.15]) by mx1.freebsd.org (Postfix) with ESMTP id 8F3A92971
for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 01:49:32 +0000 (UTC)
Received: from [10.1.1.2] (S01060001abad1dea.hm.shawcable.net [50.70.146.73])
(Authenticated sender: allanjude.freebsd@scaleengine.com)
by mx1.scaleengine.net (Postfix) with ESMTPSA id A145985CE9
for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 01:49:31 +0000 (UTC)
Message-ID: <5397B5AD.9090505@freebsd.org>
Date: Tue, 10 Jun 2014 21:49:33 -0400
From: Allan Jude <allanjude@freebsd.org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: freebsd-jail@freebsd.org
Subject: Re: Assign Lookback address 127.0.0.1 to jail
References: <53979DA8.60002@sky-ip.org> <5397A0D9.403@freebsd.org>
<5397A16E.8080504@sky-ip.org> <5397A2C3.1090109@freebsd.org>
<5397AE8F.8020000@sky-ip.org>
In-Reply-To: <5397AE8F.8020000@sky-ip.org>
X-Enigmail-Version: 1.6
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="kL65ti9oNJET1hiURTmCbWSqUiMxTorvd"
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jun 2014 01:49:33 -0000
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--kL65ti9oNJET1hiURTmCbWSqUiMxTorvd
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
On 2014-06-10 21:19, s7r@sky-ip.org wrote:
> On 6/11/2014 3:28 AM, Allan Jude wrote:
>> On 2014-06-10 20:23, s7r@sky-ip.org wrote:
>>> On 6/11/2014 3:20 AM, Allan Jude wrote:
>>>> On 2014-06-10 20:07, s7r@sky-ip.org wrote:
>>>>> Hi,
>>>>>
>>>>> Operating system is FreeBSD 10.0 64 Bit
>>>>>
>>>>> I have installed ezjail from ports and properly configured a
>>>>> jail with its own static and dedicated IP address. Everything
>>>>> works good, it's just that I have an application which
>>>>> requires to talk to another one via RPC on IP 127.0.0.1, and
>>>>> I have noticed the jail does not have a lo0 interface or
>>>>> localhost 127.0.0.1 IP address.
>>>>>
>>>>> This is bad because the application has no choice but to bind
>>>>> to the public IP address assigned to the jail, and it's not
>>>>> safe.
>>>>>
>>>>> How can I add a lo0 interface with IP 127.0.0.1 to a jail?
>>>>>
>>>>> Thanks in advance.=20
>>>>> _______________________________________________=20
>>>>> freebsd-jail@freebsd.org mailing list=20
>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail To=20
>>>>> unsubscribe, send any mail to=20
>>>>> "freebsd-jail-unsubscribe@freebsd.org"
>>>>>
>>>
>>>> Does it have to be 127.0.0.1? You can add an alias like
>>>> 127.0.0.2 to the lo0 interface and use that.
>>>
>>>> Inside the jail, 127.0.0.1 is mapped to the IP of the jail.
>>>
>>>> Using ezjail, you can also allocate more than 1 IP address to
>>>> a jail by comma separating them
>>>
>>>> You can also make it automatically alias the IPs for you with
>>>> the syntax:
>>>
>>>> em0|192.168.0.10,lo0|127.0.0.2 etc
>>>
>>>
>>>
>>> Thank you Allan for your fast reply.
>>>
>>> I have the jail already created via: # ezjail-admin create
>>> <jailname> <em0|public IP>
>>>
>>> How do I modify the already existing jail to have 127.0.0.2, for=20
>>> example, or can't I just have 127.0.0.1 in the jail?
>>>
>>> _______________________________________________=20
>>> freebsd-jail@freebsd.org mailing list=20
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail To
>>> unsubscribe, send any mail to
>>> "freebsd-jail-unsubscribe@freebsd.org"
>>>
>=20
>> Stop the jail, and then edit /usr/local/etc/ezjail/jail_name
>=20
>> and change the line that defines the IPs
>=20
>=20
> Thank you it works, with 127.0.0.2
>=20
> If I try to add 127.0.0.1 will this create any conflicts with the host
> or will it work? Because i have something important listening on
> hosts's 127.0.0.1 and don't want to mess up. I would need the same
> configuration within the jail also, so that's why I need the .1
> localhost IP.
>=20
> _______________________________________________
> freebsd-jail@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"=
>=20
When the host and the jail share an IP, the jail wins. So, if you run
sshd on both, then ssh'ing to the shared IP will goto the jail. However,
if you don't run sshd in the jail and you do on the host, the connection
will 'fall through' to the host.
So, as long as the jail isn't going to use the same port # as your
important app, you can share.
--=20
Allan Jude
--kL65ti9oNJET1hiURTmCbWSqUiMxTorvd
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJTl7WwAAoJEJrBFpNRJZKfGY0QAKaaTUQYXuzYaVaddHV+lebZ
byRISbwlXVt/v5BLuPiz+51GOZW0SIqMEHMmC2eOXPmO89wc9NF7wuWb/ShtHxZW
azdVfbgLO1SO0NFMUDdYdwvQ+AbxC1xOO6JKqCvBat0RdJMvIMHe/uPpmMnxdh5Z
PAEsqa8LwdddOr89yJi2NXuRGmCeBF/uWvTGpssNLN0eZhP6ZVM4ZIIcy/GWPt2E
mLTcq71KsioqWTTP1fa4hJOgRtWZMkURvbrWIM5RbnOEflA2xyhHMhwYia/j1zVK
o3rhEsx4Ly//9GHVityGco5xM+FOosdW9po/G9dDgjaYfqfx+NE4/N+yAOF3ok6L
IpS/KCwMK1wkg5ubsn/IGeObouR92/GPBysP7GRw4B2MuZhzi5j3wfXiN2lCaGmw
O29On39ErcezmkchuNfekKBXOWuT4n5kLBIC8HlGYIVR9P33ueIy8l8ME6a/Zq2M
nfVmuAh7u8FOl8/J4J7qXZ+GP12rlu87MkZb7RsfwNn0PRT094d2axBRrBx2DLe6
taLmHIuPj4h//0nTqoM1wpemCH7ZFgiXWRh37apWb5VUGH5EXJJIv95NEe5SjpAe
UajtmcIzdVGaw0tjvYhj/oXxpmJjhfo2/M8ZZbtIqOwLkrwfox4sSmu9MMOo5iKk
6K9W2j0szUEiQIJEf1kn
=+B2l
-----END PGP SIGNATURE-----
--kL65ti9oNJET1hiURTmCbWSqUiMxTorvd--
From owner-freebsd-jail@FreeBSD.ORG Wed Jun 11 19:53:41 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 9FDC4EAF
for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 19:53:41 +0000 (UTC)
Received: from outbound.mailhostbox.com (outbound.mailhostbox.com
[162.222.225.22])
by mx1.freebsd.org (Postfix) with ESMTP id 6424C2EA6
for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 19:53:41 +0000 (UTC)
Received: from [192.168.1.2] (unknown [109.99.157.72])
(using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
(No client certificate requested)
(Authenticated sender: s7r@sky-ip.org)
by outbound.mailhostbox.com (Postfix) with ESMTPSA id 802A7638E0F;
Wed, 11 Jun 2014 19:53:39 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sky-ip.org;
s=20110108; t=1402516421;
bh=+YYXhviIVqqxldZzemGOnu269PWX25v2X3vVVpYHB4g=;
h=Message-ID:Date:From:Reply-To:MIME-Version:To:CC:Subject:
References:In-Reply-To:Content-Type:Content-Transfer-Encoding;
b=BaLLm5PyR426HrjAK+xPRiTm/snYyx21hVI2UBCNjZnJzppDZDuEwVru1hC7y+B5f
/xbUFmIICKd6BcoaSF6cMEhptUIjWU75qqjnKP53NSXDZGSVIyoiIDTPyrxZoj/kMW
8G3oc4Z1hY2/97SWmEgrSL+c6+XF9q5dip2344nE=
Message-ID: <5398B3C4.4050009@sky-ip.org>
Date: Wed, 11 Jun 2014 22:53:40 +0300
From: "s7r@sky-ip.org" <s7r@sky-ip.org>
Reply-To: s7r@sky-ip.org
User-Agent: Mozilla/5.0 (Windows NT 5.1;
rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: Jason Hellenthal <jhellenthal@dataix.net>
Subject: Re: Assign Lookback address 127.0.0.1 to jail
References: <53979DA8.60002@sky-ip.org> <5397A0D9.403@freebsd.org>
<5397A16E.8080504@sky-ip.org> <5397A2C3.1090109@freebsd.org>
<5397AE8F.8020000@sky-ip.org>
<8B8FC782-7DF2-4BD3-883D-4ADE7E07822A@dataix.net>
In-Reply-To: <8B8FC782-7DF2-4BD3-883D-4ADE7E07822A@dataix.net>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-CTCH-RefID: str=0001.0A02020A.5398B3C3.01C4, ss=1, re=0.000, recu=0.000,
reip=0.000, cl=1, cld=1, fgs=0
X-CTCH-VOD: Unknown
X-CTCH-Spam: Unknown
X-CTCH-Score: 0.000
X-CTCH-Rules:
X-CTCH-Flags: 0
X-CTCH-ScoreCust: 0.000
X-CTCH-SenderID: s7r@sky-ip.org
X-CTCH-SenderID-TotalMessages: 1
X-CTCH-SenderID-TotalSpam: 0
X-CTCH-SenderID-TotalSuspected: 0
X-CTCH-SenderID-TotalBulk: 0
X-CTCH-SenderID-TotalConfirmed: 0
X-CTCH-SenderID-TotalRecipients: 0
X-CTCH-SenderID-TotalVirus: 0
X-CTCH-SenderID-BlueWhiteFlag: 0
X-Scanned-By: MIMEDefang 2.72 on 172.18.214.134
Cc: "freebsd-jail@freebsd.org" <freebsd-jail@freebsd.org>
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jun 2014 19:53:41 -0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 6/11/2014 4:46 AM, Jason Hellenthal wrote:
> You could just go with building the host kernel with VIMAGE . . .
> Then each jail has its own virtual network stack.
>
> image.png
>
> -- Jason Hellenthal Voice: 95.30.17.6/616 JJH48-ARIN
>
> On Jun 10, 2014, at 21:19, "s7r@sky-ip.org
> <mailto:s7r@sky-ip.org>" <s7r@sky-ip.org <mailto:s7r@sky-ip.org>>
> wrote:
>
> On 6/11/2014 3:28 AM, Allan Jude wrote:
>>>> On 2014-06-10 20:23, s7r@sky-ip.org <mailto:s7r@sky-ip.org>
>>>> wrote:
>>>>> On 6/11/2014 3:20 AM, Allan Jude wrote:
>>>>>> On 2014-06-10 20:07, s7r@sky-ip.org
>>>>>> <mailto:s7r@sky-ip.org> wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> Operating system is FreeBSD 10.0 64 Bit
>>>>>>>
>>>>>>> I have installed ezjail from ports and properly
>>>>>>> configured a jail with its own static and dedicated IP
>>>>>>> address. Everything works good, it's just that I have
>>>>>>> an application which requires to talk to another one
>>>>>>> via RPC on IP 127.0.0.1, and I have noticed the jail
>>>>>>> does not have a lo0 interface or localhost 127.0.0.1 IP
>>>>>>> address.
>>>>>>>
>>>>>>> This is bad because the application has no choice but
>>>>>>> to bind to the public IP address assigned to the jail,
>>>>>>> and it's not safe.
>>>>>>>
>>>>>>> How can I add a lo0 interface with IP 127.0.0.1 to a
>>>>>>> jail?
>>>>>>>
>>>>>>> Thanks in advance.
>>>>>>> _______________________________________________
>>>>>>> freebsd-jail@freebsd.org
>>>>>>> <mailto:freebsd-jail@freebsd.org> mailing list
>>>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
>>>>>>> To unsubscribe, send any mail to
>>>>>>> "freebsd-jail-unsubscribe@freebsd.org
>>>>>>> <mailto:freebsd-jail-unsubscribe@freebsd.org>"
>>>>>>>
>>>>>
>>>>>> Does it have to be 127.0.0.1? You can add an alias like
>>>>>> 127.0.0.2 to the lo0 interface and use that.
>>>>>
>>>>>> Inside the jail, 127.0.0.1 is mapped to the IP of the
>>>>>> jail.
>>>>>
>>>>>> Using ezjail, you can also allocate more than 1 IP
>>>>>> address to a jail by comma separating them
>>>>>
>>>>>> You can also make it automatically alias the IPs for you
>>>>>> with the syntax:
>>>>>
>>>>>> em0|192.168.0.10,lo0|127.0.0.2 etc
>>>>>
>>>>>
>>>>>
>>>>> Thank you Allan for your fast reply.
>>>>>
>>>>> I have the jail already created via: # ezjail-admin create
>>>>> <jailname> <em0|public IP>
>>>>>
>>>>> How do I modify the already existing jail to have
>>>>> 127.0.0.2, for example, or can't I just have 127.0.0.1 in
>>>>> the jail?
>>>>>
>>>>> _______________________________________________
>>>>> freebsd-jail@freebsd.org <mailto:freebsd-jail@freebsd.org>
>>>>> mailing list
>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail To
>>>>> unsubscribe, send any mail to
>>>>> "freebsd-jail-unsubscribe@freebsd.org
>>>>> <mailto:freebsd-jail-unsubscribe@freebsd.org>"
>>>>>
>>>>
>>>> Stop the jail, and then edit /usr/local/etc/ezjail/jail_name
>>>>
>>>> and change the line that defines the IPs
>>>>
>
> Thank you it works, with 127.0.0.2
>
> If I try to add 127.0.0.1 will this create any conflicts with the
> host or will it work? Because i have something important listening
> on hosts's 127.0.0.1 and don't want to mess up. I would need the
> same configuration within the jail also, so that's why I need the
> .1 localhost IP.
>
>> _______________________________________________
>> freebsd-jail@freebsd.org <mailto:freebsd-jail@freebsd.org>
>> mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail To
>> unsubscribe, send any mail to
>> "freebsd-jail-unsubscribe@freebsd.org
>> <mailto:freebsd-jail-unsubscribe@freebsd.org>"
Hey Jason
Thanks for your suggestion. can you please ellaborate a little bit and
tell me how can i do this step by step? I have an already installed
system with ezjail and already created one jail - how can I add VIMAGE
to have virtual network stack in each jail without having to reinstall
the host or the jails? Thank you, looking forward for your reply.
- --
s7r
PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11
PGP Pubkey: http://www.sky-ip.org/s7r@sky-ip.org.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJTmLPEAAoJEIN/pSyBJlsRabgH/iG/pNAmpmb5ZBYksIjm4U5K
hOvKcOzGiZMn/8LgbJWYf930T8li0UFmr2MttKLjkbojju/zeqjWdYfRI4t+QI5Y
JbKj0BFHA6hPxED7BDNaorHOA/jlAbreToyzMGVlK1EIo/CxCOroMBomomucjlAx
LxICOVrUPmHfR/f3h+sOAgqTytflQQ389PalC7gBZ7IH72JTIEFpc+8Ql5+GPDCL
cLKrrPiTXwQqurJHQMcaaTJ3DJ1Bk1WSipJiqyRNzWIkM29q/CwEeZcyxc+7tbet
EZaL2JechFirmlSRRj/uINqzjW5xCN4uppXBn8FakB75Ort7zRguOryH9gh98WE=
=gyIS
-----END PGP SIGNATURE-----
From owner-freebsd-jail@FreeBSD.ORG Wed Jun 11 20:56:34 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 69072F5A
for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 20:56:34 +0000 (UTC)
Received: from mail-qc0-x236.google.com (mail-qc0-x236.google.com
[IPv6:2607:f8b0:400d:c01::236])
(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
(Client CN "smtp.gmail.com",
Issuer "Google Internet Authority G2" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 1D7542525
for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 20:56:34 +0000 (UTC)
Received: by mail-qc0-f182.google.com with SMTP id m20so549114qcx.27
for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 13:56:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:cc:content-type;
bh=2Ad7nPAeXYnkchVTnQWC/ZSXWKy3y1qyGDjWqO5CzyM=;
b=gr5RmThxhjdpL0IJi0ZQc4UMGgx/eZNgXCATGEiIF5lFO8gLBhq2eTlbW813u7Y01L
N+S+0ooJXjzbJW7v7/uvYasCBgDjCm/hcpj1A/p8Bwl24Xkm7cgaoz9/e4V65tLSg/fC
g17ASr2ueGS8mdXL4SfdMbj6Ur1a9B3KiDX7Q=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:in-reply-to:references:date
:message-id:subject:from:to:cc:content-type;
bh=2Ad7nPAeXYnkchVTnQWC/ZSXWKy3y1qyGDjWqO5CzyM=;
b=Kk9c3ybhGh9vKRzywNrSLGN8dGGn9XljSp9NZ0YJmb5XldH7q5y1zT453HcjgR5N/G
0w44TuUQyo1dTzgMHCggdREL8cdrZUOqxulktInvqm8XSq3VawDq/e1z2St6zmkwCRel
EX2LUSOXNiBnjIIPr5Rug75euc9aE/zy6co7DUshYWqk3+3IB5JX4ugr18kw4pZ/sxg+
oFHvnN1dSF8MxA4ZYS++Uuz6YQl99qUNVE2Z6/0PjZjOwCtS/rTGNX0U5I3hKGNKaiZi
sTVYzwv9Wq1qsaitTIXttve8SxJ43CXRLjuxNgj/0P5NZ/sGRy7tFRMB0Fen68OTXo7n
y2vg==
X-Gm-Message-State: ALoCoQlVE608QO8NErhauHbFXV1wcpSzscavDnRVKKLj+Wevok3yK4lqyEe9RFrdfby+mq20i5YH
MIME-Version: 1.0
X-Received: by 10.140.98.234 with SMTP id o97mr52970432qge.35.1402520193127;
Wed, 11 Jun 2014 13:56:33 -0700 (PDT)
Received: by 10.140.92.198 with HTTP; Wed, 11 Jun 2014 13:56:33 -0700 (PDT)
X-Originating-IP: [75.128.101.59]
In-Reply-To: <5398B3C4.4050009@sky-ip.org>
References: <53979DA8.60002@sky-ip.org> <5397A0D9.403@freebsd.org>
<5397A16E.8080504@sky-ip.org> <5397A2C3.1090109@freebsd.org>
<5397AE8F.8020000@sky-ip.org>
<8B8FC782-7DF2-4BD3-883D-4ADE7E07822A@dataix.net>
<5398B3C4.4050009@sky-ip.org>
Date: Wed, 11 Jun 2014 16:56:33 -0400
Message-ID: <CAO2cuEOWA=tas1q2ROuC5qUpB7YZhhFsz3t=Y2B7_G3gmzOD9Q@mail.gmail.com>
Subject: Re: Assign Lookback address 127.0.0.1 to jail
From: Jason Hellenthal <jhellenthal@dataix.net>
To: "s7r@sky-ip.org" <s7r@sky-ip.org>
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.18
Cc: "freebsd-jail@freebsd.org" <freebsd-jail@freebsd.org>
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jun 2014 20:56:34 -0000
Simple.
echo 'options VIMAGE' >>/sys/`uname -p`/GENERIC
cd /usr/src && make buildkernel && make installkernel
Make the necessary adjustments to ensure your system is stable as you want
it to be during testing and then lock the settings for the jails into the
perspective configuration files and the host systems /etc/rc.conf for the
interfaces you will use.
Just an example of my base jail that I use for setting up other jails on
the fly...
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.poststop = "umount /export/cnt/$name/dev";
exec.clean;
mount.devfs;
path = "/export/cnt/$name";
allow.raw_sockets;
allow.socket_af;
vnet = new;
base {
host.hostname = base;
vnet.interface = vnet0;
securelevel = 3;
exec.start = "ifconfig vnet0 inet 172.X.X.22/22 broadcast
172.X.X.255";
exec.start += "route add default 172.X.X.1";
exec.start += "/bin/sh /etc/rc";
}
And in my systems rc.conf...
ifconfig_interface0_name="vnet0"
I actually give my base template jail a full actual interface to work with
so I can segment it off on the network at the switch level and drop it into
another management vlan. But the configuration is simple and similar to
other interfaces virtual or not like if_epair(4).
The rest of the jail configuration as in rc.conf and such within the jail
is the same as if it was not a VIMAGE so you should already be aware of
those details so I won't rattle on with those. But if you have any specific
questions about this as you move through setting up VIMAGE jails feel free
to give me a hollar directly or back to this list and Ill be happy to give
you a hand.
On Wed, Jun 11, 2014 at 3:53 PM, s7r@sky-ip.org <s7r@sky-ip.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 6/11/2014 4:46 AM, Jason Hellenthal wrote:
> > You could just go with building the host kernel with VIMAGE . . .
> > Then each jail has its own virtual network stack.
> >
> > image.png
> >
> > -- Jason Hellenthal Voice: 95.30.17.6/616 JJH48-ARIN
> >
> > On Jun 10, 2014, at 21:19, "s7r@sky-ip.org
> > <mailto:s7r@sky-ip.org>" <s7r@sky-ip.org <mailto:s7r@sky-ip.org>>
> > wrote:
> >
> > On 6/11/2014 3:28 AM, Allan Jude wrote:
> >>>> On 2014-06-10 20:23, s7r@sky-ip.org <mailto:s7r@sky-ip.org>
> >>>> wrote:
> >>>>> On 6/11/2014 3:20 AM, Allan Jude wrote:
> >>>>>> On 2014-06-10 20:07, s7r@sky-ip.org
> >>>>>> <mailto:s7r@sky-ip.org> wrote:
> >>>>>>> Hi,
> >>>>>>>
> >>>>>>> Operating system is FreeBSD 10.0 64 Bit
> >>>>>>>
> >>>>>>> I have installed ezjail from ports and properly
> >>>>>>> configured a jail with its own static and dedicated IP
> >>>>>>> address. Everything works good, it's just that I have
> >>>>>>> an application which requires to talk to another one
> >>>>>>> via RPC on IP 127.0.0.1, and I have noticed the jail
> >>>>>>> does not have a lo0 interface or localhost 127.0.0.1 IP
> >>>>>>> address.
> >>>>>>>
> >>>>>>> This is bad because the application has no choice but
> >>>>>>> to bind to the public IP address assigned to the jail,
> >>>>>>> and it's not safe.
> >>>>>>>
> >>>>>>> How can I add a lo0 interface with IP 127.0.0.1 to a
> >>>>>>> jail?
> >>>>>>>
> >>>>>>> Thanks in advance.
> >>>>>>> _______________________________________________
> >>>>>>> freebsd-jail@freebsd.org
> >>>>>>> <mailto:freebsd-jail@freebsd.org> mailing list
> >>>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> >>>>>>> To unsubscribe, send any mail to
> >>>>>>> "freebsd-jail-unsubscribe@freebsd.org
> >>>>>>> <mailto:freebsd-jail-unsubscribe@freebsd.org>"
> >>>>>>>
> >>>>>
> >>>>>> Does it have to be 127.0.0.1? You can add an alias like
> >>>>>> 127.0.0.2 to the lo0 interface and use that.
> >>>>>
> >>>>>> Inside the jail, 127.0.0.1 is mapped to the IP of the
> >>>>>> jail.
> >>>>>
> >>>>>> Using ezjail, you can also allocate more than 1 IP
> >>>>>> address to a jail by comma separating them
> >>>>>
> >>>>>> You can also make it automatically alias the IPs for you
> >>>>>> with the syntax:
> >>>>>
> >>>>>> em0|192.168.0.10,lo0|127.0.0.2 etc
> >>>>>
> >>>>>
> >>>>>
> >>>>> Thank you Allan for your fast reply.
> >>>>>
> >>>>> I have the jail already created via: # ezjail-admin create
> >>>>> <jailname> <em0|public IP>
> >>>>>
> >>>>> How do I modify the already existing jail to have
> >>>>> 127.0.0.2, for example, or can't I just have 127.0.0.1 in
> >>>>> the jail?
> >>>>>
> >>>>> _______________________________________________
> >>>>> freebsd-jail@freebsd.org <mailto:freebsd-jail@freebsd.org>
> >>>>> mailing list
> >>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail To
> >>>>> unsubscribe, send any mail to
> >>>>> "freebsd-jail-unsubscribe@freebsd.org
> >>>>> <mailto:freebsd-jail-unsubscribe@freebsd.org>"
> >>>>>
> >>>>
> >>>> Stop the jail, and then edit /usr/local/etc/ezjail/jail_name
> >>>>
> >>>> and change the line that defines the IPs
> >>>>
> >
> > Thank you it works, with 127.0.0.2
> >
> > If I try to add 127.0.0.1 will this create any conflicts with the
> > host or will it work? Because i have something important listening
> > on hosts's 127.0.0.1 and don't want to mess up. I would need the
> > same configuration within the jail also, so that's why I need the
> > .1 localhost IP.
> >
> >> _______________________________________________
> >> freebsd-jail@freebsd.org <mailto:freebsd-jail@freebsd.org>
> >> mailing list
> >> http://lists.freebsd.org/mailman/listinfo/freebsd-jail To
> >> unsubscribe, send any mail to
> >> "freebsd-jail-unsubscribe@freebsd.org
> >> <mailto:freebsd-jail-unsubscribe@freebsd.org>"
>
>
> Hey Jason
>
> Thanks for your suggestion. can you please ellaborate a little bit and
> tell me how can i do this step by step? I have an already installed
> system with ezjail and already created one jail - how can I add VIMAGE
> to have virtual network stack in each jail without having to reinstall
> the host or the jails? Thank you, looking forward for your reply.
>
> - --
> s7r
> PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11
> PGP Pubkey: http://www.sky-ip.org/s7r@sky-ip.org.asc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQEcBAEBAgAGBQJTmLPEAAoJEIN/pSyBJlsRabgH/iG/pNAmpmb5ZBYksIjm4U5K
> hOvKcOzGiZMn/8LgbJWYf930T8li0UFmr2MttKLjkbojju/zeqjWdYfRI4t+QI5Y
> JbKj0BFHA6hPxED7BDNaorHOA/jlAbreToyzMGVlK1EIo/CxCOroMBomomucjlAx
> LxICOVrUPmHfR/f3h+sOAgqTytflQQ389PalC7gBZ7IH72JTIEFpc+8Ql5+GPDCL
> cLKrrPiTXwQqurJHQMcaaTJ3DJ1Bk1WSipJiqyRNzWIkM29q/CwEeZcyxc+7tbet
> EZaL2JechFirmlSRRj/uINqzjW5xCN4uppXBn8FakB75Ort7zRguOryH9gh98WE=
> =gyIS
> -----END PGP SIGNATURE-----
>
From owner-freebsd-jail@FreeBSD.ORG Wed Jun 11 21:17:26 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id C491B952
for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 21:17:26 +0000 (UTC)
Received: from outbound.mailhostbox.com (outbound.mailhostbox.com
[162.222.225.21])
by mx1.freebsd.org (Postfix) with ESMTP id 85DFE279F
for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 21:17:26 +0000 (UTC)
Received: from [192.168.1.2] (unknown [109.99.157.72])
(using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
(No client certificate requested)
(Authenticated sender: s7r@sky-ip.org)
by outbound.mailhostbox.com (Postfix) with ESMTPSA id 81E836381EC;
Wed, 11 Jun 2014 21:11:11 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sky-ip.org;
s=20110108; t=1402521073;
bh=t2iZiv+UlZXzr3FCg/fRineu+MtRwI5ABrMcc36ktNM=;
h=Message-ID:Date:From:Reply-To:MIME-Version:To:CC:Subject:
References:In-Reply-To:Content-Type:Content-Transfer-Encoding;
b=MhELcb9aZbsnVtc1dTbbZldF5OusYQivfLyupPhUCL+9DlOz1wVCxNP9dPD1KDWZc
mldg0ragpghEsRrybfxkAU3hmggpANr7e646sm6zyexK4nr07W7sarcsNRbz02YhTi
XvKnGdGNrI7ZdCf2CQtTWYrJv1Iy4BdrXxwppCHo=
Message-ID: <5398C5F0.6030203@sky-ip.org>
Date: Thu, 12 Jun 2014 00:11:12 +0300
From: "s7r@sky-ip.org" <s7r@sky-ip.org>
Reply-To: s7r@sky-ip.org
User-Agent: Mozilla/5.0 (Windows NT 5.1;
rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: Jason Hellenthal <jhellenthal@dataix.net>
Subject: Re: Assign Lookback address 127.0.0.1 to jail
References: <53979DA8.60002@sky-ip.org> <5397A0D9.403@freebsd.org> <5397A16E.8080504@sky-ip.org> <5397A2C3.1090109@freebsd.org> <5397AE8F.8020000@sky-ip.org> <8B8FC782-7DF2-4BD3-883D-4ADE7E07822A@dataix.net> <5398B3C4.4050009@sky-ip.org>
<CAO2cuEOWA=tas1q2ROuC5qUpB7YZhhFsz3t=Y2B7_G3gmzOD9Q@mail.gmail.com>
In-Reply-To: <CAO2cuEOWA=tas1q2ROuC5qUpB7YZhhFsz3t=Y2B7_G3gmzOD9Q@mail.gmail.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-CTCH-RefID: str=0001.0A020204.5398C5F0.0034, ss=1, re=0.000, recu=0.000,
reip=0.000, cl=1, cld=1, fgs=0
X-CTCH-VOD: Unknown
X-CTCH-Spam: Unknown
X-CTCH-Score: 0.000
X-CTCH-Rules:
X-CTCH-Flags: 0
X-CTCH-ScoreCust: 0.000
X-CTCH-SenderID: s7r@sky-ip.org
X-CTCH-SenderID-TotalMessages: 1
X-CTCH-SenderID-TotalSpam: 0
X-CTCH-SenderID-TotalSuspected: 0
X-CTCH-SenderID-TotalBulk: 0
X-CTCH-SenderID-TotalConfirmed: 0
X-CTCH-SenderID-TotalRecipients: 0
X-CTCH-SenderID-TotalVirus: 0
X-CTCH-SenderID-BlueWhiteFlag: 0
X-Scanned-By: MIMEDefang 2.72 on 172.18.214.134
Cc: "freebsd-jail@freebsd.org" <freebsd-jail@freebsd.org>
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jun 2014 21:17:26 -0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 6/11/2014 11:56 PM, Jason Hellenthal wrote:
> Simple.
>
> echo 'options VIMAGE' >>/sys/`uname -p`/GENERIC cd /usr/src && make
> buildkernel && make installkernel
>
This is perfectly, clear - hope it does not affect the current
functionality and installed ports on the running machine?
> Make the necessary adjustments to ensure your system is stable as
> you want it to be during testing and then lock the settings for the
> jails into the perspective configuration files and the host
> systems /etc/rc.conf for the interfaces you will use.
>
> Just an example of my base jail that I use for setting up other
> jails on the fly... exec.stop = "/bin/sh /etc/rc.shutdown";
> exec.poststop = "umount /export/cnt/$name/dev"; exec.clean;
>
> mount.devfs;
>
> path = "/export/cnt/$name";
>
> allow.raw_sockets; allow.socket_af; vnet = new;
>
> base { host.hostname = base; vnet.interface = vnet0; securelevel =
> 3; exec.start = "ifconfig vnet0 inet 172.X.X.22/22 broadcast
> 172.X.X.255"; exec.start += "route add default 172.X.X.1";
> exec.start += "/bin/sh /etc/rc"; }
>
Q1: All This is tot be pasted into jails's /etc/rc.conf file?
Q2: 172.X.X.22/22 -> I want to assign a public IP address to the jail,
and a local loopback address.
Q3: route add default - this is the default router? this should be the
host's public IP address or the IP address of the gateway assigned by
my ISP?
> And in my systems rc.conf... ifconfig_interface0_name="vnet0"
>
No IP address here or alias for vnet0? In host's /etc/rc.conf? Just
interface0_name="vnet0"? Shouldn't interface0 be em0, the default
interface of the host? Shouldn't that come first?
> I actually give my base template jail a full actual interface to
> work with so I can segment it off on the network at the switch
> level and drop it into another management vlan. But the
> configuration is simple and similar to other interfaces virtual or
> not like if_epair(4).
>
> The rest of the jail configuration as in rc.conf and such within
> the jail is the same as if it was not a VIMAGE so you should
> already be aware of those details so I won't rattle on with those.
> But if you have any specific questions about this as you move
> through setting up VIMAGE jails feel free to give me a hollar
> directly or back to this list and Ill be happy to give you a hand.
>
>
>
>
> On Wed, Jun 11, 2014 at 3:53 PM, s7r@sky-ip.org
> <mailto:s7r@sky-ip.org> <s7r@sky-ip.org <mailto:s7r@sky-ip.org>>
> wrote:
>
> On 6/11/2014 4:46 AM, Jason Hellenthal wrote:
>> You could just go with building the host kernel with VIMAGE . .
>> . Then each jail has its own virtual network stack.
>
>> image.png
>
>> -- Jason Hellenthal Voice: 95.30.17.6/616
>> <http://95.30.17.6/616>
> JJH48-ARIN
>
>> On Jun 10, 2014, at 21:19, "s7r@sky-ip.org
>> <mailto:s7r@sky-ip.org> <mailto:s7r@sky-ip.org
>> <mailto:s7r@sky-ip.org>>" <s7r@sky-ip.org
> <mailto:s7r@sky-ip.org> <mailto:s7r@sky-ip.org
> <mailto:s7r@sky-ip.org>>>
>> wrote:
>
>> On 6/11/2014 3:28 AM, Allan Jude wrote:
>>>>> On 2014-06-10 20:23, s7r@sky-ip.org
>>>>> <mailto:s7r@sky-ip.org>
> <mailto:s7r@sky-ip.org <mailto:s7r@sky-ip.org>>
>>>>> wrote:
>>>>>> On 6/11/2014 3:20 AM, Allan Jude wrote:
>>>>>>> On 2014-06-10 20:07, s7r@sky-ip.org
>>>>>>> <mailto:s7r@sky-ip.org> <mailto:s7r@sky-ip.org
>>>>>>> <mailto:s7r@sky-ip.org>> wrote:
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> Operating system is FreeBSD 10.0 64 Bit
>>>>>>>>
>>>>>>>> I have installed ezjail from ports and properly
>>>>>>>> configured a jail with its own static and dedicated
>>>>>>>> IP address. Everything works good, it's just that I
>>>>>>>> have an application which requires to talk to another
>>>>>>>> one via RPC on IP 127.0.0.1, and I have noticed the
>>>>>>>> jail does not have a lo0 interface or localhost
>>>>>>>> 127.0.0.1 IP address.
>>>>>>>>
>>>>>>>> This is bad because the application has no choice
>>>>>>>> but to bind to the public IP address assigned to the
>>>>>>>> jail, and it's not safe.
>>>>>>>>
>>>>>>>> How can I add a lo0 interface with IP 127.0.0.1 to a
>>>>>>>> jail?
>>>>>>>>
>>>>>>>> Thanks in advance.
>>>>>>>> _______________________________________________
>>>>>>>> freebsd-jail@freebsd.org
>>>>>>>> <mailto:freebsd-jail@freebsd.org>
>>>>>>>> <mailto:freebsd-jail@freebsd.org
> <mailto:freebsd-jail@freebsd.org>> mailing list
>>>>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
>>>>>>>>
>>>>>>>>
To unsubscribe, send any mail to
>>>>>>>> "freebsd-jail-unsubscribe@freebsd.org
> <mailto:freebsd-jail-unsubscribe@freebsd.org>
>>>>>>>> <mailto:freebsd-jail-unsubscribe@freebsd.org
> <mailto:freebsd-jail-unsubscribe@freebsd.org>>"
>>>>>>>>
>>>>>>
>>>>>>> Does it have to be 127.0.0.1? You can add an alias
>>>>>>> like 127.0.0.2 to the lo0 interface and use that.
>>>>>>
>>>>>>> Inside the jail, 127.0.0.1 is mapped to the IP of the
>>>>>>> jail.
>>>>>>
>>>>>>> Using ezjail, you can also allocate more than 1 IP
>>>>>>> address to a jail by comma separating them
>>>>>>
>>>>>>> You can also make it automatically alias the IPs for
>>>>>>> you with the syntax:
>>>>>>
>>>>>>> em0|192.168.0.10,lo0|127.0.0.2 etc
>>>>>>
>>>>>>
>>>>>>
>>>>>> Thank you Allan for your fast reply.
>>>>>>
>>>>>> I have the jail already created via: # ezjail-admin
>>>>>> create <jailname> <em0|public IP>
>>>>>>
>>>>>> How do I modify the already existing jail to have
>>>>>> 127.0.0.2, for example, or can't I just have 127.0.0.1
>>>>>> in the jail?
>>>>>>
>>>>>> _______________________________________________
>>>>>> freebsd-jail@freebsd.org
>>>>>> <mailto:freebsd-jail@freebsd.org>
> <mailto:freebsd-jail@freebsd.org
> <mailto:freebsd-jail@freebsd.org>>
>>>>>> mailing list
>>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
>>>>>> To unsubscribe, send any mail to
>>>>>> "freebsd-jail-unsubscribe@freebsd.org
> <mailto:freebsd-jail-unsubscribe@freebsd.org>
>>>>>> <mailto:freebsd-jail-unsubscribe@freebsd.org
> <mailto:freebsd-jail-unsubscribe@freebsd.org>>"
>>>>>>
>>>>>
>>>>> Stop the jail, and then edit
>>>>> /usr/local/etc/ezjail/jail_name
>>>>>
>>>>> and change the line that defines the IPs
>>>>>
>
>> Thank you it works, with 127.0.0.2
>
>> If I try to add 127.0.0.1 will this create any conflicts with
>> the host or will it work? Because i have something important
>> listening on hosts's 127.0.0.1 and don't want to mess up. I would
>> need the same configuration within the jail also, so that's why I
>> need the .1 localhost IP.
>
>>> _______________________________________________
>>> freebsd-jail@freebsd.org <mailto:freebsd-jail@freebsd.org>
> <mailto:freebsd-jail@freebsd.org
> <mailto:freebsd-jail@freebsd.org>>
>>> mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail To
>>> unsubscribe, send any mail to
>>> "freebsd-jail-unsubscribe@freebsd.org
> <mailto:freebsd-jail-unsubscribe@freebsd.org>
>>> <mailto:freebsd-jail-unsubscribe@freebsd.org
> <mailto:freebsd-jail-unsubscribe@freebsd.org>>"
>
>
> Hey Jason
>
> Thanks for your suggestion. can you please ellaborate a little bit
> and tell me how can i do this step by step? I have an already
> installed system with ezjail and already created one jail - how can
> I add VIMAGE to have virtual network stack in each jail without
> having to reinstall the host or the jails? Thank you, looking
> forward for your reply.
>
>
>
Thank you.
- --
s7r
PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11
PGP Pubkey: http://www.sky-ip.org/s7r@sky-ip.org.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJTmMXvAAoJEIN/pSyBJlsRexUH/j3MJ7iX+jjONjdYseELq749
6ZgyaVGS7WqC5Wzst2bd3nlmRUS4qkVLTJRzrFEw5mLpTxOpmgmYZSIEzWHt83Rq
s++Et0wB3TKRMUofbI1Pfy+tyox+Q3vunXU1w0HtUS/IWceEsIO7k2nqZPnzwnuq
RdwShXn1OCosdpu+ERG6WRZjjUsv//5gwZBTaEyp/ksJX6XaryviuTWZ1ZYJnICS
ricFl26XcqW6SDHqTAav5WGWVOiLSZnwn9JovyFmiMywlKa0ytkc/wRdCYOUFWla
KHkMJlCATeFPPO3tCmOfl9uU5uOoAbzdImI16Xs+WDpy9zCNPQq4zlCwg8kZPIM=
=8N1Z
-----END PGP SIGNATURE-----
From owner-freebsd-jail@FreeBSD.ORG Wed Jun 11 21:31:30 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 1265EF4F
for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 21:31:30 +0000 (UTC)
Received: from mail-ie0-x22b.google.com (mail-ie0-x22b.google.com
[IPv6:2607:f8b0:4001:c03::22b])
(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
(Client CN "smtp.gmail.com",
Issuer "Google Internet Authority G2" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id BEF9529A1
for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 21:31:29 +0000 (UTC)
Received: by mail-ie0-f171.google.com with SMTP id x19so350244ier.30
for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 14:31:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa;
h=references:mime-version:in-reply-to:content-type
:content-transfer-encoding:message-id:cc:from:subject:date:to;
bh=a318087zvthGp1xtueUWjyTTDFd5WJtzl78y8x7W14o=;
b=Lg7BVk56U9svWH9ksTrxn9/LwwOl9twi8guRhp0jjGRAZaDoQ0VPYi0xuGE1+3Hbib
7/UWOg/Z6CloR4mYUL3yqDXWitQ+NE88FqL/uDzYLlqNla24Iq7PVVbgSD+KBbixUOPG
hKhp1yyEAcEcah0fHh1uB3an5b2fa79mWqo8k=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:references:mime-version:in-reply-to:content-type
:content-transfer-encoding:message-id:cc:from:subject:date:to;
bh=a318087zvthGp1xtueUWjyTTDFd5WJtzl78y8x7W14o=;
b=G59WyHz8A6lX1owZ9T21EwSo+1jb8qQA1VKv7jvSw+Ku+u/oAFygGuflhDV0vyimlD
3P73h+HFA6iodK4RXRIoTZis/ojJ1OwxZZfVqNAeH2oLpA0cNSGh5zYofSWlnhY8Yh/q
FfM0uqzdD6obFiz7C8Q3TBk653U76qNAA/CuhXcVvPImPa7RjazOkBej1oIyyTj7+DUg
tIGB4WfpXpOaGpG4VZexoMTCleQK63zw9qHnUCgA1UCu0+jQXq/etiCrX077ODbUdNIP
HiwVsNg3B+bTyE9CvqIK4coVoLJnvM0oK2gL8YvZc3B7XS8CtRcT2azNaCp51y27XEN9
jYEg==
X-Gm-Message-State: ALoCoQntamP0G76InwbfMvkvfpQdcVlSp8BMEXRERdZs7lyfqiJIq+w4v0nhYAUk0iYqnUaO36Y/
X-Received: by 10.51.17.97 with SMTP id gd1mr928068igd.18.1402522288999;
Wed, 11 Jun 2014 14:31:28 -0700 (PDT)
Received: from [172.31.35.2] (75-128-101-59.dhcp.sgnw.mi.charter.com.
[75.128.101.59])
by mx.google.com with ESMTPSA id mj5sm190023igb.6.2014.06.11.14.31.27
for <multiple recipients>
(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
Wed, 11 Jun 2014 14:31:28 -0700 (PDT)
References: <53979DA8.60002@sky-ip.org> <5397A0D9.403@freebsd.org>
<5397A16E.8080504@sky-ip.org> <5397A2C3.1090109@freebsd.org>
<5397AE8F.8020000@sky-ip.org>
<8B8FC782-7DF2-4BD3-883D-4ADE7E07822A@dataix.net>
<5398B3C4.4050009@sky-ip.org>
<CAO2cuEOWA=tas1q2ROuC5qUpB7YZhhFsz3t=Y2B7_G3gmzOD9Q@mail.gmail.com>
<5398C5F0.6030203@sky-ip.org>
Mime-Version: 1.0 (1.0)
In-Reply-To: <5398C5F0.6030203@sky-ip.org>
Content-Type: multipart/signed; micalg=sha1;
boundary=Apple-Mail-AB37220B-ACF4-407C-81AE-F92F18A4C79D;
protocol="application/pkcs7-signature"
Content-Transfer-Encoding: 7bit
Message-Id: <0FA473B3-D3F9-4291-9A85-D16D201FF19A@dataix.net>
X-Mailer: iPhone Mail (11B554a)
From: Jason Hellenthal <jhellenthal@dataix.net>
Subject: Re: Assign Lookback address 127.0.0.1 to jail
Date: Wed, 11 Jun 2014 17:31:25 -0400
To: "s7r@sky-ip.org" <s7r@sky-ip.org>
X-Content-Filtered-By: Mailman/MimeDel 2.1.18
Cc: "freebsd-jail@freebsd.org" <freebsd-jail@freebsd.org>
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jun 2014 21:31:30 -0000
--Apple-Mail-AB37220B-ACF4-407C-81AE-F92F18A4C79D
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: quoted-printable
--=20
Jason Hellenthal
Voice: 95.30.17.6/616
JJH48-ARIN
> On Jun 11, 2014, at 17:11, "s7r@sky-ip.org" <s7r@sky-ip.org> wrote:
>=20
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>=20
>> On 6/11/2014 11:56 PM, Jason Hellenthal wrote:
>> Simple.
>>=20
>> echo 'options VIMAGE' >>/sys/`uname -p`/GENERIC cd /usr/src && make
>> buildkernel && make installkernel
> This is perfectly, clear - hope it does not affect the current
> functionality and installed ports on the running machine?
>=20
>> Make the necessary adjustments to ensure your system is stable as
>> you want it to be during testing and then lock the settings for the
>> jails into the perspective configuration files and the host
>> systems /etc/rc.conf for the interfaces you will use.
>>=20
>> Just an example of my base jail that I use for setting up other
>> jails on the fly... exec.stop =3D "/bin/sh /etc/rc.shutdown";=20
>> exec.poststop =3D "umount /export/cnt/$name/dev"; exec.clean;
>>=20
>> mount.devfs;
>>=20
>> path =3D "/export/cnt/$name";
>>=20
>> allow.raw_sockets; allow.socket_af; vnet =3D new;
>>=20
>> base { host.hostname =3D base; vnet.interface =3D vnet0; securelevel =3D
>> 3; exec.start =3D "ifconfig vnet0 inet 172.X.X.22/22 broadcast=20
>> 172.X.X.255"; exec.start +=3D "route add default 172.X.X.1";=20
>> exec.start +=3D "/bin/sh /etc/rc"; }
> Q1: All This is tot be pasted into jails's /etc/rc.conf file?
That portion is for the jail.conf(5) syntax. /etc/jail.conf
Possibly easyjail ? In /usr/local as well but I'm unfamiliar with easyjail b=
ut the above settings in place should effect globally.
>=20
> Q2: 172.X.X.22/22 -> I want to assign a public IP address to the jail,
> and a local loopback address.
You wont have to worry about the loop back as that will be automatically con=
figured since it will now have its own virtual network stack. And it's very o=
wn lo0 interface.
The public IP space you can just change that 172 class B to whatever you nee=
d in the jail.conf to set that for every time the jail starts.
>=20
> Q3: route add default - this is the default router? this should be the
> host's public IP address or the IP address of the gateway assigned by
> my ISP?
If I'm understanding that correctly yes. Think of this now as its own entity=
with its own network stack. Your just configuring it just like you would if=
you were setting up an actual additional machine on your network.
>=20
>> And in my systems rc.conf... ifconfig_interface0_name=3D"vnet0"
> No IP address here or alias for vnet0? In host's /etc/rc.conf? Just
> interface0_name=3D"vnet0"? Shouldn't interface0 be em0, the default
> interface of the host? Shouldn't that come first?
>=20
>> I actually give my base template jail a full actual interface to
>> work with so I can segment it off on the network at the switch
>> level and drop it into another management vlan. But the
>> configuration is simple and similar to other interfaces virtual or
>> not like if_epair(4).
>>=20
>> The rest of the jail configuration as in rc.conf and such within
>> the jail is the same as if it was not a VIMAGE so you should
>> already be aware of those details so I won't rattle on with those.
>> But if you have any specific questions about this as you move
>> through setting up VIMAGE jails feel free to give me a hollar
>> directly or back to this list and Ill be happy to give you a hand.
>>=20
>>=20
>>=20
>>=20
>> On Wed, Jun 11, 2014 at 3:53 PM, s7r@sky-ip.org
>> <mailto:s7r@sky-ip.org> <s7r@sky-ip.org <mailto:s7r@sky-ip.org>>
>> wrote:
>>=20
>>> On 6/11/2014 4:46 AM, Jason Hellenthal wrote:
>>> You could just go with building the host kernel with VIMAGE . .
>>> . Then each jail has its own virtual network stack.
>>=20
>>> image.png
>>=20
>>> -- Jason Hellenthal Voice: 95.30.17.6/616
>>> <http://95.30.17.6/616>
>> JJH48-ARIN
>>=20
>>> On Jun 10, 2014, at 21:19, "s7r@sky-ip.org
>>> <mailto:s7r@sky-ip.org> <mailto:s7r@sky-ip.org
>>> <mailto:s7r@sky-ip.org>>" <s7r@sky-ip.org
>> <mailto:s7r@sky-ip.org> <mailto:s7r@sky-ip.org
>> <mailto:s7r@sky-ip.org>>>
>>> wrote:
>>=20
>>> On 6/11/2014 3:28 AM, Allan Jude wrote:
>>>>>> On 2014-06-10 20:23, s7r@sky-ip.org
>>>>>> <mailto:s7r@sky-ip.org>
>> <mailto:s7r@sky-ip.org <mailto:s7r@sky-ip.org>>
>>>>>> wrote:
>>>>>>>> On 6/11/2014 3:20 AM, Allan Jude wrote:
>>>>>>>> On 2014-06-10 20:07, s7r@sky-ip.org
>>>>>>>> <mailto:s7r@sky-ip.org> <mailto:s7r@sky-ip.org
>>>>>>>> <mailto:s7r@sky-ip.org>> wrote:
>>>>>>>>> Hi,
>>>>>>>>>=20
>>>>>>>>> Operating system is FreeBSD 10.0 64 Bit
>>>>>>>>>=20
>>>>>>>>> I have installed ezjail from ports and properly=20
>>>>>>>>> configured a jail with its own static and dedicated
>>>>>>>>> IP address. Everything works good, it's just that I
>>>>>>>>> have an application which requires to talk to another
>>>>>>>>> one via RPC on IP 127.0.0.1, and I have noticed the
>>>>>>>>> jail does not have a lo0 interface or localhost
>>>>>>>>> 127.0.0.1 IP address.
>>>>>>>>>=20
>>>>>>>>> This is bad because the application has no choice
>>>>>>>>> but to bind to the public IP address assigned to the
>>>>>>>>> jail, and it's not safe.
>>>>>>>>>=20
>>>>>>>>> How can I add a lo0 interface with IP 127.0.0.1 to a=20
>>>>>>>>> jail?
>>>>>>>>>=20
>>>>>>>>> Thanks in advance.=20
>>>>>>>>> _______________________________________________=20
>>>>>>>>> freebsd-jail@freebsd.org
>>>>>>>>> <mailto:freebsd-jail@freebsd.org>=20
>>>>>>>>> <mailto:freebsd-jail@freebsd.org
>> <mailto:freebsd-jail@freebsd.org>> mailing list
>>>>>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to
>>>>>>>>> "freebsd-jail-unsubscribe@freebsd.org
>> <mailto:freebsd-jail-unsubscribe@freebsd.org>
>>>>>>>>> <mailto:freebsd-jail-unsubscribe@freebsd.org
>> <mailto:freebsd-jail-unsubscribe@freebsd.org>>"
>>>>>>>=20
>>>>>>>> Does it have to be 127.0.0.1? You can add an alias
>>>>>>>> like 127.0.0.2 to the lo0 interface and use that.
>>>>>>>=20
>>>>>>>> Inside the jail, 127.0.0.1 is mapped to the IP of the=20
>>>>>>>> jail.
>>>>>>>=20
>>>>>>>> Using ezjail, you can also allocate more than 1 IP=20
>>>>>>>> address to a jail by comma separating them
>>>>>>>=20
>>>>>>>> You can also make it automatically alias the IPs for
>>>>>>>> you with the syntax:
>>>>>>>=20
>>>>>>>> em0|192.168.0.10,lo0|127.0.0.2 etc
>>>>>>>=20
>>>>>>>=20
>>>>>>>=20
>>>>>>> Thank you Allan for your fast reply.
>>>>>>>=20
>>>>>>> I have the jail already created via: # ezjail-admin
>>>>>>> create <jailname> <em0|public IP>
>>>>>>>=20
>>>>>>> How do I modify the already existing jail to have=20
>>>>>>> 127.0.0.2, for example, or can't I just have 127.0.0.1
>>>>>>> in the jail?
>>>>>>>=20
>>>>>>> _______________________________________________=20
>>>>>>> freebsd-jail@freebsd.org
>>>>>>> <mailto:freebsd-jail@freebsd.org>
>> <mailto:freebsd-jail@freebsd.org
>> <mailto:freebsd-jail@freebsd.org>>
>>>>>>> mailing list=20
>>>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
>>>>>>> To unsubscribe, send any mail to=20
>>>>>>> "freebsd-jail-unsubscribe@freebsd.org
>> <mailto:freebsd-jail-unsubscribe@freebsd.org>
>>>>>>> <mailto:freebsd-jail-unsubscribe@freebsd.org
>> <mailto:freebsd-jail-unsubscribe@freebsd.org>>"
>>>>>>=20
>>>>>> Stop the jail, and then edit
>>>>>> /usr/local/etc/ezjail/jail_name
>>>>>>=20
>>>>>> and change the line that defines the IPs
>>=20
>>> Thank you it works, with 127.0.0.2
>>=20
>>> If I try to add 127.0.0.1 will this create any conflicts with
>>> the host or will it work? Because i have something important
>>> listening on hosts's 127.0.0.1 and don't want to mess up. I would
>>> need the same configuration within the jail also, so that's why I
>>> need the .1 localhost IP.
>>=20
>>>> _______________________________________________=20
>>>> freebsd-jail@freebsd.org <mailto:freebsd-jail@freebsd.org>
>> <mailto:freebsd-jail@freebsd.org
>> <mailto:freebsd-jail@freebsd.org>>
>>>> mailing list=20
>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail To=20
>>>> unsubscribe, send any mail to=20
>>>> "freebsd-jail-unsubscribe@freebsd.org
>> <mailto:freebsd-jail-unsubscribe@freebsd.org>
>>>> <mailto:freebsd-jail-unsubscribe@freebsd.org
>> <mailto:freebsd-jail-unsubscribe@freebsd.org>>"
>>=20
>>=20
>> Hey Jason
>>=20
>> Thanks for your suggestion. can you please ellaborate a little bit
>> and tell me how can i do this step by step? I have an already
>> installed system with ezjail and already created one jail - how can
>> I add VIMAGE to have virtual network stack in each jail without
>> having to reinstall the host or the jails? Thank you, looking
>> forward for your reply.
> Thank you.
> - --=20
> s7r
> PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11
> PGP Pubkey: http://www.sky-ip.org/s7r@sky-ip.org.asc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
>=20
> iQEcBAEBAgAGBQJTmMXvAAoJEIN/pSyBJlsRexUH/j3MJ7iX+jjONjdYseELq749
> 6ZgyaVGS7WqC5Wzst2bd3nlmRUS4qkVLTJRzrFEw5mLpTxOpmgmYZSIEzWHt83Rq
> s++Et0wB3TKRMUofbI1Pfy+tyox+Q3vunXU1w0HtUS/IWceEsIO7k2nqZPnzwnuq
> RdwShXn1OCosdpu+ERG6WRZjjUsv//5gwZBTaEyp/ksJX6XaryviuTWZ1ZYJnICS
> ricFl26XcqW6SDHqTAav5WGWVOiLSZnwn9JovyFmiMywlKa0ytkc/wRdCYOUFWla
> KHkMJlCATeFPPO3tCmOfl9uU5uOoAbzdImI16Xs+WDpy9zCNPQq4zlCwg8kZPIM=3D
> =3D8N1Z
> -----END PGP SIGNATURE-----
--Apple-Mail-AB37220B-ACF4-407C-81AE-F92F18A4C79D
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Disposition: attachment;
filename=smime.p7s
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIUOTCCBjAw
ggUYoAMCAQICAwohwzANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0
YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcx
ODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENB
MB4XDTE0MDYwMzAzMzkyN1oXDTE1MDYwMzE4MDgxM1owSDEfMB0GA1UEAwwWamhlbGxlbnRoYWxA
ZGF0YWl4Lm5ldDElMCMGCSqGSIb3DQEJARYWamhlbGxlbnRoYWxAZGF0YWl4Lm5ldDCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJKGjiPzL417iKfMoeneq5efP1IaUUtMOy8yf+e7vO6k
JF8PWpXPevNbHzgWqB+EyEqjlNdsIApe9dl8Pb4/wLxjGpeoI9h83WzblarnczZfK7s0eyT/qN0Q
d9wFoX7ScyFdpFNW4TyCUNsRrqWkW1PM+nYcix9Ro9i9N89nQjIuND/2JZBgnGVys1yAqN6XF2e8
RAKlD1e5hJ3xyM7STk74Jex9b/D8jF/gmKTbJZ8zKST3VnEVIPTNUtDyCKrfwHEUT7PlLTPFBmXS
YxbK33AkYF7hHR8YP1zzlShucaef1Fsqj1dz151XjqIvgLetfDUDQJTRKaQSqouYbQibC4sCAwEA
AaOCAtwwggLYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggr
BgEFBQcDBDAdBgNVHQ4EFgQUzDac0huOVpzovDj7gQlVDDg1z4swHwYDVR0jBBgwFoAUU3Ltkpzg
2ssBXHx+ljVO8tS4UYIwIQYDVR0RBBowGIEWamhlbGxlbnRoYWxAZGF0YWl4Lm5ldDCCAUwGA1Ud
IASCAUMwggE/MIIBOwYLKwYBBAGBtTcBAgMwggEqMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3LnN0
YXJ0c3NsLmNvbS9wb2xpY3kucGRmMIH3BggrBgEFBQcCAjCB6jAnFiBTdGFydENvbSBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTADAgEBGoG+VGhpcyBjZXJ0aWZpY2F0ZSB3YXMgaXNzdWVkIGFjY29y
ZGluZyB0byB0aGUgQ2xhc3MgMSBWYWxpZGF0aW9uIHJlcXVpcmVtZW50cyBvZiB0aGUgU3RhcnRD
b20gQ0EgcG9saWN5LCByZWxpYW5jZSBvbmx5IGZvciB0aGUgaW50ZW5kZWQgcHVycG9zZSBpbiBj
b21wbGlhbmNlIG9mIHRoZSByZWx5aW5nIHBhcnR5IG9ibGlnYXRpb25zLjA2BgNVHR8ELzAtMCug
KaAnhiVodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9jcnR1MS1jcmwuY3JsMIGOBggrBgEFBQcBAQSB
gTB/MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcC5zdGFydHNzbC5jb20vc3ViL2NsYXNzMS9jbGll
bnQvY2EwQgYIKwYBBQUHMAKGNmh0dHA6Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL3N1Yi5jbGFz
czEuY2xpZW50LmNhLmNydDAjBgNVHRIEHDAahhhodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS8wDQYJ
KoZIhvcNAQELBQADggEBABTurlkTDTe7R/3Va4AJzgeLybzHTijxvU9VE985fuKRBxS3x0cjKODM
Gv4ynlsHCZHONGouIbuU1W0dcaiWA2Qxo0gqwXoGFZ65ERgRhot1n8UKQTvVKg/qhd2RGgqaqFFY
qagXQAPglmpyvq3Hk6AN0E9XqAnbWCVaXUk0Al/TgZlCFtfE1NxfSkfF6u4ffkhj3AHHkbtBXsAe
aSVF/ZJ7ET4Ji//oozVxJktOFQzb96HgMYKMk/YSznIqt3guY3KJbahQiVouWErvQaMYsXX5JUOQ
YjnSa2/axNOTnUCPhDrgoS7BAJtJvNao8XWkRpp8RqqqhIywhrCsQlkRj7MwggY0MIIEHKADAgEC
AgEeMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQu
MSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkwJwYDVQQDEyBT
dGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzEwMjQyMTAxNTVaFw0xNzEwMjQy
MTAxNTVaMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh
c3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDHCYPMzi3YGrEppC4Tq5a+ijKDjKaIQZZVR63UbxIP6uq/I0fhCu+cQhoUfE6E
RKKnu8zPf1Jwuk0tsvVCk6U9b+0UjM0dLep3ZdE1gblK/1FwYT5Pipsu2yOMluLqwvsuz9/9f1+1
PKHG/FaR/wpbfuIqu54qzHDYeqiUfsYzoVflR80DAC7hmJ+SmZnNTWyUGHJbBpA8Q89lGxahNvur
yGaC/o2/ceD2uYDX9U8Eg5DpIpGQdcbQeGarV04WgAUjjXX5r/2dabmtxWMZwhZna//jdiSyrrSM
TGKkDiXm6/3/4ebfeZuCYKzN2P8O2F/Xe2AC/Y7zeEsnR7FOp+uXAgMBAAGjggGtMIIBqTAPBgNV
HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUU3Ltkpzg2ssBXHx+ljVO8tS4
UYIwHwYDVR0jBBgwFoAUTgvvGqRAW6UXaYcwyjRoQ9BBrvIwZgYIKwYBBQUHAQEEWjBYMCcGCCsG
AQUFBzABhhtodHRwOi8vb2NzcC5zdGFydHNzbC5jb20vY2EwLQYIKwYBBQUHMAKGIWh0dHA6Ly93
d3cuc3RhcnRzc2wuY29tL3Nmc2NhLmNydDBbBgNVHR8EVDBSMCegJaAjhiFodHRwOi8vd3d3LnN0
YXJ0c3NsLmNvbS9zZnNjYS5jcmwwJ6AloCOGIWh0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL3Nmc2Nh
LmNybDCBgAYDVR0gBHkwdzB1BgsrBgEEAYG1NwECATBmMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3
LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMDQGCCsGAQUFBwIBFihodHRwOi8vd3d3LnN0YXJ0c3Ns
LmNvbS9pbnRlcm1lZGlhdGUucGRmMA0GCSqGSIb3DQEBBQUAA4ICAQAKgwh9eKssBly4Y4xerhy5
I3dNoXHYfYa8PlVLL/qtXnkFgdtY1o95CfegFJTwqBBmf8pyTUnFsukDFUI22zF5bVHzuJ+GxhnS
qN2sD1qetbYwBYK2iyYA5Pg7Er1A+hKMIzEzcduRkIMmCeUTyMyikfbUFvIBivtvkR8ZFAk22BZy
+pJfAoedO61HTz4qSfQoCRcLN5A0t4DkuVhTMXIzuQ8CnykhExD6x4e6ebIbrjZLb7L+ocR0y4Yj
Cl/Pd4MXU91y0vTipgr/O75CDUHDRHCCKBVmz/Rzkc/b970MEeHt5LC3NiWTgBSvrLEuVzBKM586
YoRD9Dy3OHQgWI270g+5MYA8GfgI/EPT5G7xPbCDz+zjdH89PeR3U4So4lSXur6H6vp+m9TQXPF3
a0LwZrp8MQ+Z77U1uL7TelWO5lApsbAonrqASfTpaprFVkL4nyGH+NHST2ZJPWIBk81i6Vw0ny0q
ZW2Niy/QvVNKbb43A43ny076khXO7cNbBIRdJ/6qQNq9Bqb5C0Q5nEsFcj75oxQRqlKf6TcvGbjx
kJh8BYtv9ePsXklAxtm8J7GCUBthHSQgepbkOexhJ0wP8imUkyiPHQ0GvEnd83129fZjoEhdGwXV
27ioRKbj/cIq7JRXun0NbeY+UdMYu9jGfIpDLtUUGSgsg2zMGs5R4jCCB8kwggWxoAMCAQICAQEw
DQYJKoZIhvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzAp
BgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0
Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MDkxNzE5NDYzNloXDTM2MDkxNzE5NDYz
NlowfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3Vy
ZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwYjbCbxsRnx4
n5V7tTOQ8nJi1sE2ICIkXs7pd/JDCqIGZKTMjjb4OOYj8G5tsTzdcqOFHKHTPbQzK9Mvr/7qsEFZ
Z7bEBn0KnnSF1nlMgDd63zkFUln39BtGQ6TShYXSw3HzdWI0uiyKfx6P7u000BHHls1SPboz1t1N
3gs7SkufwiYv+rUWHHI1d8o8XebK4SaLGjZ2XAHbdBQl/u21oIgP3XjKLR8HlzABLXJ5+kbWEyqo
uaarg0kd5fLv3eQBjhgKj2NTFoViqQ4ZOsy1ZqbCa3QH5Cvhdj60bdj2ROFzYh87xL6gU1YlbFEJ
96qryr92/W2b853bvz1mvAxWqq+YSJU6S9+nWFDZOHWpW+pDDAL/mevobE1wWyllnN2qXcyvATHs
DOvSjejqnHvmbvcnZgwaSNduQuM/3iE+e+ENcPtjqqhsGlS0XCV6yaLJixamuyx+F14FTVhuEh0B
7hIQDcYyfxj//PT6zW6R6DZJvhpIaYvClk0aErJpF8EKkNb6eSJIv7p7afhwx/p6N9jYDdJ2T1f/
kLfjkdLd78Jgt2c63f6qnPDUi39yIs7Gn5e2+K+KoBCo2fsYxra1XFI8ibYZKnMBCg8DsxJg8nov
gdujbv8mMJf1i92JV7atPbOvK8W3dgLwpdYrmoYUKnL24zOMXQlLE9+7jHQTUksCAwEAAaOCAlIw
ggJOMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgGuMB0GA1UdDgQWBBROC+8apEBbpRdphzDKNGhD
0EGu8jBkBgNVHR8EXTBbMCygKqAohiZodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvc2ZzY2EtY3Js
LmNybDAroCmgJ4YlaHR0cDovL2NybC5zdGFydGNvbS5vcmcvc2ZzY2EtY3JsLmNybDCCAV0GA1Ud
IASCAVQwggFQMIIBTAYLKwYBBAGBtTcBAQEwggE7MC8GCCsGAQUFBwIBFiNodHRwOi8vY2VydC5z
dGFydGNvbS5vcmcvcG9saWN5LnBkZjA1BggrBgEFBQcCARYpaHR0cDovL2NlcnQuc3RhcnRjb20u
b3JnL2ludGVybWVkaWF0ZS5wZGYwgdAGCCsGAQUFBwICMIHDMCcWIFN0YXJ0IENvbW1lcmNpYWwg
KFN0YXJ0Q29tKSBMdGQuMAMCAQEagZdMaW1pdGVkIExpYWJpbGl0eSwgcmVhZCB0aGUgc2VjdGlv
biAqTGVnYWwgTGltaXRhdGlvbnMqIG9mIHRoZSBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eSBQb2xpY3kgYXZhaWxhYmxlIGF0IGh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9wb2xpY3ku
cGRmMBEGCWCGSAGG+EIBAQQEAwIABzA4BglghkgBhvhCAQ0EKxYpU3RhcnRDb20gRnJlZSBTU0wg
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwDQYJKoZIhvcNAQEFBQADggIBABZsmfRmDDT10IVefQrs
2hBOOBxe36YlBUuRMsHoO/E93UQJWwdJiinLZgK3sZr3JZgJPI4b4d02hytLu2jTOWY9oCbH8jmR
HVGrgnt+1c5a5OIDV3Bplwj5XlimCt+MBppFFhY4Cl5X9mLHegIF5rwetfKe9Kkpg/iyFONuKIdE
w5Aa3jipPKxDTWRFzt0oqVzyc3sE+Bfoq7HzLlxkbnMxOhK4vLMR5H2PgVGaO42J9E2TZns8A+3T
mh2a82VQ9aDQdZ8vr/DqgkOY+GmciXnEQ45GcuNkNhKv9yUeOImQd37Da2q5w8tES6x4kIvnxywe
SxFEyDRSJ80KXZ+FwYnVGnjylRBTMt2AhGZ12bVoKPthLr6EqDjAmRKGpR5nZK0GLi+pcIXHlg98
iWX1jkNUDqvdpYA5lGDANMmWcCyjEvUfSHu9HH5rt52Q9CI7rvj8Ksr6glKg769LVZPrwbXwIous
NE4mIgShhyx1SrflfRPXuAxkwDbSyS+GEowjCcEbgjtzSaNqV4eU5dZ4xZlDY+NN4Hct4WWZcmkE
GkcJ5g8BViT7H78OealYLrnECQF+lbptAAY+supKEDnY0Cv1v+x1v5cCxQkbCNxVN+KB+zeEQ2Ig
yudWS2Xq/mzBJJMkoTTrBf+aIq6bfT/xZVEKpjBqs/SIHIAN/HKK6INeMYIDbzCCA2sCAQEwgZQw
gYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUg
RGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFBy
aW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQIDCiHDMAkGBSsOAwIaBQCgggGvMBgGCSqGSIb3
DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE0MDYxMTIxMzEyN1owIwYJKoZIhvcN
AQkEMRYEFKeIjWGP1K8sO/TptavCGuYR0TGVMIGlBgkrBgEEAYI3EAQxgZcwgZQwgYwxCzAJBgNV
BAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBD
ZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50
ZXJtZWRpYXRlIENsaWVudCBDQQIDCiHDMIGnBgsqhkiG9w0BCRACCzGBl6CBlDCBjDELMAkGA1UE
BhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENl
cnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRl
cm1lZGlhdGUgQ2xpZW50IENBAgMKIcMwDQYJKoZIhvcNAQEBBQAEggEAhbiguZqbPTO2OruuMBlO
edXag3uIYHWiGwIQXh+psZp4IUqun9txhalzk+xY9BfWZwld/DyG4QNf71gyhKxVeuIRSRgJntaf
gaXC6OFOnPLfB8joJgrMdSkjC3Q40jtodruMGWJ2JjX1uGv8RLUslHYh6gph/LHEDxgCjEroRcGl
b9yY66Xs/32OXPX9ntsjrW4MWJqLbA9x8jm7KMpgdvj2aDJqdn6Dfoju5RbHQP32xETIcHLlYpot
cAJCtWDNIRI+V/bQX2kQba2PL7yEogSvf4xXJzOqCZLAJyfonQx9ZqeEmgbmmKi+5b4PqCSmPjsG
NzYlTpPLqPCSfCd/6AAAAAAAAA==
--Apple-Mail-AB37220B-ACF4-407C-81AE-F92F18A4C79D--
From owner-freebsd-jail@FreeBSD.ORG Sun Jun 15 04:56:28 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 1FA1BACF
for <freebsd-jail@FreeBSD.org>; Sun, 15 Jun 2014 04:56:28 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 04D5720A0
for <freebsd-jail@FreeBSD.org>; Sun, 15 Jun 2014 04:56:28 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s5F4uRCF065679
for <freebsd-jail@FreeBSD.org>; Sun, 15 Jun 2014 05:56:27 +0100 (BST)
(envelope-from bz-noreply@freebsd.org)
From: bz-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 190944] [jail] su -m <username> not working in jail
Date: Sun, 15 Jun 2014 04:56:28 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 10.0-RELEASE
X-Bugzilla-Keywords:
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: linimon@FreeBSD.org
X-Bugzilla-Status: Needs Triage
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: assigned_to short_desc bug_severity
Message-ID: <bug-190944-9824-Jkd2jfYnSx@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-190944-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-190944-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Jun 2014 04:56:28 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=190944
Mark Linimon <linimon@FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Assignee|freebsd-bugs@FreeBSD.org |freebsd-jail@FreeBSD.org
Summary|su -m <username> not |[jail] su -m <username> not
|working in jail |working in jail
Severity|Affects Only Me |Affects Many People
--- Comment #2 from Mark Linimon <linimon@FreeBSD.org> ---
Over to maintainers.
--
You are receiving this mail because:
You are the assignee for the bug.
From owner-freebsd-jail@FreeBSD.ORG Sun Jun 15 12:52:43 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 8C914FED
for <freebsd-jail@FreeBSD.org>; Sun, 15 Jun 2014 12:52:43 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 748C127DC
for <freebsd-jail@FreeBSD.org>; Sun, 15 Jun 2014 12:52:43 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s5FCqh0g069096
for <freebsd-jail@FreeBSD.org>; Sun, 15 Jun 2014 13:52:43 +0100 (BST)
(envelope-from bz-noreply@freebsd.org)
From: bz-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 190944] [jail] su -m <username> not working in jail
Date: Sun, 15 Jun 2014 12:52:43 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 10.0-RELEASE
X-Bugzilla-Keywords:
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: joeb1@a1poweruser.com
X-Bugzilla-Status: Needs Triage
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-190944-9824-ZragBcOJXo@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-190944-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-190944-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Jun 2014 12:52:43 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=190944
joeb1@a1poweruser.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |joeb1@a1poweruser.com
--- Comment #3 from joeb1@a1poweruser.com ---
I cannot duplicate this "su -m xxxx command" problem on my 10.0-RELEASE-p3
system.
I would say this problem is more about the way you have created your jail and
user accounts than a problem with the su command.
Please provide details about how you created your jail and the user accounts in
that jail that you are trying to use the su command on.
--
You are receiving this mail because:
You are the assignee for the bug.
From owner-freebsd-jail@FreeBSD.ORG Tue Jun 17 11:25:27 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id DCFB0FEB
for <freebsd-jail@freebsd.org>; Tue, 17 Jun 2014 11:25:27 +0000 (UTC)
Received: from mx01.cellcontainer.com (mx01.cellcontainer.com [81.0.104.240])
by mx1.freebsd.org (Postfix) with ESMTP id 8B5242392
for <freebsd-jail@freebsd.org>; Tue, 17 Jun 2014 11:25:27 +0000 (UTC)
Received: from mx01.cellcontainer.com (localhost [127.0.0.1])
by mx01.cellcontainer.com (Postfix) with ESMTP id 9A480296
for <freebsd-jail@freebsd.org>; Tue, 17 Jun 2014 11:15:30 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cellcontainer.com; h=
message-id:date:subject:from:to:mime-version:content-type; s=
selector1; bh=6fZdyDNmZMZjbuyzNAALD+dg4vg=; b=A1/4I2TPisTOfKmXtM
RmJ7tBRVwFXYqrk/cfDKEkInk/SJCeYdZoc4CvLNbKkc4F9BfWctNbXdtpKlTdu3
cP6vpwW5Zff9QCmQaIHb6rItiH7xUFtnIQ1/faD6DfRiP+tHfxsxWvJV3AuqvJVO
vxQHvyVKAZxBrWoFjYy8Yu3Xo=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cellcontainer.com; h=
message-id:date:subject:from:to:mime-version:content-type; q=
dns; s=selector1; b=fJvf5uODFSGRxR+QSc+X6vuzZl3VwZ4pRxThQUkc0dU1
dNZ38RNou9FAyC6oxZw3rJYjtszDE+7bB4dIcVRdwutf0d5+51EWC5NTs5pnQbNq
ya0PjkYQxB75hR4xb1ptZHDqDZiJIC1vwoIAyimOjtmhtiy6RJhR2DmBXUfMe4E=
Received: from gpo.cellcontainer.com (unknown [10.5.100.101])
by mx01.cellcontainer.com (Postfix) with ESMTP id 95885295
for <freebsd-jail@freebsd.org>; Tue, 17 Jun 2014 11:15:30 +0000 (UTC)
Received: by gpo.cellcontainer.com (Postfix, from userid 58)
id 8A6DDBB14A; Tue, 17 Jun 2014 11:15:30 +0000 (UTC)
Received: from gpo.cellcontainer.com (localhost [127.0.0.1])
by gpo.cellcontainer.com (Postfix) with ESMTP id 6387DBB140
for <freebsd-jail@freebsd.org>; Tue, 17 Jun 2014 11:15:30 +0000 (UTC)
Message-ID: <1403003730.53a0235260385@gpo.cellcontainer.com>
Date: Tue, 17 Jun 2014 23:15:30 +1200
Subject: iocage - drop in jail manager
From: Peter Toth <peter.toth@cellcontainer.com>
To: "freebsd-jail@freebsd.org" <freebsd-jail@freebsd.org>
MIME-Version: 1.0
X-MimeOLE: Produced by Group-Office 3.7.41
X-Mailer: Group-Office 3.7.41
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.18
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jun 2014 11:25:27 -0000
For anyone interested in managing jails with VNET, ZFS and resource
l=
imits I have created a jail manager script
https://github.com/pannon=
/iocage . Basically rewritten most of
"zjails" in pure sh with simpl=
icity in mind.
90% is done final commits will be happening in th=
e next 2 weeks. Feel
free to give it a test drive.
P=
=C2=A0
From owner-freebsd-jail@FreeBSD.ORG Tue Jun 17 15:53:51 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id A69D12C3
for <freebsd-jail@freebsd.org>; Tue, 17 Jun 2014 15:53:51 +0000 (UTC)
Received: from relay.mailchannels.net (si-002-i152.relay.mailchannels.net
[108.178.49.164])
(using TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 10F012DF3
for <freebsd-jail@freebsd.org>; Tue, 17 Jun 2014 15:53:50 +0000 (UTC)
X-Sender-Id: _forwarded-from|107.201.34.133
Received: from mail-24.name-services.com (unknown [10.218.133.212])
by relay.mailchannels.net (Postfix) with ESMTPA id A70DD122BBF;
Tue, 17 Jun 2014 15:38:02 +0000 (UTC)
X-Sender-Id: _forwarded-from|107.201.34.133
Received: from mail-24.name-services.com (mail-24.name-services.com
[10.244.170.26]) (using TLSv1 with cipher AES128-SHA)
by 0.0.0.0:2500 (trex/5.2.3); Tue, 17 Jun 2014 15:38:02 GMT
X-MC-Relay: Forwarding
X-MailChannels-SenderId: _forwarded-from|107.201.34.133
X-MailChannels-Auth-Id: demandmedia
Received: from [10.0.10.1] (107-201-34-133.lightspeed.bcvloh.sbcglobal.net
[107.201.34.133]) by mail-24.name-services.com with SMTP;
Tue, 17 Jun 2014 08:37:54 -0700
Message-ID: <53A060D4.1080100@a1poweruser.com>
Date: Tue, 17 Jun 2014 11:37:56 -0400
From: Fbsd8 <fbsd8@a1poweruser.com>
User-Agent: Thunderbird 2.0.0.17 (Windows/20080914)
MIME-Version: 1.0
To: Peter Toth <peter.toth@cellcontainer.com>
Subject: Re: iocage - drop in jail manager
References: <1403003730.53a0235260385@gpo.cellcontainer.com>
In-Reply-To: <1403003730.53a0235260385@gpo.cellcontainer.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jun 2014 15:53:51 -0000
Peter Toth wrote:
> For anyone interested in managing jails with VNET, ZFS and resource
> limits I have created a jail manager script
> https://github.com/pannon/iocage . Basically rewritten most of
> "zjails" in pure sh with simplicity in mind.
>
> 90% is done final commits will be happening in the next 2 weeks. Feel
> free to give it a test drive.
>
Will this script work on i386 systems?
Will this script work on a generic system with no zfs disk area enabled?
Does vnet jail still have "lost memory bug" when stopping vnet jail?
Do any of the host firewalls (ie; ipfw, ipf, pf) work on host and in
multiple vnet jail at same time? Does NAT function work in vnet jail?
Can non-vnet jails be created?
From owner-freebsd-jail@FreeBSD.ORG Tue Jun 17 20:47:16 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 956568CA
for <freebsd-jail@freebsd.org>; Tue, 17 Jun 2014 20:47:16 +0000 (UTC)
Received: from mx01.cellcontainer.com (mx01.cellcontainer.com [81.0.104.240])
by mx1.freebsd.org (Postfix) with ESMTP id 14A942B96
for <freebsd-jail@freebsd.org>; Tue, 17 Jun 2014 20:47:15 +0000 (UTC)
Received: from mx01.cellcontainer.com (localhost [127.0.0.1])
by mx01.cellcontainer.com (Postfix) with ESMTP id 220D5363
for <freebsd-jail@freebsd.org>; Tue, 17 Jun 2014 20:47:14 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cellcontainer.com; h=
message-id:date:subject:from:to:cc:mime-version:content-type
:in-reply-to:references; s=selector1; bh=Rvclf2UTRA2UHEedbhwpgb3
32w8=; b=nA04Ffo1L53Zfwe5ER8D7RZwk/UKGmlWuRPW+FjX+y/ZpkJ4z0e8QQs
irVeoAq4Ve27Ni8kOY+It+dTtI1M+aL0hcZ3Tdk0nEfdnCILszRQPV1HQwuAL4R5
b/dBRVZjCdLhZwKm48hkKRtlW1uvpR9CI3/u4dphI2ScCGQkDwaU=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cellcontainer.com; h=
message-id:date:subject:from:to:cc:mime-version:content-type
:in-reply-to:references; q=dns; s=selector1; b=eEQrwhHCe0PpcSET2
/XR/hzTrteb4weMx8JYP0vIcMU88pmlFQG7FkfphH0X/tOhOOlLBbblzuOPfTpLm
rWm6PKOuEGkaZhMqCYLRXMGtKv4sBTBf5O5+gDpk7P4bFUmLqVf4PQ3NGhR4YXFc
wXagJA/MAazYNO6QF+CZa5s9Sk=
Received: from gpo.cellcontainer.com (unknown [10.5.100.101])
by mx01.cellcontainer.com (Postfix) with ESMTP id 1B6EE362
for <freebsd-jail@freebsd.org>; Tue, 17 Jun 2014 20:47:14 +0000 (UTC)
Received: by gpo.cellcontainer.com (Postfix, from userid 58)
id 0FF24BBF4B; Tue, 17 Jun 2014 20:47:14 +0000 (UTC)
Received: from gpo.cellcontainer.com (localhost [127.0.0.1])
by gpo.cellcontainer.com (Postfix) with ESMTP id D182CBBF3B
for <freebsd-jail@freebsd.org>; Tue, 17 Jun 2014 20:47:10 +0000 (UTC)
Message-ID: <1403038030.53a0a94eaf728@gpo.cellcontainer.com>
Date: Wed, 18 Jun 2014 08:47:10 +1200
Subject: Re: iocage - drop in jail manager
From: Peter Toth <peter.toth@cellcontainer.com>
To: Fbsd8 <fbsd8@a1poweruser.com>
MIME-Version: 1.0
X-MimeOLE: Produced by Group-Office 3.7.41
In-Reply-To: <53A060D4.1080100@a1poweruser.com>
References: <53A060D4.1080100@a1poweruser.com>
X-Mailer: Group-Office 3.7.41
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.18
Cc: "freebsd-jail@freebsd.org" <freebsd-jail@freebsd.org>
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jun 2014 20:47:16 -0000
You can find the answer to all of your questions in the man page=
:)
Cheers
P
On Wednesday, 18-06-2014 on 3:37 =
Fbsd8 wrote:
Peter Toth wrote:
> For anyone interested i=
n managing jails with VNET, ZFS and resource
> limits I have created=
a jail manager script
> https://github.com/pannon/iocage . Basicall=
y rewritten most of
> "zjails" in pure sh with simplicity in mind=
..
>=20
> 90% is done final commits will be happening in the next 2=
weeks.
Feel
> free to give it a test drive.
>=20
W=
ill this script work on i386 systems?
Will this script work on =
a generic system with no zfs disk area
enabled?
Does vnet=
jail still have "lost memory bug" when stopping vnet jail?
D=
o any of the host firewalls (ie; ipfw, ipf, pf) work on host and in =
multiple vnet jail at same time? Does NAT function work in vnet jai=
l?
Can non-vnet jails be created?
From owner-freebsd-jail@FreeBSD.ORG Fri Jun 20 14:48:09 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id C69E5B11
for <freebsd-jail@freebsd.org>; Fri, 20 Jun 2014 14:48:09 +0000 (UTC)
Received: from furnace.wzff.de (furnace.wzff.de [176.9.216.40])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 88F862891
for <freebsd-jail@freebsd.org>; Fri, 20 Jun 2014 14:48:08 +0000 (UTC)
Received: from mw by furnace.wzff.de with local (Exim 4.80.1 (FreeBSD))
(envelope-from <mw@barfooze.de>) id 1Wy02z-000Oqs-4J
for freebsd-jail@freebsd.org; Fri, 20 Jun 2014 16:44:09 +0200
Date: Fri, 20 Jun 2014 16:44:09 +0200
From: Moritz Wilhelmy <moritz@wzff.de>
To: freebsd-jail@freebsd.org
Subject: Jail network connectivity issues
Message-ID: <20140620144408.GY9432@barfooze.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.5.21 (2010-09-15)
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jun 2014 14:48:09 -0000
Hello,
I have a jail with a public IP address assigned to it on 10.0/amd64,
however both inbound and outbound connections randomly fail.
I'm using ipfilter as a packet filter but the issue persists when I
reboot without ipfilter enabled. Usually inbound connections work a
couple of times (around 4) and the 5th-ish attempt at establishing a TCP
connection fails with a connection timeout. From that point on it's
hit-and-miss. Nothing else on the system is listening on the port.
The timeouting connection does not show up in the host system, neither
in tcpdump or -- if enabled -- ipmon, the ipfilter monitoring utility.
When trying to telnet out of the box, the connection hangs before
"Trying <address>...", except sometimes when it works. Even then, the
connection is established excruciatingly slow, while outside the jail,
connections are established instantaneously.
On the host system, specifying the jail's IP as telnet's source IP via
-s works, so I doubt it's my ISP's fault.
To make sure the configuration in the jail tree isn't what's causing the
issues I created another jail with "/" as root directory and the jail's
IP assigned and /bin/sh as command. Same issue. This leads me to believe
that the jail subsystem is responsible somehow.
Any ideas what I might be missing?
Best,
Moritz
--
Die Beamten können nicht den ganzen Tag mit dem Grundgesetz unter dem Arm
herumlaufen. -Hermann Höcherl, 1963
From owner-freebsd-jail@FreeBSD.ORG Tue Jun 24 19:53:48 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 6363810B
for <freebsd-jail@freebsd.org>; Tue, 24 Jun 2014 19:53:48 +0000 (UTC)
Received: from smtp3.hushmail.com (smtp3.hushmail.com [65.39.178.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "smtp.hushmail.com", Issuer "Self-signed" (not verified))
by mx1.freebsd.org (Postfix) with ESMTPS id 4A05E2622
for <freebsd-jail@freebsd.org>; Tue, 24 Jun 2014 19:53:48 +0000 (UTC)
Received: from smtp3.hushmail.com (localhost [127.0.0.1])
by smtp3.hushmail.com (Postfix) with SMTP id 7AD09E0367
for <freebsd-jail@freebsd.org>; Tue, 24 Jun 2014 19:21:29 +0000 (UTC)
Received: from smtp.hushmail.com (w8.hushmail.com [65.39.178.52])
by smtp3.hushmail.com (Postfix) with ESMTP
for <freebsd-jail@freebsd.org>; Tue, 24 Jun 2014 19:21:29 +0000 (UTC)
Received: by smtp.hushmail.com (Postfix, from userid 99)
id 53C1460258; Tue, 24 Jun 2014 19:21:29 +0000 (UTC)
MIME-Version: 1.0
Date: Tue, 24 Jun 2014 15:21:29 -0400
To: freebsd-jail@freebsd.org
Subject: ezjail update errors
From: "Kenta S." <kentas@hush.com>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20140624192129.53C1460258@smtp.hushmail.com>
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Jun 2014 19:53:48 -0000
I'm trying to update my jail system.
"ezjail-admin update -u" gives me this problem:
Looking up update.FreeBSD.org mirrors... 5 mirrors found.
Fetching metadata signature for 9.2-RELEASE from update5.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.
The following files will be added as part of updating to 9.2-RELEASE-p8:
/etc/pkg
/etc/pkg/FreeBSD.conf
/usr/share/keys
/usr/share/keys/pkg
/usr/share/keys/pkg/revoked
/usr/share/keys/pkg/trusted
/usr/share/keys/pkg/trusted/pkg.freebsd.org.2013102301
/usr/src/etc/pkg
/usr/src/etc/pkg/FreeBSD.conf
/usr/src/etc/pkg/Makefile
/usr/src/share/keys
/usr/src/share/keys/Makefile
/usr/src/share/keys/pkg
/usr/src/share/keys/pkg/Makefile
/usr/src/share/keys/pkg/trusted
/usr/src/share/keys/pkg/trusted/Makefile
/usr/src/share/keys/pkg/trusted/pkg.freebsd.org.2013102301
The following files will be updated as part of updating to 9.2-RELEASE-p8:
/etc/mtree/BSD.root.dist
/etc/mtree/BSD.usr.dist
/var/db/mergemaster.mtree
Installing updates...install: mkdir /usr/jails/newjail//usr/share: File exists
install: mkdir /usr/jails/newjail//usr/share: File exists
install: mkdir /usr/jails/newjail//usr/share: File exists
install: mkdir /usr/jails/newjail//usr/share: File exists
install: mkdir /usr/jails/newjail//usr/src: File exists
install: mkdir /usr/jails/newjail//usr/src: File exists
install: mkdir /usr/jails/newjail//usr/src: File exists
install: mkdir /usr/jails/newjail//usr/src: File exists
install: /usr/jails/newjail//usr/share/keys/pkg/trusted/pkg.freebsd.org.2013102301: No such file or directory
install: /usr/jails/newjail//usr/src/etc/pkg/FreeBSD.conf: No such file or directory
install: /usr/jails/newjail//usr/src/etc/pkg/Makefile: No such file or directory
install: /usr/jails/newjail//usr/src/share/keys/Makefile: No such file or directory
install: /usr/jails/newjail//usr/src/share/keys/pkg/Makefile: No such file or directory
install: /usr/jails/newjail//usr/src/share/keys/pkg/trusted/Makefile: No such file or directory
install: /usr/jails/newjail//usr/src/share/keys/pkg/trusted/pkg.freebsd.org.2013102301: No such file or directory
done.
From owner-freebsd-jail@FreeBSD.ORG Tue Jun 24 20:40:00 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id B19888D8
for <freebsd-jail@freebsd.org>; Tue, 24 Jun 2014 20:40:00 +0000 (UTC)
Received: from furnace.wzff.de (furnace.wzff.de [176.9.216.40])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 7333A2B2B
for <freebsd-jail@freebsd.org>; Tue, 24 Jun 2014 20:39:59 +0000 (UTC)
Received: from mw by furnace.wzff.de with local (Exim 4.80.1 (FreeBSD))
(envelope-from <mw@barfooze.de>) id 1WzXVP-000OMy-H9
for freebsd-jail@freebsd.org; Tue, 24 Jun 2014 22:39:51 +0200
Date: Tue, 24 Jun 2014 22:39:51 +0200
From: Moritz Wilhelmy <moritz@wzff.de>
To: freebsd-jail@freebsd.org
Subject: Re: Jail network connectivity issues
Message-ID: <20140624203951.GZ9432@barfooze.de>
References: <20140620144408.GY9432@barfooze.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20140620144408.GY9432@barfooze.de>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Jun 2014 20:40:00 -0000
After more research it seems that my ISP is at fault after all.
Best regards and thank you,
Moritz
From owner-freebsd-jail@FreeBSD.ORG Thu Jun 26 01:29:15 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 88FD7239
for <freebsd-jail@FreeBSD.org>; Thu, 26 Jun 2014 01:29:15 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 6FB032B18
for <freebsd-jail@FreeBSD.org>; Thu, 26 Jun 2014 01:29:15 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s5Q1TFqH095699
for <freebsd-jail@FreeBSD.org>; Thu, 26 Jun 2014 02:29:15 +0100 (BST)
(envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 191279] [jail] jail allow.sysvipc - doesn't work until jail is
started TWICE after reboot
Date: Thu, 26 Jun 2014 01:29:15 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 9.2-RELEASE
X-Bugzilla-Keywords:
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: linimon@FreeBSD.org
X-Bugzilla-Status: Needs Triage
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: assigned_to short_desc
Message-ID: <bug-191279-9824-ZtNQAt50nq@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-191279-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-191279-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jun 2014 01:29:15 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191279
Mark Linimon <linimon@FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Assignee|freebsd-bugs@FreeBSD.org |freebsd-jail@FreeBSD.org
Summary|jail allow.sysvipc - |[jail] jail allow.sysvipc -
|doesn't work until jail is |doesn't work until jail is
|started TWICE after reboot |started TWICE after reboot
--- Comment #1 from Mark Linimon <linimon@FreeBSD.org> ---
Over to maintainers.
--
You are receiving this mail because:
You are the assignee for the bug.
From owner-freebsd-jail@FreeBSD.ORG Thu Jun 26 01:58:07 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 1F241CE4
for <freebsd-jail@FreeBSD.org>; Thu, 26 Jun 2014 01:58:07 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 06A122DB5
for <freebsd-jail@FreeBSD.org>; Thu, 26 Jun 2014 01:58:07 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s5Q1w68b072909
for <freebsd-jail@FreeBSD.org>; Thu, 26 Jun 2014 02:58:06 +0100 (BST)
(envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 191181] [jail] Jailnames cannot contain a dash
Date: Thu, 26 Jun 2014 01:58:07 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.0-STABLE
X-Bugzilla-Keywords:
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: linimon@FreeBSD.org
X-Bugzilla-Status: Needs Triage
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: component assigned_to short_desc
Message-ID: <bug-191181-9824-Oo0HUCzmVP@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-191181-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-191181-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jun 2014 01:58:07 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191181
Mark Linimon <linimon@FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|misc |kern
Assignee|freebsd-bugs@FreeBSD.org |freebsd-jail@FreeBSD.org
Summary|Jailnames cannot contain a |[jail] Jailnames cannot
|dash |contain a dash
--- Comment #2 from Mark Linimon <linimon@FreeBSD.org> ---
over to maintainers.
--
You are receiving this mail because:
You are the assignee for the bug.
From owner-freebsd-jail@FreeBSD.ORG Thu Jun 26 02:06:23 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 214F9FD4
for <freebsd-jail@FreeBSD.org>; Thu, 26 Jun 2014 02:06:23 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 0923A2E91
for <freebsd-jail@FreeBSD.org>; Thu, 26 Jun 2014 02:06:23 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s5Q26Mjk018758
for <freebsd-jail@FreeBSD.org>; Thu, 26 Jun 2014 03:06:22 +0100 (BST)
(envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 191181] [jail] Jailnames cannot contain a dash
Date: Thu, 26 Jun 2014 02:06:23 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.0-STABLE
X-Bugzilla-Keywords:
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: allanjude@FreeBSD.org
X-Bugzilla-Status: Needs Triage
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-191181-9824-VjRPodhR9r@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-191181-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-191181-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jun 2014 02:06:23 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191181
Allan Jude <allanjude@FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |allanjude@FreeBSD.org
--- Comment #3 from Allan Jude <allanjude@FreeBSD.org> ---
Can you provide more detail, like your jail.conf etc
--
You are receiving this mail because:
You are the assignee for the bug.
From owner-freebsd-jail@FreeBSD.ORG Thu Jun 26 04:35:09 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 4D94C9AA
for <freebsd-jail@FreeBSD.org>; Thu, 26 Jun 2014 04:35:09 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 34B5D2A9D
for <freebsd-jail@FreeBSD.org>; Thu, 26 Jun 2014 04:35:09 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s5Q4Z9kN077046
for <freebsd-jail@FreeBSD.org>; Thu, 26 Jun 2014 05:35:09 +0100 (BST)
(envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 191279] [jail] jail allow.sysvipc - doesn't work until jail is
started TWICE after reboot
Date: Thu, 26 Jun 2014 04:35:09 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 9.2-RELEASE
X-Bugzilla-Keywords:
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: dewayne@heuristicsystems.com.au
X-Bugzilla-Status: Needs Triage
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-191279-9824-xzElw8wGF7@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-191279-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-191279-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jun 2014 04:35:09 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191279
dewayne@heuristicsystems.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dewayne@heuristicsystems.co
| |m.au
--- Comment #2 from dewayne@heuristicsystems.com.au ---
Dreamcat, Testing on two stables built within last 24 hours
# uname -oprUK
FreeBSD 9.3-PRERELEASE i386 903500 903500
and
FreeBSD 10.0-STABLE amd64 1000710 1000710
Looks like this issue is no reproducible in later versions (there have been a
lot of changes in Stable since 9.2R):
# sysctl -a|grep sysvi
security.jail.param.allow.sysvipc: 0
security.jail.sysvipc_allowed: 1
My jail.conf contains
test1 { ip4.addr = "10.0.5.241"; devfs_ruleset = "4"; allow.sysvipc;
allow.chflags; }
which is the jail that I tested for sysvipc.
--
You are receiving this mail because:
You are the assignee for the bug.
From owner-freebsd-jail@FreeBSD.ORG Thu Jun 26 08:02:03 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 8FC7780F
for <freebsd-jail@FreeBSD.org>; Thu, 26 Jun 2014 08:02:03 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 77B7F2B29
for <freebsd-jail@FreeBSD.org>; Thu, 26 Jun 2014 08:02:03 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s5Q823re059106
for <freebsd-jail@FreeBSD.org>; Thu, 26 Jun 2014 09:02:03 +0100 (BST)
(envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 191181] [jail] Jailnames cannot contain a dash
Date: Thu, 26 Jun 2014 08:02:03 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.0-STABLE
X-Bugzilla-Keywords:
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: rs@bytecamp.net
X-Bugzilla-Status: Needs Triage
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields:
Message-ID: <bug-191181-9824-ZTx2y9uoLR@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-191181-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-191181-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jun 2014 08:02:03 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191181
--- Comment #4 from rs@bytecamp.net ---
The message occurs even without an existing /etc/jail.conf.
The system is 10.0-RELEASE-p2 #1 r265140.
What further information is required?
--
You are receiving this mail because:
You are the assignee for the bug.
From owner-freebsd-jail@FreeBSD.ORG Thu Jun 26 08:36:41 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 2F8011FF
for <freebsd-jail@FreeBSD.org>; Thu, 26 Jun 2014 08:36:41 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 169782D96
for <freebsd-jail@FreeBSD.org>; Thu, 26 Jun 2014 08:36:41 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s5Q8aeoS095879
for <freebsd-jail@FreeBSD.org>; Thu, 26 Jun 2014 09:36:40 +0100 (BST)
(envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 191279] [jail] jail allow.sysvipc - doesn't work until jail is
started TWICE after reboot
Date: Thu, 26 Jun 2014 08:36:41 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 9.2-RELEASE
X-Bugzilla-Keywords:
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: dreamcat4@gmail.com
X-Bugzilla-Status: Needs Triage
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields:
Message-ID: <bug-191279-9824-Ocz21Mcr6g@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-191279-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-191279-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jun 2014 08:36:41 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191279
--- Comment #3 from dreamcat4@gmail.com ---
Thanks man! It's good news to hear. Hopefully the bug will go away once I'm
moved to 10.0.(In reply to dewayne from comment #2)
> Dreamcat, Testing on two stables built within last 24 hours
> # sysctl -a|grep sysvi
> security.jail.param.allow.sysvipc: 0
> security.jail.sysvipc_allowed: 1
>
> My jail.conf contains
> test1 { ip4.addr = "10.0.5.241"; devfs_ruleset = "4"; allow.sysvipc;
> allow.chflags; }
>
> which is the jail that I tested for sysvipc.
Thanks for testing this. You individual jail setting looks good. My global
sysvipc setting is different than yours however:
freenas ~/ root^> sysctl -a|grep Sylvia
security.jail.param.allow.sysvipc: 0
security.jail.sysvipc_allowed: 0
Reason: Don't want to enable it for all the other jails. It is only needed on 1
specific jail.
FYI: Another PR relevant to isolating ipc to single-jail:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=48471
--
You are receiving this mail because:
You are the assignee for the bug.
From owner-freebsd-jail@FreeBSD.ORG Mon Jun 30 01:34:04 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 9360B2C7
for <freebsd-jail@freebsd.org>; Mon, 30 Jun 2014 01:34:04 +0000 (UTC)
Received: from mx01.cellcontainer.com (mx01.cellcontainer.com [81.0.104.240])
by mx1.freebsd.org (Postfix) with ESMTP id 135E92C23
for <freebsd-jail@freebsd.org>; Mon, 30 Jun 2014 01:34:03 +0000 (UTC)
Received: from mx01.cellcontainer.com (localhost [127.0.0.1])
by mx01.cellcontainer.com (Postfix) with ESMTP id AF327841
for <freebsd-jail@freebsd.org>; Mon, 30 Jun 2014 01:33:55 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cellcontainer.com; h=
message-id:date:subject:from:to:mime-version:content-type
:in-reply-to:references; s=selector1; bh=ExM2b4/j5hIXDs56T7glh2h
ZEO4=; b=rdyDGDnK+A3koCeLPogbclH88fsLfgkYOOneOIMghrJdPv0mAUmc67X
6MZKmomzgM/G8cTK3xVFPl5kaZjdP6eJlhrqZvqabV3tJ5IY5sitRHolD5ye3ER+
Rg5n0eVZ+T6xQLjpht3gZS7W1jaQWNgOjshIEFlMkugV6yevPVo4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cellcontainer.com; h=
message-id:date:subject:from:to:mime-version:content-type
:in-reply-to:references; q=dns; s=selector1; b=YYBPt6Z0JhjzwvCly
+cxPzUCl6JO5BT+/QCjcL2Us8SCHVL42oUQViq8zJJCznh1ON2fC/nMxtKcqW/Pz
u9t66NjuHXexz6ZElg2MJUmkgMRVwanlL1LkOHCZuEj6eBW5/K9SkTus0OfbhlZl
NTp6hlIHjmcxIPgv56lWeES8VA=
Received: from gpo.cellcontainer.com (unknown [10.5.100.101])
by mx01.cellcontainer.com (Postfix) with ESMTP id DE9A4840
for <freebsd-jail@freebsd.org>; Mon, 30 Jun 2014 01:33:54 +0000 (UTC)
Received: by gpo.cellcontainer.com (Postfix, from userid 58)
id C2395BC6C5; Mon, 30 Jun 2014 01:33:54 +0000 (UTC)
Received: from gpo.cellcontainer.com (localhost [127.0.0.1])
by gpo.cellcontainer.com (Postfix) with ESMTP id 92CB3BC6B9
for <freebsd-jail@freebsd.org>; Mon, 30 Jun 2014 01:33:54 +0000 (UTC)
Message-ID: <1404092034.53b0be828b25c@gpo.cellcontainer.com>
Date: Mon, 30 Jun 2014 13:33:54 +1200
Subject: Re: iocage - drop in jail manager
From: Peter Toth <peter.toth@cellcontainer.com>
To: "freebsd-jail@freebsd.org" <freebsd-jail@freebsd.org>
MIME-Version: 1.0
X-MimeOLE: Produced by Group-Office 3.7.41
In-Reply-To: <53A060D4.1080100@a1poweruser.com>
X-Priority: 3 (Normal)
References: <53A060D4.1080100@a1poweruser.com>
X-Mailer: Group-Office 3.7.41
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.18
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Jun 2014 01:34:04 -0000
Pushed up a new version to github (1.3.1)
http://pannon.github.io/io=
cage/ . Man page is finished and created
WIKI too (will be back-fill=
ing pages). The new version supports
non-VNET jails too (shared IP b=
ased jails). There is a differential
jail packaging function as well=
as import/export.
Many thanks for the feedback from the few who=
emailed me.
P
On Wednesday, 18-06-2014 on 3:37 Fbsd=
8 wrote:
Peter Toth wrote:
> For anyone interested in ma=
naging jails with VNET, ZFS and resource
> limits I have created a j=
ail manager script
> https://github.com/pannon/iocage . Basically re=
written most of
> "zjails" in pure sh with simplicity in mind.
> =
> 90% is done final commits will be happening in the next 2 wee=
ks.
Feel
> free to give it a test drive.
>=20
Will =
this script work on i386 systems?
Will this script work on a ge=
neric system with no zfs disk area
enabled?
Does vnet jai=
l still have "lost memory bug" when stopping vnet jail?
Do an=
y of the host firewalls (ie; ipfw, ipf, pf) work on host and in=20
mul=
tiple vnet jail at same time? Does NAT function work in vnet jai=
l?
Can non-vnet jails be created?
From owner-freebsd-jail@FreeBSD.ORG Tue Jul 1 06:31:49 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id AA10E644
for <freebsd-jail@FreeBSD.org>; Tue, 1 Jul 2014 06:31:49 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 92BB32A1F
for <freebsd-jail@FreeBSD.org>; Tue, 1 Jul 2014 06:31:49 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s616VnRo038878
for <freebsd-jail@FreeBSD.org>; Tue, 1 Jul 2014 07:31:49 +0100 (BST)
(envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 180916] [jail] [regression] jail startup is broken for 8.4
without INET6
Date: Tue, 01 Jul 2014 06:31:49 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 8.4-STABLE
X-Bugzilla-Keywords:
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: redrat@mail.ru
X-Bugzilla-Status: In Discussion
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-180916-9824-tgmPY7KD45@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-180916-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-180916-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Jul 2014 06:31:49 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=180916
Alexey Markov <redrat@mail.ru> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |redrat@mail.ru
--- Comment #2 from Alexey Markov <redrat@mail.ru> ---
This patch was tested almost for an year and works like a charm. Any chance to
see it committed to 8-STABLE?
--
You are receiving this mail because:
You are the assignee for the bug.
From owner-freebsd-jail@FreeBSD.ORG Tue Jul 1 07:09:31 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 77F2EED
for <freebsd-jail@FreeBSD.org>; Tue, 1 Jul 2014 07:09:31 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 5D8242CF8
for <freebsd-jail@FreeBSD.org>; Tue, 1 Jul 2014 07:09:31 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s6179ViF064993
for <freebsd-jail@FreeBSD.org>; Tue, 1 Jul 2014 08:09:31 +0100 (BST)
(envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 180916] [jail] [regression] jail startup is broken for 8.4
without INET6
Date: Tue, 01 Jul 2014 07:09:31 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 8.4-STABLE
X-Bugzilla-Keywords:
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: pi@FreeBSD.org
X-Bugzilla-Status: In Discussion
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: crees@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: cc assigned_to
Message-ID: <bug-180916-9824-oGf9BRR7nb@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-180916-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-180916-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Jul 2014 07:09:31 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=180916
Kurt Jaeger <pi@FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |pi@FreeBSD.org
Assignee|freebsd-jail@FreeBSD.org |crees@FreeBSD.org
--- Comment #3 from Kurt Jaeger <pi@FreeBSD.org> ---
Can you apply this patch to 8/8.4-STABLE as well ?
--
You are receiving this mail because:
You are the assignee for the bug.
From owner-freebsd-jail@FreeBSD.ORG Sat Jul 5 19:07:50 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id B8624BFD
for <freebsd-jail@FreeBSD.org>; Sat, 5 Jul 2014 19:07:50 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id A03DE2427
for <freebsd-jail@FreeBSD.org>; Sat, 5 Jul 2014 19:07:50 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s65J7oG0007654
for <freebsd-jail@FreeBSD.org>; Sat, 5 Jul 2014 20:07:50 +0100 (BST)
(envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 188753] [jail] mount devfs ruleset ignored
Date: Sat, 05 Jul 2014 19:07:50 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.0-RELEASE
X-Bugzilla-Keywords:
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: gavin@FreeBSD.org
X-Bugzilla-Status: In Discussion
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: cc version
Message-ID: <bug-188753-9824-EvuwfKxJF7@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-188753-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-188753-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Jul 2014 19:07:50 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=188753
Gavin Atkinson <gavin@FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |gavin@FreeBSD.org
Version|unspecified |10.0-RELEASE
--- Comment #3 from Gavin Atkinson <gavin@FreeBSD.org> ---
It sounds like your system has not been patched, and is missing at least the
FreeBSD-SA-14:07.devfs security advisory patch.
--
You are receiving this mail because:
You are the assignee for the bug.
From owner-freebsd-jail@FreeBSD.ORG Sat Jul 5 22:02:14 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 7AAA8897
for <freebsd-jail@FreeBSD.org>; Sat, 5 Jul 2014 22:02:14 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 61746232A
for <freebsd-jail@FreeBSD.org>; Sat, 5 Jul 2014 22:02:14 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s65M2ELj082793
for <freebsd-jail@FreeBSD.org>; Sat, 5 Jul 2014 23:02:14 +0100 (BST)
(envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 191279] [jail] jail allow.sysvipc - doesn't work until jail is
started TWICE after reboot
Date: Sat, 05 Jul 2014 22:02:14 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 9.2-RELEASE
X-Bugzilla-Keywords:
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: freebsdbugs@zilly.org
X-Bugzilla-Status: Needs Triage
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-191279-9824-WclYv4KnAG@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-191279-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-191279-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Jul 2014 22:02:14 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191279
zilly <freebsdbugs@zilly.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |freebsdbugs@zilly.org
--- Comment #4 from zilly <freebsdbugs@zilly.org> ---
I have the identical issue using Freebsd 10.0, qjail 3.4, and the allow.sysvipc
flag. It does not matter whether security.jail.sysvipc_allowed is set to 0 or 1
on the host.
# uname -oprUK
FreeBSD 10.0-RELEASE-p6 amd64 1000510 1000510
Relevant section of qjail log file on first jail start:
FATAL: could not create shared memory segment: Function not implemented
DETAIL: Failed system call was shmget(key=5432001, size=40, 03600).
Like dreamcat4, sysvipc works once the jail has been started a second time
after each time the host boots.
--
You are receiving this mail because:
You are the assignee for the bug.
From owner-freebsd-jail@FreeBSD.ORG Sun Jul 6 00:41:59 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 4A5F6A1A
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 00:41:59 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 32D2D2ECF
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 00:41:59 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s660fxHE088949
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 01:41:59 +0100 (BST)
(envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 188753] [jail] mount devfs ruleset ignored
Date: Sun, 06 Jul 2014 00:41:59 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.0-RELEASE
X-Bugzilla-Keywords:
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: joeb1@a1poweruser.com
X-Bugzilla-Status: In Discussion
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-188753-9824-pVcyxDbEe0@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-188753-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-188753-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Jul 2014 00:41:59 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=188753
joeb1@a1poweruser.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |joeb1@a1poweruser.com
--- Comment #4 from joeb1@a1poweruser.com ---
security advisory -p1 changes
/etc/defaults/rc.conf parameter
devfs_load_rulesets="NO" to devfs_load_rulesets="YES"
That fixed this problem for me.
--
You are receiving this mail because:
You are the assignee for the bug.
From owner-freebsd-jail@FreeBSD.ORG Sun Jul 6 01:36:19 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id A0B64E80
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 01:36:19 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 6E49F225E
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 01:36:19 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s661aJM3064701
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 02:36:19 +0100 (BST)
(envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 191279] [jail] jail allow.sysvipc - doesn't work until jail is
started TWICE after reboot
Date: Sun, 06 Jul 2014 01:36:19 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 9.2-RELEASE
X-Bugzilla-Keywords:
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: joeb1@a1poweruser.com
X-Bugzilla-Status: Needs Triage
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-191279-9824-suCGgEzLct@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-191279-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-191279-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Jul 2014 01:36:19 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191279
joeb1@a1poweruser.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |joeb1@a1poweruser.com
--- Comment #5 from joeb1@a1poweruser.com ---
When you say the allow.sysvipc parameter has no effect on a jails first start
after system boot. Just how are you determining this?
Do you see the "allow.sysvipc" listed by the "jls -name -j jailname" command.
I installed 10.0 from disc1.iso to a empty hard drive and running qjail-3.4 and
after starting the jail "jls -name -j jailname" shows "allow.sysvipc" which
means its enabled, and no error messages in the jails console log.
Seeing jls showing the "allow.sysvipc" instead of "allow.nosysvipc" is the only
indicator I have available to verify its being set correctly. This indicator
does not really prove the sysvipc function for the jail is functional. As far
as I know you need to run some application in the jail that requires sysvipc
access as the only true test. This application may have to be started one time
to set some application internal default setting before it knows sysvipc is
enabled on its second start. Look for a application configure file to set
sysvipc as the default instead of the tcp default setting. What application are
you running in the jail and how does that application get started?
Almost 99% sure your problem is caused by your jailed application and not qjail
or jail(8).
--
You are receiving this mail because:
You are the assignee for the bug.
From owner-freebsd-jail@FreeBSD.ORG Sun Jul 6 08:08:20 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 089443BA
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 08:08:20 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id E29942B67
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 08:08:19 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s6688JMJ013480
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 09:08:19 +0100 (BST)
(envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 191279] [jail] jail allow.sysvipc - doesn't work until jail is
started TWICE after reboot
Date: Sun, 06 Jul 2014 08:08:20 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 9.2-RELEASE
X-Bugzilla-Keywords:
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: dreamcat4@gmail.com
X-Bugzilla-Status: Needs Triage
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields:
Message-ID: <bug-191279-9824-iihMWAj1A4@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-191279-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-191279-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Jul 2014 08:08:20 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191279
--- Comment #6 from dreamcat4@gmail.com ---
(In reply to joeb1 from comment #5)
> When you say the allow.sysvipc parameter has no effect on a jails first
> start after system boot. Just how are you determining this?
I was previously checking the log file of the program 'zabbix2-server'. Which
is unable to start, and logfile gives the reason:
zabbix_server [4414]: cannot create Semaphore: [78] Function not implemented
zabbix_server [4414]: unable to create mutex for log file
However now that someone else has reproduced it too, I will try more things!
> Do you see the "allow.sysvipc" listed by the "jls -name -j jailname" command.
> I installed 10.0 from disc1.iso to a empty hard drive and running qjail-3.4
> and after starting the jail "jls -name -j jailname" shows "allow.sysvipc"
> which means its enabled, and no error messages in the jails console log.
This is on my host, after a fresh reboot:
freenas // root^> qjail list
STA JID NIC IP Jailname
--- ---- --- --------------- --------------------------------------------------
DR 1 re0 192.168.1.205 nas4free
DR 2 re0 192.168.1.81 nginx-webdav
DR 3 re0 192.168.1.206 openvpn
lo0|127.0.0.1
DR 4 re0 192.168.1.38 ps3netsrv
DR 5 re0 192.168.1.207 tvheadend
lo0|127.0.0.207
DR 6 re0 192.168.1.223 ums4
lo0|127.0.0.223
DR 7 re0 192.168.1.41 virtualbox
lo0|127.0.0.2
DR 8 re0 192.168.1.214 webcamd
lo0|127.0.0.214
DR 9 re0 192.168.1.212 zabbix
lo0|127.0.0.212
freenas // root^> jls -h -j zabbix allow.sysvipc
allow.sysvipc
0
freenas // root^> qjail restart zabbix
Jail successfully stopped zabbix
Jail successfully started zabbix
freenas // root^> jls -h -j zabbix allow.sysvipc
allow.sysvipc
1
Above we can see that jls will indeed report the problem if it occurs. Since I
can still reproduce the error, I am investigating more today. Please bear with
me...
> Seeing jls showing the "allow.sysvipc" instead of "allow.nosysvipc" is the
> only indicator I have available to verify its being set correctly. This
There is also the command 'ipcs', which can be run inside the jail. Here again
is my output after a another system reboot:
freenas // root^> qjail console zabbix
Last login: Sun Jul 6 08:05:03 on pts/0
FreeBSD 9.2-RELEASE-p3 (FREENAS.amd64) #0 r262572+7b72365: Fri Mar 14 15:50:04
PDT 2014
Welcome to your FreeBSD jail.
zabbix ~/ root~# ipcs
Message Queues:
T ID KEY MODE OWNER GROUP
Shared Memory:
T ID KEY MODE OWNER GROUP
Semaphores:
T ID KEY MODE OWNER GROUP
zabbix ~/ root~# exit
logout
freenas // root^> qjail restart zabbix
Jail successfully stopped zabbix
Jail successfully started zabbix
freenas // root^> qjail console zabbix
Last login: Sun Jul 6 08:53:45 on pts/0
FreeBSD 9.2-RELEASE-p3 (FREENAS.amd64) #0 r262572+7b72365: Fri Mar 14 15:50:04
PDT 2014
Welcome to your FreeBSD jail.
zabbix ~/ root~# ipcs
Message Queues:
T ID KEY MODE OWNER GROUP
Shared Memory:
T ID KEY MODE OWNER GROUP
m 65536 1745323649 --rw------- zabbix zabbix
m 65537 2013759105 --rw------- zabbix zabbix
m 65538 1946650241 --rw------- zabbix zabbix
m 65539 1728546433 --rw------- zabbix zabbix
m 65540 1929873025 --rw------- zabbix zabbix
m 65541 1393002113 --rw------- zabbix zabbix
m 65542 1980204673 --rw------- zabbix zabbix
m 65543 1812431314 --rw------- zabbix zabbix
Semaphores:
T ID KEY MODE OWNER GROUP
s 65536 2047313537 --rw------- zabbix zabbix
s 65537 2047312338 --rw------- zabbix zabbix
zabbix ~/ root~#
> indicator does not really prove the sysvipc function for the jail is
> functional. As far as I know you need to run some application in the jail
> that requires sysvipc access as the only true test. This application may
> have to be started one time to set some application internal default setting
> before it knows sysvipc is enabled on its second start. Look for a
That would suggest be could just be restarting the zabbix_server application
(rather than the jail). However that is not the case here. 2nd, 3rd, 4th,
restart etc of zabbix_server rc.d script makes no difference. Wheras restarting
the jail once, zabbix did not repeat error message, and all was OK.
> application configure file to set sysvipc as the default instead of the tcp
> default setting. What application are you running in the jail and how does
> that application get started?
Unfortunately sysvipc / unix semaphores is always required for this particular
program (zabbix). It has no option to switch them off, or use some alternative
mechanism instead (such as TCP). Otherwise I would have disabled sysvipc usage
in the zabbix application a long time ago.
> Almost 99% sure your problem is caused by your jailed application and not
> qjail or jail(8).
Nah. I would be very surprised, given today's output from jls and ipcs
commands, that the problem is anything to do with the zabbix application
itself. It just seems some of us could reproduce this issue, and some of us
can't. We seem to have 2 reports of success. And equally 2 of fail.
What seems to be missing is better instructions to reproduce this (my fault).
There must be some other circumstances specific to my host, which is triggering
this to occur... I will find out today.
For one thing, we know that on startup, qjail is changing the same jail.conf
file. Then re-calling jail(8) program again on the next jail in the list. So
maybe that's got something to do with it. Please bear with me. I will look into
it further.
--
You are receiving this mail because:
You are the assignee for the bug.
From owner-freebsd-jail@FreeBSD.ORG Sun Jul 6 09:53:28 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 4232574A
for <freebsd-jail@freebsd.org>; Sun, 6 Jul 2014 09:53:28 +0000 (UTC)
Received: from mail-qa0-x232.google.com (mail-qa0-x232.google.com
[IPv6:2607:f8b0:400d:c00::232])
(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
(Client CN "smtp.gmail.com",
Issuer "Google Internet Authority G2" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 067B522CA
for <freebsd-jail@freebsd.org>; Sun, 6 Jul 2014 09:53:27 +0000 (UTC)
Received: by mail-qa0-f50.google.com with SMTP id m5so2557791qaj.9
for <freebsd-jail@freebsd.org>; Sun, 06 Jul 2014 02:53:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:date:message-id:subject:from:to:content-type;
bh=bohsMvNziAKdtijvS6PaoxoUnav7+KhGNnIfMSNxiQM=;
b=tspyPXevS37iqDBxbcUqF1g6j5ZOmSbql1M1fhD+NRYIht820DYOU0g11fVjhGw/eu
CtRo79nJOk/OlpZ5SRgNHzTlijOnXd7JTFLWJqsGjH+i6sKFDwV47MiI+L+Ue/LhHTKZ
x/uuRgo/214FWp5OTfs+mH1v+CFw78OZIH97B9ECPlgpr7nUmPIi8n6KxPOk2dor7zgV
/ECMY/QZuVNcIDy3/TYVXS+JBT4iH7Lex/5Mfcm7M+JO5ykZC2ISX/TctLyEvbTuzS9H
SV7TeDjlHcKOYJ/F/F6iPmp+CEy1P6lnXr8bCd8S6kWY117aVPgLp3s17iXFpb0rjCYI
g01g==
MIME-Version: 1.0
X-Received: by 10.224.69.202 with SMTP id a10mr36226187qaj.100.1404640407023;
Sun, 06 Jul 2014 02:53:27 -0700 (PDT)
Received: by 10.140.89.5 with HTTP; Sun, 6 Jul 2014 02:53:26 -0700 (PDT)
Date: Sun, 6 Jul 2014 11:53:26 +0200
Message-ID: <CAHsHv-bugF76Y1QiL-ydB3STKJn0NM+y0ZCVuZH4KSxVBSDyPQ@mail.gmail.com>
Subject: PF+Jail+IRC Cannot redirect oidentd from jail without "~"
From: "bryn1u85 ." <m.bryn1u@gmail.com>
To: freebsd-jail@freebsd.org
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.18
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Jul 2014 09:53:28 -0000
Hey,
I have a problem, have been sitting since a few days and can't resolve the
problem.
I want to redirect oidentd port 113 from jail, becuse i use to irssi and
want to connect with irc servers without "~" before ident example
~ident@host .
I don't know what else can i do. Nothing helps.
My etc/pf.conf
...
nat on em0 from $ip_oksymoron to any -> $ip_pub
rdr on em0 inet proto tcp from any to $ip_pub port 113 -> $ip_oksymoron
port 113
...
black in all
pass in on $ext_if proto tcp from any to $ip_oksymoron port 113
...
I checked from host without pf, works well. Checked from host with pf and
works well but from jail it still doesn't work. Someone can help with this
issue ?
From owner-freebsd-jail@FreeBSD.ORG Sun Jul 6 10:35:04 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id D51229C
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 10:35:04 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id BC0472581
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 10:35:04 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s66AZ4vU032142
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 11:35:04 +0100 (BST)
(envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 191279] [jail] jail allow.sysvipc - doesn't work until jail is
started TWICE after reboot
Date: Sun, 06 Jul 2014 10:35:04 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 9.2-RELEASE
X-Bugzilla-Keywords:
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: dreamcat4@gmail.com
X-Bugzilla-Status: Needs Triage
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: attachments.created
Message-ID: <bug-191279-9824-Co8EZxqOGo@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-191279-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-191279-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Jul 2014 10:35:04 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191279
--- Comment #7 from dreamcat4@gmail.com ---
Created attachment 144450
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=144450&action=edit
More comprehensive test cases & results
OK. This occur on qjail 3.4. I have tested more thoroughly now. For full
details of those testing (to know too what else is eliminated), is documented
in the attached .TXT file "testing-details.txt".
My new findings:
* The problem only appears when jail is started by the 'qjail.bootime' rc.d
script.
* The problem does not occur if the jail is started from the command line (by
typing "qjail start $jailname").
* The 'qjail.bootime' rc.script can be restarted once, twice, tree times. After
bootup (of which not matter if occur with rest of system boot). And the
reported problem (sysvipc not working) will still occur. Does not 'go away' 2nd
time.
Recommend: future investigations should focus more on what is happening inside
the 'qjail.bootime' rc.d scipt.
I will continue to look further. Many thanks.
--
You are receiving this mail because:
You are the assignee for the bug.
From owner-freebsd-jail@FreeBSD.ORG Sun Jul 6 10:52:33 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 041EE45A
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 10:52:33 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id C591926DE
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 10:52:32 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s66AqWBh024576
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 11:52:32 +0100 (BST)
(envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 191279] [jail] jail allow.sysvipc - doesn't work until jail is
started TWICE after reboot
Date: Sun, 06 Jul 2014 10:52:33 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 9.2-RELEASE
X-Bugzilla-Keywords:
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: dreamcat4@gmail.com
X-Bugzilla-Status: Needs Triage
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields:
Message-ID: <bug-191279-9824-6qiBXYmaBz@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-191279-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-191279-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Jul 2014 10:52:33 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191279
--- Comment #8 from dreamcat4@gmail.com ---
Found it. The problem occurs in qjail program (not rc.d script). When saving
the definition records (the qjail config file_.
I think when enable with 'config -y', it save 'allow.sysvipc' correctly into
'qjail.local/$jailname'. But not get saved into 'qjail.global/$jailname'. So
hence the rc.d start not work, whereas the command line does work.
Not just sysvipc line. But devfs_ruleset line is also missing:
ruleset=""
sysvipc=""
Do not appear in the qjail.global copy of the definition record. It is likely
that the variable is set correct inside qjail program, but those extra line
were not inserted of both templates (only local), so is missed when writing the
'qjail.global' to disk.
See here:
freenas // root^> cat /usr/local/etc/qjail.global/webcamd
name="webcamd"
ip4="192.168.1.214,lo0|127.0.0.214"
ip6=""
path="/usr/jails/webcamd"
interface="re0"
fstab="/usr/local/etc/qjail.fstab/webcamd"
securelevel=""
cpuset=""
fib=""
vnet=""
vinterface=""
rsockets="allow.raw_sockets"
quotas=""
nullfs=""
zfs=""
poststartssh=""
deffile="/usr/local/etc/qjail.local/webcamd"
image=""
imagetype=""
imageblockcount=""
imagedevice=""
freenas // root^> cat /usr/local/etc/qjail.local/webcamd
name="webcamd"
ip4="192.168.1.214,lo0|127.0.0.214"
ip6=""
path="/usr/jails/webcamd"
interface="re0"
fstab="/usr/local/etc/qjail.fstab/webcamd"
securelevel=""
cpuset=""
fib=""
vnet=""
vinterface=""
rsockets="allow.raw_sockets"
ruleset=""
sysvipc="allow.sysvipc"
quotas=""
nullfs=""
zfs=""
poststartssh=""
deffile="/usr/local/etc/qjail.local/webcamd"
image=""
imagetype=""
imageblockcount=""
imagedevice=""
freenas // root^>
--
You are receiving this mail because:
You are the assignee for the bug.
From owner-freebsd-jail@FreeBSD.ORG Sun Jul 6 11:39:43 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id AC727F52
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 11:39:43 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 93BFD29E2
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 11:39:43 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s66BdhZV042970
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 12:39:43 +0100 (BST)
(envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 191279] [jail] jail allow.sysvipc - doesn't work until jail is
started TWICE after reboot
Date: Sun, 06 Jul 2014 11:39:43 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 9.2-RELEASE
X-Bugzilla-Keywords:
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: dreamcat4@gmail.com
X-Bugzilla-Status: Needs Triage
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields:
Message-ID: <bug-191279-9824-mIyKG2eGeg@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-191279-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-191279-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Jul 2014 11:39:43 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191279
--- Comment #9 from dreamcat4@gmail.com ---
No. Scratch that. This IS the qjial.bootime rc.d script. Who knew that was a
place to overwrite jails settings files ??!! Clearly not I. Otherwise would
have known to be including such fixes / ammendments in with the original patch.
Don't even want to ask why. Or wish to hear any explanations for reasons behind
what is going on in there. Let's just make a patch for it (the qjail rc.d
script). To be included whenever the next qjail release. (from my point) This
is not considered to be terribly urgent (for me / Finch users). Since we have
an auto-patching function for qjail.
I make a patch soon.
--
You are receiving this mail because:
You are the assignee for the bug.
From owner-freebsd-jail@FreeBSD.ORG Sun Jul 6 11:55:40 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 56355427
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 11:55:40 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 3D3C02B2D
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 11:55:40 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s66BteBB086299
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 12:55:40 +0100 (BST)
(envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 191279] [jail] jail allow.sysvipc - doesn't work until jail is
started TWICE after reboot
Date: Sun, 06 Jul 2014 11:55:40 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 9.2-RELEASE
X-Bugzilla-Keywords:
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: dreamcat4@gmail.com
X-Bugzilla-Status: Needs Triage
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: attachments.isobsolete flagtypes.name
attachments.created
Message-ID: <bug-191279-9824-bDMDWzuOLV@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-191279-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-191279-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Jul 2014 11:55:40 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191279
dreamcat4@gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #144450|0 |1
is obsolete| |
Attachment #144452| |maintainer_approval?(dreamc
Flags| |at4@gmail.com)
--- Comment #10 from dreamcat4@gmail.com ---
Created attachment 144452
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=144452&action=edit
Patch file, in 'diff -ruN' format
This patch aught to solve the issue.
Not considered urgent. (Finch will auto patch in meantime, until next official
qjail release).
Also included:
-ge 92 compatibility fix for Finch users on FreeNAS and NAS4Free. Who are still
on FreeBSD 9.2. (they still can't upgrade yet). Without that will causes some
Finch users problems / qjail installation error.
--
You are receiving this mail because:
You are the assignee for the bug.
From owner-freebsd-jail@FreeBSD.ORG Sun Jul 6 11:57:53 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 10873484
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 11:57:53 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id EC4592B44
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 11:57:52 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s66BvqpT088422
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 12:57:52 +0100 (BST)
(envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 191279] [jail] jail allow.sysvipc - doesn't work until jail is
started TWICE after reboot
Date: Sun, 06 Jul 2014 11:57:53 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 9.2-RELEASE
X-Bugzilla-Keywords:
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: dreamcat4@gmail.com
X-Bugzilla-Status: Needs Triage
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: flagtypes.name
Message-ID: <bug-191279-9824-woe7LSgWOF@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-191279-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-191279-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Jul 2014 11:57:53 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191279
dreamcat4@gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #144452| |maintainer_approval?(joeb1@
Flags| |a1poweruser.com)
--
You are receiving this mail because:
You are the assignee for the bug.
From owner-freebsd-jail@FreeBSD.ORG Sun Jul 6 12:13:01 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id D67A8971
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 12:13:01 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id BD64D2CA7
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 12:13:01 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s66CD1Fn006260
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 13:13:01 +0100 (BST)
(envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 191279] [jail] jail allow.sysvipc - doesn't work until jail is
started TWICE after reboot
Date: Sun, 06 Jul 2014 12:13:01 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 9.2-RELEASE
X-Bugzilla-Keywords:
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: joeb1@a1poweruser.com
X-Bugzilla-Status: Needs Triage
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: attachments.created
Message-ID: <bug-191279-9824-vMtQuutQPh@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-191279-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-191279-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Jul 2014 12:13:01 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191279
--- Comment #11 from joeb1@a1poweruser.com ---
Created attachment 144453
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=144453&action=edit
official maintainer qjail.bootime patch
--
You are receiving this mail because:
You are the assignee for the bug.
From owner-freebsd-jail@FreeBSD.ORG Sun Jul 6 12:21:13 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 93B36BB3
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 12:21:13 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 7AA412CED
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 12:21:13 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s66CLDhK077639
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 13:21:13 +0100 (BST)
(envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 191279] [jail] jail allow.sysvipc - doesn't work until jail is
started TWICE after reboot
Date: Sun, 06 Jul 2014 12:21:13 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 9.2-RELEASE
X-Bugzilla-Keywords:
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: dreamcat4@gmail.com
X-Bugzilla-Status: Needs Triage
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: attachments.isobsolete flagtypes.name
Message-ID: <bug-191279-9824-DAnvu07rwA@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-191279-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-191279-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Jul 2014 12:21:13 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191279
dreamcat4@gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #144452|0 |1
is obsolete| |
Attachment #144452|maintainer_approval?(dreamc |
Flags|at4@gmail.com), |
|maintainer_approval?(joeb1@ |
|a1poweruser.com) |
--- Comment #12 from dreamcat4@gmail.com ---
Comment on attachment 144452
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=144452
Patch file, in 'diff -ruN' format
Superseeded by Joe's patch.
--
You are receiving this mail because:
You are the assignee for the bug.
From owner-freebsd-jail@FreeBSD.ORG Sun Jul 6 12:50:00 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 7B22D5C6
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 12:50:00 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 62CA32EE1
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 12:50:00 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s66Co0NW053224
for <freebsd-jail@FreeBSD.org>; Sun, 6 Jul 2014 13:50:00 +0100 (BST)
(envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 191279] [jail] jail allow.sysvipc - doesn't work until jail is
started TWICE after reboot
Date: Sun, 06 Jul 2014 12:50:00 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 9.2-RELEASE
X-Bugzilla-Keywords:
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: dreamcat4@gmail.com
X-Bugzilla-Status: Needs Triage
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields:
Message-ID: <bug-191279-9824-xWjYu3higB@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-191279-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-191279-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Jul 2014 12:50:00 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191279
--- Comment #13 from dreamcat4@gmail.com ---
(In reply to joeb1 from comment #11)
> Created attachment 144453 [details]
> official maintainer qjail.bootime patch
Joe, thanks for the patch correction. And fast response.
Have re-tested with patch applied (it works).
--
You are receiving this mail because:
You are the assignee for the bug.
From owner-freebsd-jail@FreeBSD.ORG Mon Jul 7 15:19:02 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 1C3D24EC
for <freebsd-jail@freebsd.org>; Mon, 7 Jul 2014 15:19:02 +0000 (UTC)
Received: from mail.tyknet.dk (mail.tyknet.dk
[IPv6:2a01:4f8:201:2327:144:76:253:226])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id CCACB2065
for <freebsd-jail@freebsd.org>; Mon, 7 Jul 2014 15:19:01 +0000 (UTC)
Received: from [10.10.2.24] (217.71.4.82.static.router4.bolignet.dk
[217.71.4.82])
(using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits))
(No client certificate requested)
by mail.tyknet.dk (Postfix) with ESMTPSA id 36BF123374B;
Mon, 7 Jul 2014 15:18:58 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.8.3 mail.tyknet.dk 36BF123374B
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gibfest.dk; s=default;
t=1404746338; bh=BsH4afv8OE3sK3rJUlepHG8C9uBJ2q8LFSzCj8Wwt84=;
h=Date:From:To:CC:Subject:References:In-Reply-To;
b=sr7G7gkAe195STo/kE/4yuOqTPvrwgUnar2pp/XvRGeSbABwBI0a/LQ+N8siQM2Zc
T91efgOP8ruy56fiLUYeryt0UAMEreAxtNYlZEntNQQtwGBh8oSKz2nGrt98U9fcBi
kj5JO4VSPBSw1AMicWEgJKc42RjRw0Jmt5XYBDj0zwwLHQJW0k5E+kxLu6x/7bW+og
ayGDgIN4OeBBeO2hr84sypOANvxfllul3MZM/s/nZTSDqPIpCKNOa3zM7uV05u7RI/
i3ksyttTqxS/x9e7o7av0sWNjN0WF4SLmjgYLMXYu32gg3Nf1b88xFQI+uzBzt6BLQ
P3pVnZ/l73x7w==
Message-ID: <53BABA64.20004@gibfest.dk>
Date: Mon, 07 Jul 2014 17:19:00 +0200
From: Thomas Steen Rasmussen <thomas@gibfest.dk>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: m.bryn1u@gmail.com
Subject: Re: PF+Jail+IRC Cannot redirect oidentd from jail without "~"
References: <CAHsHv-bugF76Y1QiL-ydB3STKJn0NM+y0ZCVuZH4KSxVBSDyPQ@mail.gmail.com>
In-Reply-To: <CAHsHv-bugF76Y1QiL-ydB3STKJn0NM+y0ZCVuZH4KSxVBSDyPQ@mail.gmail.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jul 2014 15:19:02 -0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06-07-2014 11:53, bryn1u85 . wrote:
> Hey,
>
> I have a problem, have been sitting since a few days and can't
> resolve the problem.
>
> I want to redirect oidentd port 113 from jail, becuse i use to
> irssi and want to connect with irc servers without "~" before ident
> example ~ident@host .
>
> I don't know what else can i do. Nothing helps.
>
> My etc/pf.conf
>
> ... nat on em0 from $ip_oksymoron to any -> $ip_pub rdr on em0 inet
> proto tcp from any to $ip_pub port 113 -> $ip_oksymoron port 113
> ... black in all pass in on $ext_if proto tcp from any to
> $ip_oksymoron port 113 ...
>
> I checked from host without pf, works well. Checked from host with
> pf and works well but from jail it still doesn't work. Someone can
> help with this issue ?
Hello,
Try adding the "static-port" keyword to your nat rule.
Your TCP connections to IRC are coming from another port than you
think, static-port fixes that.
Best regards,
Thomas Steen Rasmussen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJTurpkAAoJEHcv938JcvpYHRAP/RFoFafeg3tkDnyZZIeBcodW
HH9F+BYebU+iut0A3KM0jcN5jw/UHh9R2DDQX5lDT7Zkou39nxyLehFPZJ2ukCpG
jgn6cyi0/6pnjjF09thasBQSJvABy4Z/9T92s9g1WAHXvpcShRs3KaSq/AXbGdwx
9hOfhmg6Gxt8MzrANtRXpgdRSC2RU1lwKHWH2Qpskzu5d0sBVe2/Yv0BTZaSU/YU
qUBaVWGeEy3ajlKFcGsi9bs6gVmCJPdu96SMkvJsdWxJRGBUvCkpt07SCkFXoOlS
JkGUlMoorD6UvBQmYQizuFUfTd3gYMpu6/rH81dAARBohNQI741fUMz3NxTnEau5
yDyOZ2kEptYvYo1jK/a290aCFkkiblbmrt/r+oOgGQJPoQow13B2+b+qTnVvtOAj
HHPsQL8tSVmgoYbIDdpORd25a/mQ8SMC3GJ1S0Y2wia4qkhhmzISPiR81BRersQy
iD6pkJc22h39hvvJyxsUqrDe+lFbN6Sc3HiTvRPE3qu5f1tNafB9IAfDCDtcJOwx
4/tMbsBbpuLe6QKwuzOxP780M8n7degdIr9ItUInSrYV+fztQuUf1fvrkzZGcAQG
+zZxu/nqfhIwvTyuiHgaCzohaka5mBYMyHVq5I8P4+7bpahdkHsYJOWedYfXU+02
1gm0UV0r0vyDfCxv7lIy
=j9gn
-----END PGP SIGNATURE-----
From owner-freebsd-jail@FreeBSD.ORG Wed Jul 9 06:05:37 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 27896470
for <freebsd-jail@freebsd.org>; Wed, 9 Jul 2014 06:05:37 +0000 (UTC)
Received: from mail1.bur200.uecomm.net.au (mail1.bur200.uecomm.net.au
[218.185.0.70]) by mx1.freebsd.org (Postfix) with ESMTP id D686824F6
for <freebsd-jail@freebsd.org>; Wed, 9 Jul 2014 06:05:35 +0000 (UTC)
Received: from mail.fdrive.com.au (unknown [115.186.196.106])
by mail1.bur200.uecomm.net.au (Postfix) with ESMTP id 3FB6CD4C0
for <freebsd-jail@freebsd.org>; Wed, 9 Jul 2014 15:34:49 +1000 (EST)
Received: from localhost (localhost.localdomain [127.0.0.1])
by mail.fdrive.com.au (Postfix) with ESMTP id 81070E55BA
for <freebsd-jail@freebsd.org>; Wed, 9 Jul 2014 15:29:09 +1000 (EST)
X-Virus-Scanned: amavisd-new at fdrive.com.au
Received: from mail.fdrive.com.au ([127.0.0.1])
by localhost (mail.fdrive.com.au [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 7jNTHn3bkaLU for <freebsd-jail@freebsd.org>;
Wed, 9 Jul 2014 15:29:01 +1000 (EST)
Received: from PetersBigBox (ws-pross.vv.fda [192.168.50.199])
by mail.fdrive.com.au (Postfix) with ESMTPS id 1B76AE543A
for <freebsd-jail@freebsd.org>; Wed, 9 Jul 2014 15:29:01 +1000 (EST)
Received: from localhost (localhost [127.0.0.1])
by PetersBigBox (Postfix) with ESMTP id F207B19201EE
for <freebsd-jail@freebsd.org>; Wed, 9 Jul 2014 15:34:40 +1000 (EST)
Date: Wed, 9 Jul 2014 15:34:40 +1000 (EST)
From: Peter Ross <Peter.Ross@alumni.tu-berlin.de>
X-X-Sender: petros@PetersBigBox
To: freebsd-jail@freebsd.org
Subject: vnet jail and ipfw/nat on host - keep-state problem?
Message-ID: <alpine.DEB.2.02.1407091517130.32174@PetersBigBox>
User-Agent: Alpine 2.02 (DEB 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jul 2014 06:05:37 -0000
Hi all,
I am setting up a host with vnet jails without a public IP.
E.g. a vnet jail with a DNS server (bind) running inside.
The setup:
Internet->age0(host interface with natd and external IP)
->bridge10(10.0.10.254)->epair1a
->epair1b(10.0.10.1 in bind vnet jail)
Inside the jail I have a simple open ipfw firewall
(ipfw allow ip4 from any to any)
Here the rules relevant to let UDP port 53 connect from the outside world
(with natd redirecting "redirect_port udp 10.0.10.1:53 external.ip:53")
00100 divert 8668 ip4 from any to any via age0
03100 allow udp from any to 10.0.10.1 dst-port 53 keep-state
03200 allow udp from any to me dst-port 53 keep-state
This does not allow DNS requests from the outside, they only get returned
by adding
03300 allow udp from me 53 to any
I am pretty confident that the rules above work with "real interfaces". I
have similar routers with ipfw/natd, there things are even more limited by
interface rules (recv/xmit).
Does this mean, "keep-state" are not working properly in the mentioned
vnet setup?
Regards
Peter
From owner-freebsd-jail@FreeBSD.ORG Wed Jul 9 06:43:19 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 79B559EF
for <freebsd-jail@freebsd.org>; Wed, 9 Jul 2014 06:43:19 +0000 (UTC)
Received: from mail1.chu658.uecomm.net.au (mail1.chu658.uecomm.net.au
[218.185.10.246])
by mx1.freebsd.org (Postfix) with ESMTP id 3780F2835
for <freebsd-jail@freebsd.org>; Wed, 9 Jul 2014 06:43:18 +0000 (UTC)
Received: from mail.fdrive.com.au (unknown [115.186.196.106])
by mail1.chu658.uecomm.net.au (Postfix) with ESMTP id 08B451CB1;
Wed, 9 Jul 2014 16:24:36 +1000 (EST)
Received: from localhost (localhost.localdomain [127.0.0.1])
by mail.fdrive.com.au (Postfix) with ESMTP id 1154AE6491;
Wed, 9 Jul 2014 16:18:54 +1000 (EST)
X-Virus-Scanned: amavisd-new at fdrive.com.au
Received: from mail.fdrive.com.au ([127.0.0.1])
by localhost (mail.fdrive.com.au [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id ZEKP2y0+7rij; Wed, 9 Jul 2014 16:18:45 +1000 (EST)
Received: from PetersBigBox (ws-pross.vv.fda [192.168.50.199])
by mail.fdrive.com.au (Postfix) with ESMTPS id 7BCEDE64E4;
Wed, 9 Jul 2014 16:18:45 +1000 (EST)
Received: from localhost (localhost [127.0.0.1])
by PetersBigBox (Postfix) with ESMTP id AEBBB19204BB;
Wed, 9 Jul 2014 16:24:27 +1000 (EST)
Date: Wed, 9 Jul 2014 16:24:27 +1000 (EST)
From: Peter Ross <Peter.Ross@alumni.tu-berlin.de>
X-X-Sender: petros@PetersBigBox
To: Peter Ross <Peter.Ross@alumni.tu-berlin.de>
Subject: Re: vnet jail and ipfw/nat on host - keep-state problem?
In-Reply-To: <alpine.DEB.2.02.1407091517130.32174@PetersBigBox>
Message-ID: <alpine.DEB.2.02.1407091622060.32174@PetersBigBox>
References: <alpine.DEB.2.02.1407091517130.32174@PetersBigBox>
User-Agent: Alpine 2.02 (DEB 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jul 2014 06:43:19 -0000
P.S. I also have the following rules near the top:
01000 check-state
01100 allow tcp from any to any established
01200 allow ip from any to any frag
Peter
On Wed, 9 Jul 2014, Peter Ross wrote:
> Hi all,
>
> I am setting up a host with vnet jails without a public IP.
>
> E.g. a vnet jail with a DNS server (bind) running inside.
>
> The setup:
>
> Internet->age0(host interface with natd and external IP)
> ->bridge10(10.0.10.254)->epair1a
> ->epair1b(10.0.10.1 in bind vnet jail)
>
> Inside the jail I have a simple open ipfw firewall
> (ipfw allow ip4 from any to any)
>
> Here the rules relevant to let UDP port 53 connect from the outside world
> (with natd redirecting "redirect_port udp 10.0.10.1:53 external.ip:53")
>
> 00100 divert 8668 ip4 from any to any via age0
> 03100 allow udp from any to 10.0.10.1 dst-port 53 keep-state
> 03200 allow udp from any to me dst-port 53 keep-state
>
> This does not allow DNS requests from the outside, they only get returned by
> adding
>
> 03300 allow udp from me 53 to any
>
> I am pretty confident that the rules above work with "real interfaces". I
> have similar routers with ipfw/natd, there things are even more limited by
> interface rules (recv/xmit).
>
> Does this mean, "keep-state" are not working properly in the mentioned vnet
> setup?
>
> Regards
> Peter
>
From owner-freebsd-jail@FreeBSD.ORG Wed Jul 9 21:28:02 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id E73DDBF8
for <freebsd-jail@freebsd.org>; Wed, 9 Jul 2014 21:28:02 +0000 (UTC)
Received: from mail-ie0-x233.google.com (mail-ie0-x233.google.com
[IPv6:2607:f8b0:4001:c03::233])
(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
(Client CN "smtp.gmail.com",
Issuer "Google Internet Authority G2" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id B8A792C66
for <freebsd-jail@freebsd.org>; Wed, 9 Jul 2014 21:28:02 +0000 (UTC)
Received: by mail-ie0-f179.google.com with SMTP id lx4so5874779iec.10
for <freebsd-jail@freebsd.org>; Wed, 09 Jul 2014 14:28:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:date:message-id:subject:from:to:cc:content-type;
bh=cwfCui00u2FlRMDmpL3fi52EOl6gGMx+8X1vWODdifA=;
b=YNQqfxOL6ENuCl3PBJwhPV4DU9l8jMomFuRzi2Zamo300N4KeBRTBHSAAP+n2uMRoH
G01oWvAyEXs17jcszkF3znCTPL8L+ELMYfSbp6NjKTDSkpSxRNomFF1n9dEVHSl+x+8k
LUUTMUNBYieI3YAC3IWs8t91QgyMLqkxNxhQKmg8xKyfGZSx+g4TjnN3Co7dmDi7/XE8
vOiozGvWSuAX1BEshKwtErtY0taOTkamQDYHW8pwGAUcisJzL+zdKCz2yU2sF6003CPo
D45teOGWtRFZrcBhZYUHLXeXJu8TABqArUkRo699u/PlnpjoMozq6HPYSx9xwycpgcyL
X84g==
MIME-Version: 1.0
X-Received: by 10.42.24.9 with SMTP id u9mr6623426icb.91.1404941282082; Wed,
09 Jul 2014 14:28:02 -0700 (PDT)
Received: by 10.42.168.194 with HTTP; Wed, 9 Jul 2014 14:28:02 -0700 (PDT)
Date: Thu, 10 Jul 2014 09:28:02 +1200
Message-ID: <CAEUAJxtpJz3gPboUYc4p3JvkHSca=++fz0gj85sjwJG1eBgPjA@mail.gmail.com>
Subject: RE: vnet jail and ipfw/nat on host - keep-state problem?
From: Peter Toth <peter.toth198@gmail.com>
To: Peter.Ross@alumni.tu-berlin.de
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.18
Cc: freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jul 2014 21:28:03 -0000
Hi Peter,
Try to make these changes:
net.inet.ip.forwarding=1 # Enable IP forwarding between interfaces
net.link.bridge.pfil_onlyip=0 # Only pass IP packets when pfil is enabled
net.link.bridge.pfil_bridge=0 # Packet filter on the bridge interface
net.link.bridge.pfil_member=0 # Packet filter on the member interface
You can find some info here
http://iocage.readthedocs.org/en/latest/help-no-internet.html
I've had these issues before with PF and IPFW, by default these will be
filtering on your bridge and member interfaces.
Cheers,
Peter
From owner-freebsd-jail@FreeBSD.ORG Thu Jul 10 18:56:10 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 82F91A5
for <freebsd-jail@FreeBSD.org>; Thu, 10 Jul 2014 18:56:10 +0000 (UTC)
Received: from wonkity.com (wonkity.com [67.158.26.137])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "wonkity.com", Issuer "wonkity.com" (not verified))
by mx1.freebsd.org (Postfix) with ESMTPS id 350B828FB
for <freebsd-jail@FreeBSD.org>; Thu, 10 Jul 2014 18:56:06 +0000 (UTC)
Received: from wonkity.com (localhost [127.0.0.1])
by wonkity.com (8.14.9/8.14.9) with ESMTP id s6AIu4HO077671
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
for <freebsd-jail@FreeBSD.org>; Thu, 10 Jul 2014 12:56:04 -0600 (MDT)
(envelope-from wblock@wonkity.com)
Received: from localhost (wblock@localhost)
by wonkity.com (8.14.9/8.14.9/Submit) with ESMTP id s6AIu4wC077668
for <freebsd-jail@FreeBSD.org>; Thu, 10 Jul 2014 12:56:04 -0600 (MDT)
(envelope-from wblock@wonkity.com)
Date: Thu, 10 Jul 2014 12:56:04 -0600 (MDT)
From: Warren Block <wblock@wonkity.com>
To: freebsd-jail@FreeBSD.org
Subject: mergemaster
Message-ID: <alpine.BSF.2.11.1407101239190.1540@wonkity.com>
User-Agent: Alpine 2.11 (BSF 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3
(wonkity.com [127.0.0.1]); Thu, 10 Jul 2014 12:56:04 -0600 (MDT)
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jul 2014 18:56:10 -0000
On a jail created with ezjail on 10-STABLE, mergemaster is not actually
ignoring files set with IGNORE_FILES in the jail's /etc/mergemaster.rc.
For example:
/usr/jails/whatsit/etc/mergemaster.rc
IGNORE_FILES="/boot/device.hints"
>From the host:
# cd /usr/src ; mergemaster -U -D /usr/jails/whatsit
...
*** There is no installed version of ./boot/device.hints
Use 'd' to delete the temporary ./boot/device.hints
Use 'i' to install the temporary ./boot/device.hints
Default is to leave the temporary file to deal with by hand
How should I deal with this? [Leave it for later]
Using IGNORE_FILES="/usr/jails/whatsit/boot/device.hints" in the jail
does not work either. Nor does setting that value in the host's
/etc/mergemaster.rc.
Is this a problem with mergemaster or the jail setup? From a user
standpoint, I would hope that mergemaster would read /etc/mergemaster.rc
from the -D directory and use those values rather than the host's
/etc/mergemaster.rc. Maybe it does that, but I'm doing it wrong.
From owner-freebsd-jail@FreeBSD.ORG Thu Jul 10 20:45:55 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id A772FEC8
for <freebsd-jail@freebsd.org>; Thu, 10 Jul 2014 20:45:55 +0000 (UTC)
Received: from mail-qg0-x229.google.com (mail-qg0-x229.google.com
[IPv6:2607:f8b0:400d:c04::229])
(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
(Client CN "smtp.gmail.com",
Issuer "Google Internet Authority G2" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 6530F22C7
for <freebsd-jail@freebsd.org>; Thu, 10 Jul 2014 20:45:55 +0000 (UTC)
Received: by mail-qg0-f41.google.com with SMTP id i50so148301qgf.0
for <freebsd-jail@freebsd.org>; Thu, 10 Jul 2014 13:45:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=clintarmstrong.net; s=google;
h=mime-version:date:message-id:subject:from:to:content-type;
bh=qowpPgvIlOZ3UjkgiLpLQDuZMGsVa8283+6UmZGI9wE=;
b=uJmgpv9uNZGyg2zv6U6dCHHvu8y10L39cyNnDJQxR4C1sVp44IW/Aa4HIMPh7W5zzb
V0IbEoSOEJlsnADDc04KM3hbuDclIPTOafff2eYyykBDnZ1RkPZpryx1peVaN8XF5CT+
vbDioKEZHkbNIIC9VSyXQBJe28TqldP5ISHTk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:date:message-id:subject:from:to
:content-type;
bh=qowpPgvIlOZ3UjkgiLpLQDuZMGsVa8283+6UmZGI9wE=;
b=SaPvBbK8BEIBciDk73ohLQaZnZj58gO9jG8p7kveB7U/eNzNUk6bAb+wyInVUobwg1
ZMEKZP5+TYWEWqotcERPfQnbiM6YWXD+EcVWZyT2RxJToPlNde7/lizCxc2fgqKuRMfX
HOGWaaPtS+KV9BfNZ8AoFSiB94+KblcRYzAin5pdeVvFG9AqlBHi6pRwHlW5RMpFk1LH
yFqslNwFdWBtpXTbobQIrtUQgPUmiHgDslJJdGdwYmRbFvenY9zTbzh5n0rajWZta1GW
/PQqWFZRBsDRTrnWo69nA92zbU8DiYkAS9fZ2ZqcPEOsGllXxnuHGrRCG6CuEc46WP5o
e9SQ==
X-Gm-Message-State: ALoCoQksZfiDkRHeL9s5Om60wOWdWppQ3De1ErJf7HS6osbON8lHDIQC52gM+kS7YbEPWV4PStey
MIME-Version: 1.0
X-Received: by 10.140.51.37 with SMTP id t34mr80052216qga.50.1405025154375;
Thu, 10 Jul 2014 13:45:54 -0700 (PDT)
Received: by 10.140.84.37 with HTTP; Thu, 10 Jul 2014 13:45:54 -0700 (PDT)
X-Originating-IP: [73.191.219.114]
Date: Thu, 10 Jul 2014 16:45:54 -0400
Message-ID: <CAJMTyCF956CYHa6JVQ7zuHODM5im+3+4MPmSTnqDCy7HXiSD8g@mail.gmail.com>
Subject: VNET performance
From: Clint Armstrong <clint@clintarmstrong.net>
To: freebsd-jail@freebsd.org
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.18
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jul 2014 20:45:55 -0000
What is the expected network performance of a VNET jail for network
communication between the jail and the host, or between multiple jails? I
expected it to approach the 10Gbps of the epair device, but I'm not seeing
that.
I see between 800 - 1200 Mbps in standard iperf tests both between the host
bridge interface and the vnet jail inteface. I see the same poor speeds if
I make 2 vnet jails and put one side of the epair in each and test between
them.
Is the overhead of vnet causing this? Is there anything I can do to improve
this performance.
I've tested and seen similar performance on 10.0-RELEASE and 11.0-CURRENT.
From owner-freebsd-jail@FreeBSD.ORG Thu Jul 10 23:50:38 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id D771F37A
for <freebsd-jail@freebsd.org>; Thu, 10 Jul 2014 23:50:38 +0000 (UTC)
Received: from mx1.sbone.de (bird.sbone.de [46.4.1.90])
(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
(Client CN "mx1.sbone.de", Issuer "SBone.DE" (not verified))
by mx1.freebsd.org (Postfix) with ESMTPS id 8BAF42449
for <freebsd-jail@freebsd.org>; Thu, 10 Jul 2014 23:50:37 +0000 (UTC)
Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587])
(using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits))
(No client certificate requested)
by mx1.sbone.de (Postfix) with ESMTPS id EA9D625D3815;
Thu, 10 Jul 2014 23:50:26 +0000 (UTC)
Received: from content-filter.sbone.de (content-filter.sbone.de
[IPv6:fde9:577b:c1a9:31::2013:2742])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by mail.sbone.de (Postfix) with ESMTPS id 9655CC22BA7;
Thu, 10 Jul 2014 23:50:25 +0000 (UTC)
X-Virus-Scanned: amavisd-new at sbone.de
Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587])
by content-filter.sbone.de (content-filter.sbone.de
[fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024)
with ESMTP id cwOUgyi3-T9V; Thu, 10 Jul 2014 23:50:24 +0000 (UTC)
Received: from [IPv6:fde9:577b:c1a9:4410:4fa:4b84:1f36:739f] (unknown
[IPv6:fde9:577b:c1a9:4410:4fa:4b84:1f36:739f])
(using TLSv1 with cipher AES128-SHA (128/128 bits))
(No client certificate requested)
by mail.sbone.de (Postfix) with ESMTPSA id 8B07CC22B9F;
Thu, 10 Jul 2014 23:50:22 +0000 (UTC)
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\))
Subject: Re: VNET performance
From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
In-Reply-To: <CAJMTyCF956CYHa6JVQ7zuHODM5im+3+4MPmSTnqDCy7HXiSD8g@mail.gmail.com>
Date: Thu, 10 Jul 2014 23:50:03 +0000
Content-Transfer-Encoding: quoted-printable
Message-Id: <221F8CBD-0763-4457-A587-948E887FAD17@lists.zabbadoz.net>
References: <CAJMTyCF956CYHa6JVQ7zuHODM5im+3+4MPmSTnqDCy7HXiSD8g@mail.gmail.com>
To: Clint Armstrong <clint@clintarmstrong.net>
X-Mailer: Apple Mail (2.1878.2)
Cc: freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jul 2014 23:50:38 -0000
On 10 Jul 2014, at 20:45 , Clint Armstrong <clint@clintarmstrong.net> =
wrote:
> What is the expected network performance of a VNET jail for network
> communication between the jail and the host, or between multiple =
jails? I
> expected it to approach the 10Gbps of the epair device, but I'm not =
seeing
> that.
>=20
> I see between 800 - 1200 Mbps in standard iperf tests both between the =
host
> bridge interface and the vnet jail inteface. I see the same poor =
speeds if
> I make 2 vnet jails and put one side of the epair in each and test =
between
> them.
>=20
> Is the overhead of vnet causing this? Is there anything I can do to =
improve
> this performance.
>=20
> I=92ve tested and seen similar performance on 10.0-RELEASE and =
11.0-CURRENT.
epair has a netisr queuing in between as you cannot call the input =
routines directly from the output routines. I was able to get a bit =
more traffic through by doing pinning games.
I wonder what a vale switch for vnets could achieve.
=97=20
Bjoern A. Zeeb "Come on. Learn, goddamn it.", WarGames, 1983
From owner-freebsd-jail@FreeBSD.ORG Fri Jul 11 07:11:45 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 4B825C08
for <freebsd-jail@freebsd.org>; Fri, 11 Jul 2014 07:11:45 +0000 (UTC)
Received: from mail1.chu658.uecomm.net.au (mail1.chu658.uecomm.net.au
[218.185.10.246])
by mx1.freebsd.org (Postfix) with ESMTP id 036E7276C
for <freebsd-jail@freebsd.org>; Fri, 11 Jul 2014 07:11:44 +0000 (UTC)
Received: from mail.fdrive.com.au (unknown [115.186.196.106])
by mail1.chu658.uecomm.net.au (Postfix) with ESMTP id 988571E92;
Fri, 11 Jul 2014 17:11:33 +1000 (EST)
Received: from localhost (localhost.localdomain [127.0.0.1])
by mail.fdrive.com.au (Postfix) with ESMTP id 2F4BAE5E38;
Fri, 11 Jul 2014 17:11:24 +1000 (EST)
X-Virus-Scanned: amavisd-new at fdrive.com.au
Received: from mail.fdrive.com.au ([127.0.0.1])
by localhost (mail.fdrive.com.au [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id JlkpcZVfzYqI; Fri, 11 Jul 2014 17:11:19 +1000 (EST)
Received: from PetersBigBox (ws-pross.vv.fda [192.168.50.199])
by mail.fdrive.com.au (Postfix) with ESMTPS id 36BBDE5D82;
Fri, 11 Jul 2014 17:11:19 +1000 (EST)
Received: from localhost (localhost [127.0.0.1])
by PetersBigBox (Postfix) with ESMTP id DA1B819201EE;
Fri, 11 Jul 2014 17:11:27 +1000 (EST)
Date: Fri, 11 Jul 2014 17:11:27 +1000 (EST)
From: Peter Ross <Peter.Ross@alumni.tu-berlin.de>
X-X-Sender: petros@PetersBigBox
To: Peter Toth <peter.toth198@gmail.com>
Subject: RE: vnet jail and ipfw/nat on host - keep-state problem?
In-Reply-To: <CAEUAJxtpJz3gPboUYc4p3JvkHSca=++fz0gj85sjwJG1eBgPjA@mail.gmail.com>
Message-ID: <alpine.DEB.2.02.1407111702040.32174@PetersBigBox>
References: <CAEUAJxtpJz3gPboUYc4p3JvkHSca=++fz0gj85sjwJG1eBgPjA@mail.gmail.com>
User-Agent: Alpine 2.02 (DEB 1266 2009-07-14)
MIME-Version: 1.0
Content-ID: <alpine.DEB.2.02.1407111703120.32174@PetersBigBox>
Content-Type: TEXT/PLAIN; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 8BIT
X-Content-Filtered-By: Mailman/MimeDel 2.1.18
Cc: freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jul 2014 07:11:45 -0000
On Thu, 10 Jul 2014, Peter Toth wrote:
> Hi Peter,
> Try to make these changes:
>
> net.inet.ip.forwarding=1 # Enable IP forwarding between interfaces
> net.link.bridge.pfil_onlyip=0 # Only pass IP packets when pfil is enabled
> net.link.bridge.pfil_bridge=0 # Packet filter on the bridge interface
> net.link.bridge.pfil_member=0 # Packet filter on the member interface
>
> You can find some info
> here http://iocage.readthedocs.org/en/latest/help-no-internet.html
>
> I've had these issues before with PF and IPFW, by default these will be
> filtering on your bridge and member interfaces.
Thanks. It did not change anything.
Now, inside_ the jail I run "ipfw allow ip from any to any".
This on the host system:
01000 check-state
01100 allow tcp from any to any established
01200 allow ip from any to any frag
00100 divert 8668 ip4 from any to any via age0
03100 allow udp from any to 10.0.10.1 dst-port 53 keep-state
03200 allow udp from any to me dst-port 53 keep-state
(with natd redirecting "redirect_port udp 10.0.10.1:53 external.ip:53")
If I add
03300 allow udp from me 53 to any
it works..
So it makes me think check-state isn't usable - because
03200 allow udp from any to me dst-port 53 keep-state
should cover the returning packets.
I played with your parameters but it did not help. But thanks for the
idea.
Here again the setup:
Internet->age0(host interface with natd and external IP)
->bridge10(10.0.10.254)->epair1a
->epair1b(10.0.10.1 in bind vnet jail)
I wonder what kind of restrictions exist with vnet.. it does not seem to
work _exactly_ as a "real" network stack (the issues with pf inside the
jail let me think of it too)
Did I find a restriction, a bug - or just that I've got it wrong?
Regards
Peter
From owner-freebsd-jail@FreeBSD.ORG Fri Jul 11 08:50:51 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 587CD42A
for <freebsd-jail@freebsd.org>; Fri, 11 Jul 2014 08:50:51 +0000 (UTC)
Received: from mail-ig0-x232.google.com (mail-ig0-x232.google.com
[IPv6:2607:f8b0:4001:c05::232])
(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
(Client CN "smtp.gmail.com",
Issuer "Google Internet Authority G2" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 267492078
for <freebsd-jail@freebsd.org>; Fri, 11 Jul 2014 08:50:51 +0000 (UTC)
Received: by mail-ig0-f178.google.com with SMTP id hn18so747305igb.17
for <freebsd-jail@freebsd.org>; Fri, 11 Jul 2014 01:50:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:cc:content-type;
bh=w2ble7LUrJWVxK+7CzL1ZllkeFKQBFGrucVSW7Nn4Jc=;
b=NJPs4fcA5XcDTZnSsoWMyVHFw1BQN//nYQz5bMsBfgsaa3LTB2T9W6KNSUZgColvp4
KjmWaUmraGwwo3Ip512VGCMqIG/dEtjO4N9k+ggVfZjIjebbcovAvt5Zk8tIgPpMw1Tc
i9ztfbhnGsEOjWdZpTjDh8hVFR0xe1EBbc1Ojr5va0jtOlGaW5SVuvvkutQj0INe7O12
12bOaxknfj5nYvBS39j+R89zDRy4MAeurEAzMZegNf8C9zqAi6T1PA0VvnY+9bOehMQX
43uhvRaIWu/RZUOeq0NujSGjrmpFgsganS521bA3IyAnRiOFBbh3hxDzP68iXF08cD5N
5oeA==
MIME-Version: 1.0
X-Received: by 10.43.13.132 with SMTP id pm4mr3125916icb.6.1405068650537; Fri,
11 Jul 2014 01:50:50 -0700 (PDT)
Received: by 10.42.168.194 with HTTP; Fri, 11 Jul 2014 01:50:50 -0700 (PDT)
In-Reply-To: <alpine.DEB.2.02.1407111702040.32174@PetersBigBox>
References: <CAEUAJxtpJz3gPboUYc4p3JvkHSca=++fz0gj85sjwJG1eBgPjA@mail.gmail.com>
<alpine.DEB.2.02.1407111702040.32174@PetersBigBox>
Date: Fri, 11 Jul 2014 20:50:50 +1200
Message-ID: <CAEUAJxtD9oA6qp81TTgNAd=xaG-nQvPp64Qpei2HKTHZsFs8Uw@mail.gmail.com>
Subject: Re: vnet jail and ipfw/nat on host - keep-state problem?
From: Peter Toth <peter.toth198@gmail.com>
To: Peter Ross <Peter.Ross@alumni.tu-berlin.de>
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.18
Cc: freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jul 2014 08:50:51 -0000
Have not used natd with IPFW much as always preferred PF to do everything
on the host.
I have only a wild guess - the "me" keyword in IPFW is substituted only to
the host's IPs known to itself.
The host's IPFW firewall most likely doesn't know anything about IPs
assigned to vnet interfaces inside the jail.
Vnet jails behave more like separate physical hosts.
Internet ---> [host] ------- (10.0.10.0 LAN) ------> [vnet jail]
The PF issue inside a jail is a separate problem, PF is not fully
VIMAGE/VNET aware as far as I know.
Can someone comment on these or correct me?
P
On Fri, Jul 11, 2014 at 7:11 PM, Peter Ross <Peter.Ross@alumni.tu-berlin.de>
wrote:
> On Thu, 10 Jul 2014, Peter Toth wrote:
>
> Hi Peter,
>> Try to make these changes:
>>
>> net.inet.ip.forwarding=1 # Enable IP forwarding between interfaces
>> net.link.bridge.pfil_onlyip=0 # Only pass IP packets when pfil is enabled
>> net.link.bridge.pfil_bridge=0 # Packet filter on the bridge interface
>> net.link.bridge.pfil_member=0 # Packet filter on the member interface
>>
>> You can find some info
>> here http://iocage.readthedocs.org/en/latest/help-no-internet.html
>>
>> I've had these issues before with PF and IPFW, by default these will be
>> filtering on your bridge and member interfaces.
>>
>
> Thanks. It did not change anything.
>
> Now, inside_ the jail I run "ipfw allow ip from any to any".
>
> This on the host system:
>
> 01000 check-state
> 01100 allow tcp from any to any established
> 01200 allow ip from any to any frag
> 00100 divert 8668 ip4 from any to any via age0
> 03100 allow udp from any to 10.0.10.1 dst-port 53 keep-state
> 03200 allow udp from any to me dst-port 53 keep-state
>
> (with natd redirecting "redirect_port udp 10.0.10.1:53 external.ip:53")
>
> If I add
>
> 03300 allow udp from me 53 to any
>
> it works..
>
> So it makes me think check-state isn't usable - because
>
> 03200 allow udp from any to me dst-port 53 keep-state
>
> should cover the returning packets.
>
> I played with your parameters but it did not help. But thanks for the idea.
>
> Here again the setup:
>
> Internet->age0(host interface with natd and external IP)
> ->bridge10(10.0.10.254)->epair1a
> ->epair1b(10.0.10.1 in bind vnet jail)
>
> I wonder what kind of restrictions exist with vnet.. it does not seem to
> work _exactly_ as a "real" network stack (the issues with pf inside the
> jail let me think of it too)
>
> Did I find a restriction, a bug - or just that I've got it wrong?
>
> Regards
> Peter
From owner-freebsd-jail@FreeBSD.ORG Fri Jul 11 13:10:28 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 572E3738
for <freebsd-jail@freebsd.org>; Fri, 11 Jul 2014 13:10:28 +0000 (UTC)
Received: from mail-we0-x234.google.com (mail-we0-x234.google.com
[IPv6:2a00:1450:400c:c03::234])
(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
(Client CN "smtp.gmail.com",
Issuer "Google Internet Authority G2" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id E15562743
for <freebsd-jail@freebsd.org>; Fri, 11 Jul 2014 13:10:27 +0000 (UTC)
Received: by mail-we0-f180.google.com with SMTP id k48so133865wev.39
for <freebsd-jail@freebsd.org>; Fri, 11 Jul 2014 06:10:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=from:to:references:in-reply-to:subject:date:message-id:mime-version
:content-type:thread-index:content-language;
bh=1YOjUGRu8oT+M0VjN3xVRkoWS/Bxs3NnbIBPMvIzD48=;
b=ozzdFm/EaQsE6aLuscVpBwZanlcHjFN2Wyv6VCcgxGirzTuyVUJB7gRWWRGQvj3ZbB
5mPzHlNDUbnRUJzt0HfI1k2rgc2xzr9I+W0uwVuCE4XQYQxG9w4/VkrV88phJj/IrpHG
byBiYymTjg/25JHD7yUjiTTXlnMqyl3r2kPLF5fwy9X9YwT8l1CqmztlwuOx3NZZbmZB
mNxc8xdxTl+TtqQEI9NpRGAaQkXfulKAIINA7t5U++Ri/u8gI1GntxHyy91GpWOdUI6D
ba79+YOIpsOAiH+wZ/bd8vGo+bHAGBoKgkI2aOElk0I/xCcUwizVbdX6LdVPApgo7qqL
9XDQ==
X-Received: by 10.195.17.164 with SMTP id gf4mr65189919wjd.45.1405084223396;
Fri, 11 Jul 2014 06:10:23 -0700 (PDT)
Received: from botmachine (muszelka.nat.student.pw.edu.pl. [194.29.137.5])
by mx.google.com with ESMTPSA id cz4sm7280458wib.23.2014.07.11.06.10.21
for <freebsd-jail@freebsd.org>
(version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
Fri, 11 Jul 2014 06:10:22 -0700 (PDT)
From: "Marcin Michta" <marcin.michta@gmail.com>
To: <freebsd-jail@freebsd.org>
References: <001501cf9cf7$cb848ab0$628da010$@gmail.com>
In-Reply-To: <001501cf9cf7$cb848ab0$628da010$@gmail.com>
Subject: Jail vnet features
Date: Fri, 11 Jul 2014 15:12:39 +0200
Message-ID: <002801cf9d09$ccba9480$662fbd80$@gmail.com>
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQGLIYv5gJfWpp6uB/WFRcKdINHRZJwj0C/Q
Content-Language: pl
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.18
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jul 2014 13:10:28 -0000
Hello,
I want to ask what are advantages and disadvantages using VNET?
I know that it allows each jail to have a private networking stack, but what
else?
Regards
Marthin
From owner-freebsd-jail@FreeBSD.ORG Fri Jul 11 13:33:32 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 6087DD55
for <freebsd-jail@freebsd.org>; Fri, 11 Jul 2014 13:33:32 +0000 (UTC)
Received: from relay.mailchannels.net (aso-006-i400.relay.mailchannels.net
[143.95.81.29]) by mx1.freebsd.org (Postfix) with ESMTP id D45522977
for <freebsd-jail@freebsd.org>; Fri, 11 Jul 2014 13:33:30 +0000 (UTC)
X-Sender-Id: _forwarded-from|107.201.34.133
Received: from mail-24.name-services.com (unknown [10.204.17.9])
by relay.mailchannels.net (Postfix) with ESMTPA id B37E8122897;
Fri, 11 Jul 2014 13:33:17 +0000 (UTC)
X-Sender-Id: _forwarded-from|107.201.34.133
Received: from mail-24.name-services.com (mail-24.name-services.com
[10.227.41.147]) (using TLSv1 with cipher AES128-SHA)
by 0.0.0.0:2500 (trex/5.2.5); Fri, 11 Jul 2014 13:33:22 GMT
X-MC-Relay: Forwarding
X-MailChannels-SenderId: _forwarded-from|107.201.34.133
X-MailChannels-Auth-Id: demandmedia
Received: from [10.0.10.1] (107-201-34-133.lightspeed.bcvloh.sbcglobal.net
[107.201.34.133]) by mail-24.name-services.com with SMTP;
Fri, 11 Jul 2014 06:33:12 -0700
Message-ID: <53BFE796.7020502@a1poweruser.com>
Date: Fri, 11 Jul 2014 09:33:10 -0400
From: Fbsd8 <fbsd8@a1poweruser.com>
User-Agent: Thunderbird 2.0.0.17 (Windows/20080914)
MIME-Version: 1.0
To: Peter Toth <peter.toth198@gmail.com>
Subject: Re: vnet jail and ipfw/nat on host - keep-state problem?
References: <CAEUAJxtpJz3gPboUYc4p3JvkHSca=++fz0gj85sjwJG1eBgPjA@mail.gmail.com>
<alpine.DEB.2.02.1407111702040.32174@PetersBigBox>
<CAEUAJxtD9oA6qp81TTgNAd=xaG-nQvPp64Qpei2HKTHZsFs8Uw@mail.gmail.com>
In-Reply-To: <CAEUAJxtD9oA6qp81TTgNAd=xaG-nQvPp64Qpei2HKTHZsFs8Uw@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Peter Ross <Peter.Ross@alumni.tu-berlin.de>, freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jul 2014 13:33:32 -0000
Peter Toth wrote:
> Have not used natd with IPFW much as always preferred PF to do everything
> on the host.
>
> I have only a wild guess - the "me" keyword in IPFW is substituted only to
> the host's IPs known to itself.
> The host's IPFW firewall most likely doesn't know anything about IPs
> assigned to vnet interfaces inside the jail.
>
> Vnet jails behave more like separate physical hosts.
>
> Internet ---> [host] ------- (10.0.10.0 LAN) ------> [vnet jail]
>
> The PF issue inside a jail is a separate problem, PF is not fully
> VIMAGE/VNET aware as far as I know.
>
> Can someone comment on these or correct me?
>
> P
>
>
>
> On Fri, Jul 11, 2014 at 7:11 PM, Peter Ross <Peter.Ross@alumni.tu-berlin.de>
> wrote:
>
>> On Thu, 10 Jul 2014, Peter Toth wrote:
>>
>> Hi Peter,
>>> Try to make these changes:
>>>
>>> net.inet.ip.forwarding=1 # Enable IP forwarding between interfaces
>>> net.link.bridge.pfil_onlyip=0 # Only pass IP packets when pfil is enabled
>>> net.link.bridge.pfil_bridge=0 # Packet filter on the bridge interface
>>> net.link.bridge.pfil_member=0 # Packet filter on the member interface
>>>
>>> You can find some info
>>> here http://iocage.readthedocs.org/en/latest/help-no-internet.html
>>>
>>> I've had these issues before with PF and IPFW, by default these will be
>>> filtering on your bridge and member interfaces.
>>>
>> Thanks. It did not change anything.
>>
>> Now, inside_ the jail I run "ipfw allow ip from any to any".
>>
>> This on the host system:
>>
>> 01000 check-state
>> 01100 allow tcp from any to any established
>> 01200 allow ip from any to any frag
>> 00100 divert 8668 ip4 from any to any via age0
>> 03100 allow udp from any to 10.0.10.1 dst-port 53 keep-state
>> 03200 allow udp from any to me dst-port 53 keep-state
>>
>> (with natd redirecting "redirect_port udp 10.0.10.1:53 external.ip:53")
>>
>> If I add
>>
>> 03300 allow udp from me 53 to any
>>
>> it works..
>>
>> So it makes me think check-state isn't usable - because
>>
>> 03200 allow udp from any to me dst-port 53 keep-state
>>
>> should cover the returning packets.
>>
>> I played with your parameters but it did not help. But thanks for the idea.
>>
>> Here again the setup:
>>
>> Internet->age0(host interface with natd and external IP)
>> ->bridge10(10.0.10.254)->epair1a
>> ->epair1b(10.0.10.1 in bind vnet jail)
>>
>> I wonder what kind of restrictions exist with vnet.. it does not seem to
>> work _exactly_ as a "real" network stack (the issues with pf inside the
>> jail let me think of it too)
>>
>> Did I find a restriction, a bug - or just that I've got it wrong?
>>
>> Regards
>> Peter
Any firewall function that runs in the kernel will not function inside
of a vnet/vimage jail.
From owner-freebsd-jail@FreeBSD.ORG Fri Jul 11 13:49:04 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 9DA5029E
for <freebsd-jail@freebsd.org>; Fri, 11 Jul 2014 13:49:04 +0000 (UTC)
Received: from relay.mailchannels.net (ar-005-i202.relay.mailchannels.net
[162.253.144.84])
by mx1.freebsd.org (Postfix) with ESMTP id E10662AE4
for <freebsd-jail@freebsd.org>; Fri, 11 Jul 2014 13:49:03 +0000 (UTC)
X-Sender-Id: _forwarded-from|107.201.34.133
Received: from mail-24.name-services.com (unknown [10.33.130.169])
by relay.mailchannels.net (Postfix) with ESMTPA id AE984100D92;
Fri, 11 Jul 2014 13:30:04 +0000 (UTC)
X-Sender-Id: _forwarded-from|107.201.34.133
Received: from mail-24.name-services.com (mail-24.name-services.com
[10.227.41.147]) (using TLSv1 with cipher AES128-SHA)
by 0.0.0.0:2500 (trex/5.2.5); Fri, 11 Jul 2014 13:30:10 GMT
X-MC-Relay: Forwarding
X-MailChannels-SenderId: _forwarded-from|107.201.34.133
X-MailChannels-Auth-Id: demandmedia
Received: from [10.0.10.1] (107-201-34-133.lightspeed.bcvloh.sbcglobal.net
[107.201.34.133]) by mail-24.name-services.com with SMTP;
Fri, 11 Jul 2014 06:28:29 -0700
Message-ID: <53BFE67C.6040301@a1poweruser.com>
Date: Fri, 11 Jul 2014 09:28:28 -0400
From: Fbsd8 <fbsd8@a1poweruser.com>
User-Agent: Thunderbird 2.0.0.17 (Windows/20080914)
MIME-Version: 1.0
To: Marcin Michta <marcin.michta@gmail.com>
Subject: Re: Jail vnet features
References: <001501cf9cf7$cb848ab0$628da010$@gmail.com>
<002801cf9d09$ccba9480$662fbd80$@gmail.com>
In-Reply-To: <002801cf9d09$ccba9480$662fbd80$@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jul 2014 13:49:04 -0000
Marcin Michta wrote:
> Hello,
>
>
>
> I want to ask what are advantages and disadvantages using VNET?
>
> I know that it allows each jail to have a private networking stack, but what
> else?
>
>
>
> Regards
>
> Marthin
>
Its experimental, it has many bugs posted in PR system, loses memory
every time a vnet jail is stopped, firewalls in vnet jail don't work,
other that these show stoppers, use at your own risk.
From owner-freebsd-jail@FreeBSD.ORG Fri Jul 11 19:56:11 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 860645BC
for <freebsd-jail@freebsd.org>; Fri, 11 Jul 2014 19:56:11 +0000 (UTC)
Received: from frv199.fwdcdn.com (frv199.fwdcdn.com [212.42.77.199])
(using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 416592092
for <freebsd-jail@freebsd.org>; Fri, 11 Jul 2014 19:56:10 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ukr.net;
s=ffe;
h=Content-Transfer-Encoding:Content-Type:MIME-Version:References:In-Reply-To:Message-Id:Cc:To:Subject:From:Date;
bh=JGtFA/C285nZqH4B72b4rS7y+V1iYV6LGn4+2o2Cqs0=;
b=uakx+0o5MIugqgM9zMiBUHZtlnJzBpOawXDBrWkeGE2Q5h/I4z2yBqgMgkIejUntUNHg0saHxTBhl+uL+CZ7SUT7mgnId5xIhoqWVZY+UI5/xqDV5Ws37mkypd4ujTPC5o8DniL7xC876FnEw/P2v4wOXjIJP2JBLRJ425R0WJ0=;
Received: from [10.10.10.34] (helo=frv34.fwdcdn.com)
by frv199.fwdcdn.com with smtp ID 1X5gvG-000Jce-NT
for freebsd-jail@freebsd.org; Fri, 11 Jul 2014 22:55:58 +0300
Date: Fri, 11 Jul 2014 22:55:58 +0300
From: wishmaster <artemrts@ukr.net>
Subject: Re[2]: Jail vnet features
To: Fbsd8 <fbsd8@a1poweruser.com>
X-Mailer: mail.ukr.net 5.0
Message-Id: <1405108158.121371273.hhxi3qt1@frv34.fwdcdn.com>
In-Reply-To: <53BFE67C.6040301@a1poweruser.com>
References: <001501cf9cf7$cb848ab0$628da010$@gmail.com>
<002801cf9d09$ccba9480$662fbd80$@gmail.com>
<53BFE67C.6040301@a1poweruser.com>
MIME-Version: 1.0
Received: from artemrts@ukr.net by frv34.fwdcdn.com;
Fri, 11 Jul 2014 22:55:58 +0300
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: binary
Content-Disposition: inline
Cc: freebsd-jail@freebsd.org, Marcin Michta <marcin.michta@gmail.com>
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jul 2014 19:56:11 -0000
--- Original message ---
From: "Fbsd8" <fbsd8@a1poweruser.com>
Date: 11 July 2014, 16:49:08
> Marcin Michta wrote:
> > Hello,
> >
> >
> >
> > I want to ask what are advantages and disadvantages using VNET?
> >
> > I know that it allows each jail to have a private networking stack, but what
> > else?
> >
> >
> >
> > Regards
> >
> > Marthin
> >
>
> Its experimental, it has many bugs posted in PR system, loses memory
> every time a vnet jail is stopped, firewalls in vnet jail don't work,
> other that these show stoppers, use at your own risk.
Hey, man. Stop panic!
Firewall works very well. Memory leak on shutdown it is not very big problem.
Main advantage for me is: I am able to filtering and prioritization traffic coming thought base system. My vnete'ed jails is like a regular LAN clients and they share INET pipe with appropriate weight. I use ipfw.
From owner-freebsd-jail@FreeBSD.ORG Fri Jul 11 20:21:42 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id B503FA1E
for <freebsd-jail@freebsd.org>; Fri, 11 Jul 2014 20:21:42 +0000 (UTC)
Received: from mail-ig0-x229.google.com (mail-ig0-x229.google.com
[IPv6:2607:f8b0:4001:c05::229])
(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
(Client CN "smtp.gmail.com",
Issuer "Google Internet Authority G2" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 815D022F3
for <freebsd-jail@freebsd.org>; Fri, 11 Jul 2014 20:21:42 +0000 (UTC)
Received: by mail-ig0-f169.google.com with SMTP id r10so934932igi.0
for <freebsd-jail@freebsd.org>; Fri, 11 Jul 2014 13:21:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:cc:content-type;
bh=oPMg666ozHK37O7p+kb8W3q5cew957vgl1ERIvCdRBs=;
b=xFPsLcNCvi1ckp8alaugf2AMUiKb8hSRDipjOD/9bYARTqS2g+1HyHKAxHJRjXP84d
2RZ4Os2nrJQfk76Nsh8SZuqAgVONds7LddIjoUjRT2O2EXWI6fVga7AuapsGiIYiwXkq
6d1NWUI3yambyUyj7fYBmcAxDIQAIMfF3of15bUw5S78mk+rrs5NoTYDGQeA/bku9vp/
WZU7BaAVIInE8Ko41oD2Lr/dYyHUx/BQZL2IjJm8o2jTQt0FPB3Q5pgJdix/FqB4N+c/
fDYEmR9CDm6iXSnw+TbZJ4+Qx7sxGo+rwDmppniYsgquTnAnjZDQEkhQw02gWq3uivU9
x6ew==
MIME-Version: 1.0
X-Received: by 10.42.24.9 with SMTP id u9mr5330421icb.91.1405110101962; Fri,
11 Jul 2014 13:21:41 -0700 (PDT)
Received: by 10.42.168.194 with HTTP; Fri, 11 Jul 2014 13:21:41 -0700 (PDT)
In-Reply-To: <53BFE796.7020502@a1poweruser.com>
References: <CAEUAJxtpJz3gPboUYc4p3JvkHSca=++fz0gj85sjwJG1eBgPjA@mail.gmail.com>
<alpine.DEB.2.02.1407111702040.32174@PetersBigBox>
<CAEUAJxtD9oA6qp81TTgNAd=xaG-nQvPp64Qpei2HKTHZsFs8Uw@mail.gmail.com>
<53BFE796.7020502@a1poweruser.com>
Date: Sat, 12 Jul 2014 08:21:41 +1200
Message-ID: <CAEUAJxsvy=sMo_Z+E0wmCMQTn=7SnsASFnAqxYe8D5ZPTs6o1w@mail.gmail.com>
Subject: Re: vnet jail and ipfw/nat on host - keep-state problem?
From: Peter Toth <peter.toth198@gmail.com>
To: Fbsd8 <fbsd8@a1poweruser.com>
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.18
Cc: Peter Ross <Peter.Ross@alumni.tu-berlin.de>, freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jul 2014 20:21:42 -0000
This sounds a bit vague, can you please explain in more detail what you
meant by this?
IPFW works inside a vnet jail - You can manage per jail firewall instances
without any issues.
The only firewall which cannot function inside a jail (yet) is PF.
P
On Sat, Jul 12, 2014 at 1:33 AM, Fbsd8 <fbsd8@a1poweruser.com> wrote:
> Peter Toth wrote:
>
>> Have not used natd with IPFW much as always preferred PF to do everything
>> on the host.
>>
>> I have only a wild guess - the "me" keyword in IPFW is substituted only to
>> the host's IPs known to itself.
>> The host's IPFW firewall most likely doesn't know anything about IPs
>> assigned to vnet interfaces inside the jail.
>>
>> Vnet jails behave more like separate physical hosts.
>>
>> Internet ---> [host] ------- (10.0.10.0 LAN) ------> [vnet jail]
>>
>> The PF issue inside a jail is a separate problem, PF is not fully
>> VIMAGE/VNET aware as far as I know.
>>
>> Can someone comment on these or correct me?
>>
>> P
>>
>>
>>
>> On Fri, Jul 11, 2014 at 7:11 PM, Peter Ross <Peter.Ross@alumni.tu-berlin.
>> de>
>> wrote:
>>
>> On Thu, 10 Jul 2014, Peter Toth wrote:
>>>
>>> Hi Peter,
>>>
>>>> Try to make these changes:
>>>>
>>>> net.inet.ip.forwarding=1 # Enable IP forwarding between interfaces
>>>> net.link.bridge.pfil_onlyip=0 # Only pass IP packets when pfil is
>>>> enabled
>>>> net.link.bridge.pfil_bridge=0 # Packet filter on the bridge interface
>>>> net.link.bridge.pfil_member=0 # Packet filter on the member interface
>>>>
>>>> You can find some info
>>>> here http://iocage.readthedocs.org/en/latest/help-no-internet.html
>>>>
>>>> I've had these issues before with PF and IPFW, by default these will be
>>>> filtering on your bridge and member interfaces.
>>>>
>>>> Thanks. It did not change anything.
>>>
>>> Now, inside_ the jail I run "ipfw allow ip from any to any".
>>>
>>> This on the host system:
>>>
>>> 01000 check-state
>>> 01100 allow tcp from any to any established
>>> 01200 allow ip from any to any frag
>>> 00100 divert 8668 ip4 from any to any via age0
>>> 03100 allow udp from any to 10.0.10.1 dst-port 53 keep-state
>>> 03200 allow udp from any to me dst-port 53 keep-state
>>>
>>> (with natd redirecting "redirect_port udp 10.0.10.1:53 external.ip:53")
>>>
>>> If I add
>>>
>>> 03300 allow udp from me 53 to any
>>>
>>> it works..
>>>
>>> So it makes me think check-state isn't usable - because
>>>
>>> 03200 allow udp from any to me dst-port 53 keep-state
>>>
>>> should cover the returning packets.
>>>
>>> I played with your parameters but it did not help. But thanks for the
>>> idea.
>>>
>>> Here again the setup:
>>>
>>> Internet->age0(host interface with natd and external IP)
>>> ->bridge10(10.0.10.254)->epair1a
>>> ->epair1b(10.0.10.1 in bind vnet jail)
>>>
>>> I wonder what kind of restrictions exist with vnet.. it does not seem to
>>> work _exactly_ as a "real" network stack (the issues with pf inside the
>>> jail let me think of it too)
>>>
>>> Did I find a restriction, a bug - or just that I've got it wrong?
>>>
>>> Regards
>>> Peter
>>>
>>
> Any firewall function that runs in the kernel will not function inside of
> a vnet/vimage jail.
>
>
>
>
From owner-freebsd-jail@FreeBSD.ORG Sat Jul 12 01:07:35 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 41A7E28A
for <freebsd-jail@freebsd.org>; Sat, 12 Jul 2014 01:07:35 +0000 (UTC)
Received: from relay.mailchannels.net (aso-006-i400.relay.mailchannels.net
[143.95.81.29]) by mx1.freebsd.org (Postfix) with ESMTP id ADED02B41
for <freebsd-jail@freebsd.org>; Sat, 12 Jul 2014 01:07:33 +0000 (UTC)
X-Sender-Id: _forwarded-from|107.201.34.133
Received: from mail-24.name-services.com (unknown [10.236.129.92])
by relay.mailchannels.net (Postfix) with ESMTPA id 7CFB2603E6;
Sat, 12 Jul 2014 01:07:31 +0000 (UTC)
X-Sender-Id: _forwarded-from|107.201.34.133
Received: from mail-24.name-services.com (mail-24.name-services.com
[10.253.92.5]) (using TLSv1 with cipher AES128-SHA)
by 0.0.0.0:2500 (trex/5.2.5); Sat, 12 Jul 2014 01:07:32 GMT
X-MC-Relay: Forwarding
X-MailChannels-SenderId: _forwarded-from|107.201.34.133
X-MailChannels-Auth-Id: demandmedia
Received: from [10.0.10.1] (107-201-34-133.lightspeed.bcvloh.sbcglobal.net
[107.201.34.133]) by mail-24.name-services.com with SMTP;
Fri, 11 Jul 2014 18:07:26 -0700
Message-ID: <53C08A4D.4030803@a1poweruser.com>
Date: Fri, 11 Jul 2014 21:07:25 -0400
From: Fbsd8 <fbsd8@a1poweruser.com>
User-Agent: Thunderbird 2.0.0.17 (Windows/20080914)
MIME-Version: 1.0
To: wishmaster <artemrts@ukr.net>
Subject: Re: Jail vnet features
References: <001501cf9cf7$cb848ab0$628da010$@gmail.com> <002801cf9d09$ccba9480$662fbd80$@gmail.com> <53BFE67C.6040301@a1poweruser.com>
<1405108158.121371273.hhxi3qt1@frv34.fwdcdn.com>
In-Reply-To: <1405108158.121371273.hhxi3qt1@frv34.fwdcdn.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-jail@freebsd.org, Marcin Michta <marcin.michta@gmail.com>
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Jul 2014 01:07:35 -0000
wishmaster wrote:
>
>
> --- Original message ---
> From: "Fbsd8" <fbsd8@a1poweruser.com>
> Date: 11 July 2014, 16:49:08
>
>
>
>> Marcin Michta wrote:
>>> Hello,
>>>
>>>
>>>
>>> I want to ask what are advantages and disadvantages using VNET?
>>>
>>> I know that it allows each jail to have a private networking stack, but what
>>> else?
>>>
>>>
>>>
>>> Regards
>>>
>>> Marthin
>>>
>> Its experimental, it has many bugs posted in PR system, loses memory
>> every time a vnet jail is stopped, firewalls in vnet jail don't work,
>> other that these show stoppers, use at your own risk.
>
> Hey, man. Stop panic!
>
> Firewall works very well. Memory leak on shutdown it is not very big problem.
> Main advantage for me is: I am able to filtering and prioritization traffic coming thought base system. My vnete'ed jails is like a regular LAN clients and they share INET pipe with appropriate weight. I use ipfw.
>
Oh ya, host panic on boot is another common happing with vimage and
firewall ipf and pf trying to run inside of a vnet jail and on the host
at the same time.
Many people DO consider any kind of memory leak in kernel software such
as vimage is a really big show stopper for not using it in a production
system.
If you read a little bit closer the previous post you will see it's
talking about firewall running inside of a vnet/vimage jail. It doesn't
say anything about running a host firewall directing traffic to a ip
number assigned to a vnet jail.
Here is a list of some of the vnet outstanding PR's
143808, 147950, 148155, 152148, 160496, 160541, 161094, 164763, 165252,
176112, 176929, 178480, 178482, 179264, 182350, 185092, 188010, 191468
vnet/vimage is experimental and should never be used in a production
system and be exposed to the public network. It is not a secure software
configuration. Sure you can disregard all warnings and common sense and
risk your host system, thats your choice.
From owner-freebsd-jail@FreeBSD.ORG Sat Jul 12 01:16:48 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 493794A5
for <freebsd-jail@freebsd.org>; Sat, 12 Jul 2014 01:16:48 +0000 (UTC)
Received: from relay.mailchannels.net (ar-005-i202.relay.mailchannels.net
[162.253.144.84])
by mx1.freebsd.org (Postfix) with ESMTP id B48802C12
for <freebsd-jail@freebsd.org>; Sat, 12 Jul 2014 01:16:46 +0000 (UTC)
X-Sender-Id: _forwarded-from|107.201.34.133
Received: from mail-24.name-services.com (unknown [10.218.133.212])
by relay.mailchannels.net (Postfix) with ESMTPA id 1C96010009B;
Sat, 12 Jul 2014 01:16:42 +0000 (UTC)
X-Sender-Id: _forwarded-from|107.201.34.133
Received: from mail-24.name-services.com (mail-24.name-services.com
[10.245.145.206]) (using TLSv1 with cipher AES128-SHA)
by 0.0.0.0:2500 (trex/5.2.5); Sat, 12 Jul 2014 01:16:43 GMT
X-MC-Relay: Forwarding
X-MailChannels-SenderId: _forwarded-from|107.201.34.133
X-MailChannels-Auth-Id: demandmedia
Received: from [10.0.10.1] (107-201-34-133.lightspeed.bcvloh.sbcglobal.net
[107.201.34.133]) by mail-24.name-services.com with SMTP;
Fri, 11 Jul 2014 18:16:38 -0700
Message-ID: <53C08C74.6000805@a1poweruser.com>
Date: Fri, 11 Jul 2014 21:16:36 -0400
From: Fbsd8 <fbsd8@a1poweruser.com>
User-Agent: Thunderbird 2.0.0.17 (Windows/20080914)
MIME-Version: 1.0
To: Peter Toth <peter.toth198@gmail.com>
Subject: Re: vnet jail and ipfw/nat on host - keep-state problem?
References: <CAEUAJxtpJz3gPboUYc4p3JvkHSca=++fz0gj85sjwJG1eBgPjA@mail.gmail.com> <alpine.DEB.2.02.1407111702040.32174@PetersBigBox> <CAEUAJxtD9oA6qp81TTgNAd=xaG-nQvPp64Qpei2HKTHZsFs8Uw@mail.gmail.com> <53BFE796.7020502@a1poweruser.com>
<CAEUAJxsvy=sMo_Z+E0wmCMQTn=7SnsASFnAqxYe8D5ZPTs6o1w@mail.gmail.com>
In-Reply-To: <CAEUAJxsvy=sMo_Z+E0wmCMQTn=7SnsASFnAqxYe8D5ZPTs6o1w@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Peter Ross <Peter.Ross@alumni.tu-berlin.de>, freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Jul 2014 01:16:48 -0000
Peter Toth wrote:
> On Sat, Jul 12, 2014 at 1:33 AM, Fbsd8 <fbsd8@a1poweruser.com
> <mailto:fbsd8@a1poweruser.com>> wrote:
>
> Peter Toth wrote:
>
> Have not used natd with IPFW much as always preferred PF to do
> everything
> on the host.
>
> I have only a wild guess - the "me" keyword in IPFW is
> substituted only to
> the host's IPs known to itself.
> The host's IPFW firewall most likely doesn't know anything about IPs
> assigned to vnet interfaces inside the jail.
>
> Vnet jails behave more like separate physical hosts.
>
> Internet ---> [host] ------- (10.0.10.0 LAN) ------> [vnet jail]
>
> The PF issue inside a jail is a separate problem, PF is not fully
> VIMAGE/VNET aware as far as I know.
>
> Can someone comment on these or correct me?
>
> P
>
>
>
> On Fri, Jul 11, 2014 at 7:11 PM, Peter Ross
> <Peter.Ross@alumni.tu-berlin.__de
> <mailto:Peter.Ross@alumni.tu-berlin.de>>
> wrote:
>
> On Thu, 10 Jul 2014, Peter Toth wrote:
>
> Hi Peter,
>
> Try to make these changes:
>
> net.inet.ip.forwarding=1 # Enable IP forwarding
> between interfaces
> net.link.bridge.pfil_onlyip=0 # Only pass IP packets
> when pfil is enabled
> net.link.bridge.pfil_bridge=0 # Packet filter on the
> bridge interface
> net.link.bridge.pfil_member=0 # Packet filter on the
> member interface
>
> You can find some info
> here
> http://iocage.readthedocs.org/__en/latest/help-no-internet.__html
> <http://iocage.readthedocs.org/en/latest/help-no-internet.html>
>
> I've had these issues before with PF and IPFW, by
> default these will be
> filtering on your bridge and member interfaces.
>
> Thanks. It did not change anything.
>
> Now, inside_ the jail I run "ipfw allow ip from any to any".
>
> This on the host system:
>
> 01000 check-state
> 01100 allow tcp from any to any established
> 01200 allow ip from any to any frag
> 00100 divert 8668 ip4 from any to any via age0
> 03100 allow udp from any to 10.0.10.1 dst-port 53 keep-state
> 03200 allow udp from any to me dst-port 53 keep-state
>
> (with natd redirecting "redirect_port udp 10.0.10.1:53
> <http://10.0.10.1:53> external.ip:53")
>
> If I add
>
> 03300 allow udp from me 53 to any
>
> it works..
>
> So it makes me think check-state isn't usable - because
>
> 03200 allow udp from any to me dst-port 53 keep-state
>
> should cover the returning packets.
>
> I played with your parameters but it did not help. But
> thanks for the idea.
>
> Here again the setup:
>
> Internet->age0(host interface with natd and external IP)
> ->bridge10(10.0.10.254)->__epair1a
> ->epair1b(10.0.10.1 in bind vnet jail)
>
> I wonder what kind of restrictions exist with vnet.. it does
> not seem to
> work _exactly_ as a "real" network stack (the issues with pf
> inside the
> jail let me think of it too)
>
> Did I find a restriction, a bug - or just that I've got it
> wrong?
>
> Regards
> Peter
>
>
> Any firewall function that runs in the kernel will not function
> inside of a vnet/vimage jail.
>
>
>
> This sounds a bit vague, can you please explain in more detail what you
> meant by this?
>
> IPFW works inside a vnet jail - You can manage per jail firewall
> instances without any issues.
>
> The only firewall which cannot function inside a jail (yet) is PF.
>
> P
>
>
You are incorrect.
Here is a list of some of the vnet/vimage outstanding PR's
143808, 147950, 148155, 152148, 160496, 160541, 161094, 164763, 165252,
176112, 176929, 178480, 178482, 179264, 182350, 185092, 188010, 191468
From owner-freebsd-jail@FreeBSD.ORG Sat Jul 12 01:30:12 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 77A575CD
for <freebsd-jail@FreeBSD.org>; Sat, 12 Jul 2014 01:30:12 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 5ED112CD8
for <freebsd-jail@FreeBSD.org>; Sat, 12 Jul 2014 01:30:12 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s6C1UCJE005264
for <freebsd-jail@FreeBSD.org>; Sat, 12 Jul 2014 01:30:12 GMT
(envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 142972] [jail] [patch] Support JAILv2 and vnet in rc.d/jail
Date: Sat, 12 Jul 2014 01:30:12 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: conf
X-Bugzilla-Version: 8.0-RELEASE
X-Bugzilla-Keywords:
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: joeb1@a1poweruser.com
X-Bugzilla-Status: In Discussion
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-142972-9824-kLuq5WnyNH@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-142972-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-142972-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Jul 2014 01:30:12 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=142972
joeb1@a1poweruser.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |joeb1@a1poweruser.com
--- Comment #10 from joeb1@a1poweruser.com ---
This pr should be closed. This PR is against the /etc/rc.d/jail script which in
10.0 is depreciated and was replaced in 9.1 and newer with jail(8) program.
This is dead. lets move on to jail(8) method of jails and vnet jails.
--
You are receiving this mail because:
You are the assignee for the bug.
From owner-freebsd-jail@FreeBSD.ORG Sat Jul 12 03:40:13 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id EDB90A6B
for <freebsd-jail@freebsd.org>; Sat, 12 Jul 2014 03:40:12 +0000 (UTC)
Received: from mail-ig0-x233.google.com (mail-ig0-x233.google.com
[IPv6:2607:f8b0:4001:c05::233])
(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
(Client CN "smtp.gmail.com",
Issuer "Google Internet Authority G2" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id B7C16274D
for <freebsd-jail@freebsd.org>; Sat, 12 Jul 2014 03:40:12 +0000 (UTC)
Received: by mail-ig0-f179.google.com with SMTP id h18so122128igc.6
for <freebsd-jail@freebsd.org>; Fri, 11 Jul 2014 20:40:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:cc:content-type;
bh=N5HpnThpa4VbFPglzoRu5Y2lD8hXwT8UOBGmimJPQX8=;
b=AT+Wm5ncX/ReCQTb0/436baR0gnLxRkhl/hcMzTui0n/P8fsO7WfmNVvyIRlr9EP3o
98A78Rjlh9XvKfKjINPHo+EqAbqp98K1sttqE9Dm1jOUEk8pgZBCiHY68TmhccrsdsRz
x7L3sknZXph9m/6/7XtQuALr7vSM+siLrddCjBwsdIQxEQhBX9mlqe4iC7zL6nq+mFTy
h4bv+41XCp6jYiC/h8EEFy2DXdvjRKjIR1AhqcUnFlVvWSiKHEy8dXvtFzT75nOKyXuH
jFLamyz0gkfIqSf2phvzQ5FJTv6cR8zv/5BxbmSOpCsiDAI+EU+oUZFoHn+Qx3BT2Acu
A/vg==
MIME-Version: 1.0
X-Received: by 10.50.114.226 with SMTP id jj2mr9523174igb.27.1405136410652;
Fri, 11 Jul 2014 20:40:10 -0700 (PDT)
Received: by 10.43.59.6 with HTTP; Fri, 11 Jul 2014 20:40:10 -0700 (PDT)
In-Reply-To: <53C08C74.6000805@a1poweruser.com>
References: <CAEUAJxtpJz3gPboUYc4p3JvkHSca=++fz0gj85sjwJG1eBgPjA@mail.gmail.com>
<alpine.DEB.2.02.1407111702040.32174@PetersBigBox>
<CAEUAJxtD9oA6qp81TTgNAd=xaG-nQvPp64Qpei2HKTHZsFs8Uw@mail.gmail.com>
<53BFE796.7020502@a1poweruser.com>
<CAEUAJxsvy=sMo_Z+E0wmCMQTn=7SnsASFnAqxYe8D5ZPTs6o1w@mail.gmail.com>
<53C08C74.6000805@a1poweruser.com>
Date: Sat, 12 Jul 2014 15:40:10 +1200
Message-ID: <CAEUAJxt=wdv_tqo8ffkJ=1N=nxBBM7Pb5==HWXfzjSeG0y8N0w@mail.gmail.com>
Subject: Re: vnet jail and ipfw/nat on host - keep-state problem?
From: Peter Toth <peter.toth198@gmail.com>
To: Fbsd8 <fbsd8@a1poweruser.com>
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.18
Cc: Peter Ross <Peter.Ross@alumni.tu-berlin.de>, freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Jul 2014 03:40:13 -0000
Dear Joe Barbish (alias fbsd8@a1poweruser.com),
When you going to stop trolling the FreeBSD mailing list and spread
disinformation? For anyone interested please check this mail thread on who
fbsd8 really is:
http://lists.freebsd.org/pipermail/freebsd-jail//2013-March/002147.html
Very telling isn't it!
People come to this place to learn, share information, help out other folks
and most importantly to have a constructive debate! (obviously some would
rather divert this effort)
The PR number's mentioned are mostly outdated from the 8.x and 9.x series -
some of them are completely irrelevant (like ACPI) or for a i386 system.
Beyond this I am categorically refusing to waste any energy and time on
answering any trolling/diversion attempts by Joe Barbish.
Most importantly I encourage anyone avoiding his dubious Qjail project by
far - for details please check the link above.
I am not going to burn time on dissecting each PR one-by-one but rather
share my experience with VNET.
Over the last year and a half have deployed numerous production systems
based on amd64 10-RELEASE with VNET enabled and PF running on the host.
Encountered 0 instability issues! Details on how to do this are here:
http://iocage.readthedocs.org/en/latest/real-world.html
As I mentioned before IPFW works in a jail and PF only works on the host.
Back to the original issue though, Peter could you please share your IPFW
config with me (maybe just send it directly to me), would be very
interested to get it going in my lab setup and add a howto page to share
this with others.
Cheers,
Peter
On Sat, Jul 12, 2014 at 1:16 PM, Fbsd8 <fbsd8@a1poweruser.com> wrote:
> Peter Toth wrote:
>
> On Sat, Jul 12, 2014 at 1:33 AM, Fbsd8 <fbsd8@a1poweruser.com <mailto:
>> fbsd8@a1poweruser.com>> wrote:
>>
>> Peter Toth wrote:
>>
>> Have not used natd with IPFW much as always preferred PF to do
>> everything
>> on the host.
>>
>> I have only a wild guess - the "me" keyword in IPFW is
>> substituted only to
>> the host's IPs known to itself.
>> The host's IPFW firewall most likely doesn't know anything about
>> IPs
>> assigned to vnet interfaces inside the jail.
>>
>> Vnet jails behave more like separate physical hosts.
>>
>> Internet ---> [host] ------- (10.0.10.0 LAN) ------> [vnet jail]
>>
>> The PF issue inside a jail is a separate problem, PF is not fully
>> VIMAGE/VNET aware as far as I know.
>>
>> Can someone comment on these or correct me?
>>
>> P
>>
>>
>>
>> On Fri, Jul 11, 2014 at 7:11 PM, Peter Ross
>> <Peter.Ross@alumni.tu-berlin.__de
>> <mailto:Peter.Ross@alumni.tu-berlin.de>>
>>
>> wrote:
>>
>> On Thu, 10 Jul 2014, Peter Toth wrote:
>>
>> Hi Peter,
>>
>> Try to make these changes:
>>
>> net.inet.ip.forwarding=1 # Enable IP forwarding
>> between interfaces
>> net.link.bridge.pfil_onlyip=0 # Only pass IP packets
>> when pfil is enabled
>> net.link.bridge.pfil_bridge=0 # Packet filter on the
>> bridge interface
>> net.link.bridge.pfil_member=0 # Packet filter on the
>> member interface
>>
>> You can find some info
>> here
>> http://iocage.readthedocs.org/
>> __en/latest/help-no-internet.__html
>>
>> <http://iocage.readthedocs.org/en/latest/help-no-
>> internet.html>
>>
>> I've had these issues before with PF and IPFW, by
>> default these will be
>> filtering on your bridge and member interfaces.
>>
>> Thanks. It did not change anything.
>>
>> Now, inside_ the jail I run "ipfw allow ip from any to any".
>>
>> This on the host system:
>>
>> 01000 check-state
>> 01100 allow tcp from any to any established
>> 01200 allow ip from any to any frag
>> 00100 divert 8668 ip4 from any to any via age0
>> 03100 allow udp from any to 10.0.10.1 dst-port 53 keep-state
>> 03200 allow udp from any to me dst-port 53 keep-state
>>
>> (with natd redirecting "redirect_port udp 10.0.10.1:53
>> <http://10.0.10.1:53> external.ip:53")
>>
>>
>> If I add
>>
>> 03300 allow udp from me 53 to any
>>
>> it works..
>>
>> So it makes me think check-state isn't usable - because
>>
>> 03200 allow udp from any to me dst-port 53 keep-state
>>
>> should cover the returning packets.
>>
>> I played with your parameters but it did not help. But
>> thanks for the idea.
>>
>> Here again the setup:
>>
>> Internet->age0(host interface with natd and external IP)
>> ->bridge10(10.0.10.254)->__epair1a
>>
>> ->epair1b(10.0.10.1 in bind vnet jail)
>>
>> I wonder what kind of restrictions exist with vnet.. it does
>> not seem to
>> work _exactly_ as a "real" network stack (the issues with pf
>> inside the
>> jail let me think of it too)
>>
>> Did I find a restriction, a bug - or just that I've got it
>> wrong?
>>
>> Regards
>> Peter
>>
>>
>> Any firewall function that runs in the kernel will not function
>> inside of a vnet/vimage jail.
>>
>>
>>
>> This sounds a bit vague, can you please explain in more detail what you
>> meant by this?
>>
>> IPFW works inside a vnet jail - You can manage per jail firewall
>> instances without any issues.
>>
>> The only firewall which cannot function inside a jail (yet) is PF.
>>
>> P
>>
>>
>>
> You are incorrect.
> Here is a list of some of the vnet/vimage outstanding PR's
>
> 143808, 147950, 148155, 152148, 160496, 160541, 161094, 164763, 165252,
> 176112, 176929, 178480, 178482, 179264, 182350, 185092, 188010, 191468
>
>
>
>
>
>
>
From owner-freebsd-jail@FreeBSD.ORG Sat Jul 12 06:24:40 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 4001EF06
for <freebsd-jail@freebsd.org>; Sat, 12 Jul 2014 06:24:40 +0000 (UTC)
Received: from home.opsec.eu (home.opsec.eu [IPv6:2001:14f8:200::1])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id E714A2430
for <freebsd-jail@freebsd.org>; Sat, 12 Jul 2014 06:24:39 +0000 (UTC)
Received: from pi by home.opsec.eu with local (Exim 4.82 (FreeBSD))
(envelope-from <lists@opsec.eu>)
id 1X5qjc-000OpI-7h; Sat, 12 Jul 2014 08:24:36 +0200
Date: Sat, 12 Jul 2014 08:24:36 +0200
From: Kurt Jaeger <lists@opsec.eu>
To: Fbsd8 <fbsd8@a1poweruser.com>
Subject: Re: vnet jail and ipfw/nat on host - keep-state problem?
Message-ID: <20140712062436.GS2586@home.opsec.eu>
References: <CAEUAJxtpJz3gPboUYc4p3JvkHSca=++fz0gj85sjwJG1eBgPjA@mail.gmail.com>
<alpine.DEB.2.02.1407111702040.32174@PetersBigBox>
<CAEUAJxtD9oA6qp81TTgNAd=xaG-nQvPp64Qpei2HKTHZsFs8Uw@mail.gmail.com>
<53BFE796.7020502@a1poweruser.com>
<CAEUAJxsvy=sMo_Z+E0wmCMQTn=7SnsASFnAqxYe8D5ZPTs6o1w@mail.gmail.com>
<53C08C74.6000805@a1poweruser.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <53C08C74.6000805@a1poweruser.com>
Cc: freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Jul 2014 06:24:40 -0000
Hi!
> > On Sat, Jul 12, 2014 at 1:33 AM, Fbsd8 <fbsd8@a1poweruser.com
> > <mailto:fbsd8@a1poweruser.com>> wrote:
[...]
> Here is a list of some of the vnet/vimage outstanding PR's
>
> 143808, 147950, 148155, 152148, 160496, 160541, 161094, 164763, 165252,
> 176112, 176929, 178480, 178482, 179264, 182350, 185092, 188010, 191468
188010 was committed 2014-03-27 -- why is it still outstanding ?
--
pi@opsec.eu +49 171 3101372 6 years to go !
From owner-freebsd-jail@FreeBSD.ORG Sat Jul 12 11:00:30 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id EBCA641E
for <freebsd-jail@freebsd.org>; Sat, 12 Jul 2014 11:00:30 +0000 (UTC)
Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 653D0285A
for <freebsd-jail@freebsd.org>; Sat, 12 Jul 2014 11:00:29 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id s6CB0MxI020325;
Sat, 12 Jul 2014 21:00:22 +1000 (EST)
(envelope-from smithi@nimnet.asn.au)
Date: Sat, 12 Jul 2014 21:00:22 +1000 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: Kurt Jaeger <lists@opsec.eu>
Subject: Re: vnet jail and ipfw/nat on host - keep-state problem?
In-Reply-To: <20140712062436.GS2586@home.opsec.eu>
Message-ID: <20140712205335.F50382@sola.nimnet.asn.au>
References: <CAEUAJxtpJz3gPboUYc4p3JvkHSca=++fz0gj85sjwJG1eBgPjA@mail.gmail.com>
<alpine.DEB.2.02.1407111702040.32174@PetersBigBox>
<CAEUAJxtD9oA6qp81TTgNAd=xaG-nQvPp64Qpei2HKTHZsFs8Uw@mail.gmail.com>
<53BFE796.7020502@a1poweruser.com>
<CAEUAJxsvy=sMo_Z+E0wmCMQTn=7SnsASFnAqxYe8D5ZPTs6o1w@mail.gmail.com>
<53C08C74.6000805@a1poweruser.com> <20140712062436.GS2586@home.opsec.eu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Cc: freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Jul 2014 11:00:31 -0000
On Sat, 12 Jul 2014 08:24:36 +0200, Kurt Jaeger wrote:
> Hi!
>
> > > On Sat, Jul 12, 2014 at 1:33 AM, Fbsd8 <fbsd8@a1poweruser.com
> > > <mailto:fbsd8@a1poweruser.com>> wrote:
> [...]
> > Here is a list of some of the vnet/vimage outstanding PR's
> >
> > 143808, 147950, 148155, 152148, 160496, 160541, 161094, 164763, 165252,
> > 176112, 176929, 178480, 178482, 179264, 182350, 185092, 188010, 191468
>
> 188010 was committed 2014-03-27 -- why is it still outstanding ?
185092 was also fixed and merged back to stable/10 and stable/9 in May.
I'm not about to check all of them .. we're used to these sour grapes.
cheers, Ian
From owner-freebsd-jail@FreeBSD.ORG Sat Jul 12 13:01:20 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 720F3946
for <freebsd-jail@FreeBSD.org>; Sat, 12 Jul 2014 13:01:20 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 58F87210C
for <freebsd-jail@FreeBSD.org>; Sat, 12 Jul 2014 13:01:20 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s6CD1K86037750
for <freebsd-jail@FreeBSD.org>; Sat, 12 Jul 2014 13:01:20 GMT
(envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 133265] [jail] is there a solution how to run nfs client in
jail environment?
Date: Sat, 12 Jul 2014 13:01:20 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: unspecified
X-Bugzilla-Keywords:
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: joeb1@a1poweruser.com
X-Bugzilla-Status: In Discussion
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-133265-9824-imRXvez59O@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-133265-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-133265-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Jul 2014 13:01:20 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=133265
joeb1@a1poweruser.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |joeb1@a1poweruser.com
--- Comment #5 from joeb1@a1poweruser.com ---
Close this pr.
In kernel ntfs has been removed from 10.0 base see
http://svnweb.freebsd.org/base/head/sbin/Makefile?view=log&pathrev=247665
--
You are receiving this mail because:
You are the assignee for the bug.
From owner-freebsd-jail@FreeBSD.ORG Sat Jul 12 13:29:47 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 90970E3F
for <freebsd-jail@FreeBSD.org>; Sat, 12 Jul 2014 13:29:47 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 777C122B5
for <freebsd-jail@FreeBSD.org>; Sat, 12 Jul 2014 13:29:47 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s6CDTlEu090073
for <freebsd-jail@FreeBSD.org>; Sat, 12 Jul 2014 13:29:47 GMT
(envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 133265] [jail] is there a solution how to run nfs client in
jail environment?
Date: Sat, 12 Jul 2014 13:29:47 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: unspecified
X-Bugzilla-Keywords:
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: lukasz@wasikowski.net
X-Bugzilla-Status: In Discussion
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-133265-9824-JTP0MkXr2F@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-133265-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-133265-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Jul 2014 13:29:47 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=133265
Lukasz Wasikowski <lukasz@wasikowski.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |lukasz@wasikowski.net
--- Comment #6 from Lukasz Wasikowski <lukasz@wasikowski.net> ---
ntfs is something completely different than nfs, this PR stands valid.
--
You are receiving this mail because:
You are the assignee for the bug.
From owner-freebsd-jail@FreeBSD.ORG Sat Jul 12 14:52:57 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id AC09FCE5
for <freebsd-jail@freebsd.org>; Sat, 12 Jul 2014 14:52:57 +0000 (UTC)
Received: from relay.mailchannels.net (aso-006-i400.relay.mailchannels.net
[143.95.81.29]) by mx1.freebsd.org (Postfix) with ESMTP id 2C139291D
for <freebsd-jail@freebsd.org>; Sat, 12 Jul 2014 14:52:56 +0000 (UTC)
X-Sender-Id: _forwarded-from|107.201.34.133
Received: from mail-24.name-services.com (unknown [10.237.11.126])
by relay.mailchannels.net (Postfix) with ESMTPA id 2C3C610088A;
Sat, 12 Jul 2014 14:52:48 +0000 (UTC)
X-Sender-Id: _forwarded-from|107.201.34.133
Received: from mail-24.name-services.com (mail-24.name-services.com
[10.253.92.5]) (using TLSv1 with cipher AES128-SHA)
by 0.0.0.0:2500 (trex/5.2.5); Sat, 12 Jul 2014 14:52:48 GMT
X-MC-Relay: Forwarding
X-MailChannels-SenderId: _forwarded-from|107.201.34.133
X-MailChannels-Auth-Id: demandmedia
Received: from [10.0.10.1] (107-201-34-133.lightspeed.bcvloh.sbcglobal.net
[107.201.34.133]) by mail-24.name-services.com with SMTP;
Sat, 12 Jul 2014 07:52:40 -0700
Message-ID: <53C14BB9.3030602@a1poweruser.com>
Date: Sat, 12 Jul 2014 10:52:41 -0400
From: Fbsd8 <fbsd8@a1poweruser.com>
User-Agent: Thunderbird 2.0.0.17 (Windows/20080914)
MIME-Version: 1.0
To: Peter Toth <peter.toth198@gmail.com>
Subject: Re: vnet jail and ipfw/nat on host - keep-state problem?
References: <CAEUAJxtpJz3gPboUYc4p3JvkHSca=++fz0gj85sjwJG1eBgPjA@mail.gmail.com> <alpine.DEB.2.02.1407111702040.32174@PetersBigBox> <CAEUAJxtD9oA6qp81TTgNAd=xaG-nQvPp64Qpei2HKTHZsFs8Uw@mail.gmail.com> <53BFE796.7020502@a1poweruser.com> <CAEUAJxsvy=sMo_Z+E0wmCMQTn=7SnsASFnAqxYe8D5ZPTs6o1w@mail.gmail.com> <53C08C74.6000805@a1poweruser.com>
<CAEUAJxt=wdv_tqo8ffkJ=1N=nxBBM7Pb5==HWXfzjSeG0y8N0w@mail.gmail.com>
In-Reply-To: <CAEUAJxt=wdv_tqo8ffkJ=1N=nxBBM7Pb5==HWXfzjSeG0y8N0w@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Peter Ross <Peter.Ross@alumni.tu-berlin.de>, freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Jul 2014 14:52:57 -0000
Sham on you Peter Toth.
Slander and calling names about someone who does not agree with you is
childish and something I would expect from a 10 year old.
This foolish post only shows how unprofessional your behavior is.
Sham on you.
Every thing stated by me is the truth and verified by the outstanding
pr's. If you can't trust the PR system as credible, then what can you trust.
I don't disagree that you may have a working vnet/vimage configuration
running on your hobby host system or that your foolishly exposing your
hobby host system to public network attack and host system takeover.
There is a very big difference between software that does not crash when
started and software that performs within its design parameters. I think
just because your configuration does not crash means to you its working
as expected. This is foolish in light of all the negative warnings about
vimage.
vimage is experimental and nothing you say can change that fact. Readers
don't believe me or Peter Toth and review the listed pr numbers and do
your own search of bugzilla on keyword vnet or vimage and make up your
own mind.
Peter Toth wrote:
> Dear Joe Barbish (alias fbsd8@a1poweruser.com
> <mailto:fbsd8@a1poweruser.com>),
>
> When you going to stop trolling the FreeBSD mailing list and spread
> disinformation?
>
> People come to this place to learn, share information, help out other
> folks and most importantly to have a constructive debate! (obviously
> some would rather divert this effort)
>
> The PR number's mentioned are mostly outdated from the 8.x and 9.x
> series - some of them are completely irrelevant (like ACPI) or for a
> i386 system.
> Beyond this I am categorically refusing to waste any energy and time on
> answering any trolling/diversion attempts by Joe Barbish.
>
> I am not going to burn time on dissecting each PR one-by-one but rather
> share my experience with VNET.
>
> Over the last year and a half have deployed numerous production systems
> based on amd64 10-RELEASE with VNET enabled and PF running on the host.
> Encountered 0 instability issues! Details on how to do this are
> here: http://iocage.readthedocs.org/en/latest/real-world.html
>
> As I mentioned before IPFW works in a jail and PF only works on the host.
>
> Back to the original issue though, Peter could you please share your
> IPFW config with me (maybe just send it directly to me), would be very
> interested to get it going in my lab setup and add a howto page to share
> this with others.
>
> Cheers,
> Peter
>
>
> On Sat, Jul 12, 2014 at 1:16 PM, Fbsd8 <fbsd8@a1poweruser.com
> <mailto:fbsd8@a1poweruser.com>> wrote:
>
> Peter Toth wrote:
>
> On Sat, Jul 12, 2014 at 1:33 AM, Fbsd8 <fbsd8@a1poweruser.com
> <mailto:fbsd8@a1poweruser.com> <mailto:fbsd8@a1poweruser.com
> <mailto:fbsd8@a1poweruser.com>>__> wrote:
>
> Peter Toth wrote:
>
> Have not used natd with IPFW much as always preferred PF
> to do
> everything
> on the host.
>
> I have only a wild guess - the "me" keyword in IPFW is
> substituted only to
> the host's IPs known to itself.
> The host's IPFW firewall most likely doesn't know
> anything about IPs
> assigned to vnet interfaces inside the jail.
>
> Vnet jails behave more like separate physical hosts.
>
> Internet ---> [host] ------- (10.0.10.0 LAN) ------>
> [vnet jail]
>
> The PF issue inside a jail is a separate problem, PF is
> not fully
> VIMAGE/VNET aware as far as I know.
>
> Can someone comment on these or correct me?
>
> P
>
>
>
> On Fri, Jul 11, 2014 at 7:11 PM, Peter Ross
> <Peter.Ross@alumni.tu-berlin.____de
> <mailto:Peter.Ross@alumni.tu-__berlin.de
> <mailto:Peter.Ross@alumni.tu-berlin.de>>>
>
> wrote:
>
> On Thu, 10 Jul 2014, Peter Toth wrote:
>
> Hi Peter,
>
> Try to make these changes:
>
> net.inet.ip.forwarding=1 # Enable IP
> forwarding
> between interfaces
> net.link.bridge.pfil_onlyip=0 # Only pass IP
> packets
> when pfil is enabled
> net.link.bridge.pfil_bridge=0 # Packet filter
> on the
> bridge interface
> net.link.bridge.pfil_member=0 # Packet filter
> on the
> member interface
>
> You can find some info
> here
>
> http://iocage.readthedocs.org/____en/latest/help-no-internet.____html
> <http://iocage.readthedocs.org/__en/latest/help-no-internet.__html>
>
>
> <http://iocage.readthedocs.__org/en/latest/help-no-__internet.html
> <http://iocage.readthedocs.org/en/latest/help-no-internet.html>>
>
> I've had these issues before with PF and IPFW, by
> default these will be
> filtering on your bridge and member interfaces.
>
> Thanks. It did not change anything.
>
> Now, inside_ the jail I run "ipfw allow ip from any
> to any".
>
> This on the host system:
>
> 01000 check-state
> 01100 allow tcp from any to any established
> 01200 allow ip from any to any frag
> 00100 divert 8668 ip4 from any to any via age0
> 03100 allow udp from any to 10.0.10.1 dst-port 53
> keep-state
> 03200 allow udp from any to me dst-port 53 keep-state
>
> (with natd redirecting "redirect_port udp
> 10.0.10.1:53 <http://10.0.10.1:53>
> <http://10.0.10.1:53> external.ip:53")
>
>
> If I add
>
> 03300 allow udp from me 53 to any
>
> it works..
>
> So it makes me think check-state isn't usable - because
>
> 03200 allow udp from any to me dst-port 53 keep-state
>
> should cover the returning packets.
>
> I played with your parameters but it did not help. But
> thanks for the idea.
>
> Here again the setup:
>
> Internet->age0(host interface with natd and external IP)
> ->bridge10(10.0.10.254)->____epair1a
>
> ->epair1b(10.0.10.1 in bind vnet jail)
>
> I wonder what kind of restrictions exist with vnet..
> it does
> not seem to
> work _exactly_ as a "real" network stack (the issues
> with pf
> inside the
> jail let me think of it too)
>
> Did I find a restriction, a bug - or just that I've
> got it
> wrong?
>
> Regards
> Peter
>
>
> Any firewall function that runs in the kernel will not function
> inside of a vnet/vimage jail.
>
>
>
> This sounds a bit vague, can you please explain in more detail
> what you meant by this?
>
> IPFW works inside a vnet jail - You can manage per jail firewall
> instances without any issues.
>
> The only firewall which cannot function inside a jail (yet) is PF.
>
> P
>
>
>
> You are incorrect.
> Here is a list of some of the vnet/vimage outstanding PR's
>
> 143808, 147950, 148155, 152148, 160496, 160541, 161094, 164763,
> 165252, 176112, 176929, 178480, 178482, 179264, 182350, 185092,
> 188010, 191468
>
>
>
>
>
>
>
From owner-freebsd-jail@FreeBSD.ORG Sat Jul 12 15:51:49 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id EDF78BB9
for <freebsd-jail@freebsd.org>; Sat, 12 Jul 2014 15:51:49 +0000 (UTC)
Received: from mail.freebsd.systems (unknown [IPv6:2001:6a0:1cb::b])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 9FA542D92
for <freebsd-jail@freebsd.org>; Sat, 12 Jul 2014 15:51:49 +0000 (UTC)
Received: from mail.freebsd.systems (mail.freebsd.systems
[IPv6:2001:6a0:1cb::b])
by mail.freebsd.systems (Postfix) with ESMTP id 6697DE1F;
Sat, 12 Jul 2014 17:51:44 +0200 (CEST)
X-Virus-Scanned: amavisd-new at freebsd.systems
Received: from mail.freebsd.systems ([IPv6:2001:6a0:1cb::b])
by mail.freebsd.systems (scan.freebsd.systems [IPv6:2001:6a0:1cb::b])
(amavisd-new, port 10026)
with ESMTP id d6Or715q_e5a; Sat, 12 Jul 2014 17:51:44 +0200 (CEST)
Received: from [192.168.168.1] (89-71-136-148.dynamic.chello.pl
[89.71.136.148])
(using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits))
(No client certificate requested)
by mail.freebsd.systems (Postfix) with ESMTPSA id A6B74E1C;
Sat, 12 Jul 2014 17:51:43 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=wasikowski.net;
s=default; t=1405180303;
bh=3nYLeH/ygPI1hQzhYHErpBP1RpwmkAl+MJOdQuwDne8=;
h=Date:From:To:CC:References:In-Reply-To;
b=DniorvKdlXYwgIYHBgG1vHgNMzRdSSI5OY4x6RZ5t+fKtWhG4pINKczbRUm+afdM8
APRnxh0qybwFRbfJ8wy5B06XgJVgnat8VgC0PYlCyD0KsdkR8uA8hQv9HTlpJSNvVf
EGoBmvtBjoWblPQ89vo5Lr9+BGfi6u6zWA7Hvec7H+HDE+o4Rq61egOeHHTiqVvf4p
e8d9lHAOP/arxniAWGfgPjEsUbqRWOCzLu2oxLD3moh1AdyFzPRWF0eC/9U6QCZAXD
nNc9l5zeJYuV8DoTSh1K5D3B+082N1mBnR9WBPa7Mf84UjrZBEfg4Y9LnZW/XOX375
RZTfl8vwaw/8w==
Message-ID: <53C15993.1070404@wasikowski.net>
Date: Sat, 12 Jul 2014 17:51:47 +0200
From: =?UTF-8?B?xYF1a2FzeiBXxIVzaWtvd3NraQ==?= <lukasz@wasikowski.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Fbsd8 <fbsd8@a1poweruser.com>, Peter Toth <peter.toth198@gmail.com>
Subject: Re: vnet jail and ipfw/nat on host - keep-state problem?
References: <CAEUAJxtpJz3gPboUYc4p3JvkHSca=++fz0gj85sjwJG1eBgPjA@mail.gmail.com> <alpine.DEB.2.02.1407111702040.32174@PetersBigBox> <CAEUAJxtD9oA6qp81TTgNAd=xaG-nQvPp64Qpei2HKTHZsFs8Uw@mail.gmail.com> <53BFE796.7020502@a1poweruser.com> <CAEUAJxsvy=sMo_Z+E0wmCMQTn=7SnsASFnAqxYe8D5ZPTs6o1w@mail.gmail.com> <53C08C74.6000805@a1poweruser.com>
<CAEUAJxt=wdv_tqo8ffkJ=1N=nxBBM7Pb5==HWXfzjSeG0y8N0w@mail.gmail.com>
<53C14BB9.3030602@a1poweruser.com>
In-Reply-To: <53C14BB9.3030602@a1poweruser.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: Peter Ross <Peter.Ross@alumni.tu-berlin.de>, freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Jul 2014 15:51:50 -0000
W dniu 2014-07-12 16:52, Fbsd8 pisze:
> Sham on you Peter Toth.
> Slander and calling names about someone who does not agree with you is
> childish and something I would expect from a 10 year old.
>
> This foolish post only shows how unprofessional your behavior is.
> Sham on you.
And this came from person who stole someone else work [1] and then call
original author paranoid, mentally ill and demential [2]
Shame on you Joe Barbish. We remember what you did.
Anyway, it's not your business to decide for others what they should run
on production. It's their choice and their risk.
[1] Claiming copyright on others work is stealing for me:
http://lists.freebsd.org/pipermail/freebsd-jail//2013-March/002147.html
[2] http://lists.freebsd.org/pipermail/freebsd-jail//2013-March/002149.html
--
best regards,
Lukasz Wasikowski
From owner-freebsd-jail@FreeBSD.ORG Sat Jul 12 20:56:26 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 4EE82CAD
for <freebsd-jail@freebsd.org>; Sat, 12 Jul 2014 20:56:26 +0000 (UTC)
Received: from mail-ig0-x232.google.com (mail-ig0-x232.google.com
[IPv6:2607:f8b0:4001:c05::232])
(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
(Client CN "smtp.gmail.com",
Issuer "Google Internet Authority G2" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 16CB622E9
for <freebsd-jail@freebsd.org>; Sat, 12 Jul 2014 20:56:26 +0000 (UTC)
Received: by mail-ig0-f178.google.com with SMTP id uq10so563595igb.11
for <freebsd-jail@freebsd.org>; Sat, 12 Jul 2014 13:56:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:cc:content-type;
bh=T42QC3y+07GyaOpt8pnJS5p7a+ZDpNT9L2QYfKeHGio=;
b=hTkzq0nj94nTQSKB5L3u4l9lNPgnmKhwE9dzXGIvBfUFykNHEdkCbpgy46MNCok5x6
qLDaCTqiSt2OEGjhuwQiryFtq6x5Na4bMSTMXuQy5OlfZWZGnWk9D3mO3CBCVUD6JJvz
aD3HoB+xb7DEZmGVsuccKV9NaZj0HpJGTGQ0FF0m5j9haZx/fC0I903lgB215i0RNfHV
F/gi7pSzA33PkJH93ZCCRFCbVPwhddP6eUgCu0XL+FB6U+1lZi3DyQJYDArEwAAYYdBv
xh0qyDgPLk2MDcWbQQGUT2P9fMkbC+VHBPCFsoslSYfahm0vCev491XYiccm6CoM65SP
M0+w==
MIME-Version: 1.0
X-Received: by 10.42.216.143 with SMTP id hi15mr12646206icb.12.1405198585331;
Sat, 12 Jul 2014 13:56:25 -0700 (PDT)
Received: by 10.43.59.6 with HTTP; Sat, 12 Jul 2014 13:56:25 -0700 (PDT)
In-Reply-To: <53C14BB9.3030602@a1poweruser.com>
References: <CAEUAJxtpJz3gPboUYc4p3JvkHSca=++fz0gj85sjwJG1eBgPjA@mail.gmail.com>
<alpine.DEB.2.02.1407111702040.32174@PetersBigBox>
<CAEUAJxtD9oA6qp81TTgNAd=xaG-nQvPp64Qpei2HKTHZsFs8Uw@mail.gmail.com>
<53BFE796.7020502@a1poweruser.com>
<CAEUAJxsvy=sMo_Z+E0wmCMQTn=7SnsASFnAqxYe8D5ZPTs6o1w@mail.gmail.com>
<53C08C74.6000805@a1poweruser.com>
<CAEUAJxt=wdv_tqo8ffkJ=1N=nxBBM7Pb5==HWXfzjSeG0y8N0w@mail.gmail.com>
<53C14BB9.3030602@a1poweruser.com>
Date: Sun, 13 Jul 2014 08:56:25 +1200
Message-ID: <CAEUAJxsTbnFJ4ZW_tvUZW=M4ieRqwA_Au0cg_rKoY1_spMTCNQ@mail.gmail.com>
Subject: Re: vnet jail and ipfw/nat on host - keep-state problem?
From: Peter Toth <peter.toth198@gmail.com>
To: Fbsd8 <fbsd8@a1poweruser.com>
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.18
Cc: Peter Ross <Peter.Ross@alumni.tu-berlin.de>, freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Jul 2014 20:56:26 -0000
Unfortunately you don't even grasp what the meaning of the words like:
shame, truth, childish or professional is - and that's the bottom line
mate.
On Sun, Jul 13, 2014 at 2:52 AM, Fbsd8 <fbsd8@a1poweruser.com> wrote:
> Sham on you Peter Toth.
> Slander and calling names about someone who does not agree with you is
> childish and something I would expect from a 10 year old.
>
> This foolish post only shows how unprofessional your behavior is.
> Sham on you.
>
> Every thing stated by me is the truth and verified by the outstanding
> pr's. If you can't trust the PR system as credible, then what can you trust.
>
> I don't disagree that you may have a working vnet/vimage configuration
> running on your hobby host system or that your foolishly exposing your
> hobby host system to public network attack and host system takeover. There
> is a very big difference between software that does not crash when started
> and software that performs within its design parameters. I think just
> because your configuration does not crash means to you its working as
> expected. This is foolish in light of all the negative warnings about
> vimage.
>
> vimage is experimental and nothing you say can change that fact. Readers
> don't believe me or Peter Toth and review the listed pr numbers and do your
> own search of bugzilla on keyword vnet or vimage and make up your own mind.
>
>
> Peter Toth wrote:
>
>> Dear Joe Barbish (alias fbsd8@a1poweruser.com <mailto:
>> fbsd8@a1poweruser.com>),
>>
>>
>> When you going to stop trolling the FreeBSD mailing list and spread
>> disinformation?
>> People come to this place to learn, share information, help out other
>> folks and most importantly to have a constructive debate! (obviously some
>> would rather divert this effort)
>>
>> The PR number's mentioned are mostly outdated from the 8.x and 9.x series
>> - some of them are completely irrelevant (like ACPI) or for a i386 system.
>> Beyond this I am categorically refusing to waste any energy and time on
>> answering any trolling/diversion attempts by Joe Barbish.
>>
>> I am not going to burn time on dissecting each PR one-by-one but rather
>> share my experience with VNET.
>>
>> Over the last year and a half have deployed numerous production systems
>> based on amd64 10-RELEASE with VNET enabled and PF running on the host.
>> Encountered 0 instability issues! Details on how to do this are here:
>> http://iocage.readthedocs.org/en/latest/real-world.html
>>
>> As I mentioned before IPFW works in a jail and PF only works on the host.
>>
>> Back to the original issue though, Peter could you please share your IPFW
>> config with me (maybe just send it directly to me), would be very
>> interested to get it going in my lab setup and add a howto page to share
>> this with others.
>>
>> Cheers,
>> Peter
>>
>>
>> On Sat, Jul 12, 2014 at 1:16 PM, Fbsd8 <fbsd8@a1poweruser.com <mailto:
>> fbsd8@a1poweruser.com>> wrote:
>>
>> Peter Toth wrote:
>>
>> On Sat, Jul 12, 2014 at 1:33 AM, Fbsd8 <fbsd8@a1poweruser.com
>> <mailto:fbsd8@a1poweruser.com> <mailto:fbsd8@a1poweruser.com
>>
>> <mailto:fbsd8@a1poweruser.com>>__> wrote:
>>
>> Peter Toth wrote:
>>
>> Have not used natd with IPFW much as always preferred PF
>> to do
>> everything
>> on the host.
>>
>> I have only a wild guess - the "me" keyword in IPFW is
>> substituted only to
>> the host's IPs known to itself.
>> The host's IPFW firewall most likely doesn't know
>> anything about IPs
>> assigned to vnet interfaces inside the jail.
>>
>> Vnet jails behave more like separate physical hosts.
>>
>> Internet ---> [host] ------- (10.0.10.0 LAN) ------>
>> [vnet jail]
>>
>> The PF issue inside a jail is a separate problem, PF is
>> not fully
>> VIMAGE/VNET aware as far as I know.
>>
>> Can someone comment on these or correct me?
>>
>> P
>>
>>
>>
>> On Fri, Jul 11, 2014 at 7:11 PM, Peter Ross
>> <Peter.Ross@alumni.tu-berlin.____de
>> <mailto:Peter.Ross@alumni.tu-__berlin.de
>>
>> <mailto:Peter.Ross@alumni.tu-berlin.de>>>
>>
>> wrote:
>>
>> On Thu, 10 Jul 2014, Peter Toth wrote:
>>
>> Hi Peter,
>>
>> Try to make these changes:
>>
>> net.inet.ip.forwarding=1 # Enable IP
>> forwarding
>> between interfaces
>> net.link.bridge.pfil_onlyip=0 # Only pass IP
>> packets
>> when pfil is enabled
>> net.link.bridge.pfil_bridge=0 # Packet filter
>> on the
>> bridge interface
>> net.link.bridge.pfil_member=0 # Packet filter
>> on the
>> member interface
>>
>> You can find some info
>> here
>> http://iocage.readthedocs.org/
>> ____en/latest/help-no-internet.____html
>> <http://iocage.readthedocs.org/__en/latest/help-no-
>> internet.__html>
>>
>> <http://iocage.readthedocs.__
>> org/en/latest/help-no-__internet.html
>>
>> <http://iocage.readthedocs.org/en/latest/help-no-internet.html>>
>>
>> I've had these issues before with PF and IPFW, by
>> default these will be
>> filtering on your bridge and member interfaces.
>>
>> Thanks. It did not change anything.
>>
>> Now, inside_ the jail I run "ipfw allow ip from any
>> to any".
>>
>> This on the host system:
>>
>> 01000 check-state
>> 01100 allow tcp from any to any established
>> 01200 allow ip from any to any frag
>> 00100 divert 8668 ip4 from any to any via age0
>> 03100 allow udp from any to 10.0.10.1 dst-port 53
>> keep-state
>> 03200 allow udp from any to me dst-port 53 keep-state
>>
>> (with natd redirecting "redirect_port udp
>> 10.0.10.1:53 <http://10.0.10.1:53>
>> <http://10.0.10.1:53> external.ip:53")
>>
>>
>> If I add
>>
>> 03300 allow udp from me 53 to any
>>
>> it works..
>>
>> So it makes me think check-state isn't usable -
>> because
>>
>> 03200 allow udp from any to me dst-port 53 keep-state
>>
>> should cover the returning packets.
>>
>> I played with your parameters but it did not help. But
>> thanks for the idea.
>>
>> Here again the setup:
>>
>> Internet->age0(host interface with natd and external
>> IP)
>> ->bridge10(10.0.10.254)->____epair1a
>>
>>
>> ->epair1b(10.0.10.1 in bind vnet jail)
>>
>> I wonder what kind of restrictions exist with vnet..
>> it does
>> not seem to
>> work _exactly_ as a "real" network stack (the issues
>> with pf
>> inside the
>> jail let me think of it too)
>>
>> Did I find a restriction, a bug - or just that I've
>> got it
>> wrong?
>>
>> Regards
>> Peter
>>
>>
>> Any firewall function that runs in the kernel will not
>> function
>> inside of a vnet/vimage jail.
>>
>>
>>
>> This sounds a bit vague, can you please explain in more detail
>> what you meant by this?
>>
>> IPFW works inside a vnet jail - You can manage per jail firewall
>> instances without any issues.
>>
>> The only firewall which cannot function inside a jail (yet) is PF.
>>
>> P
>>
>>
>>
>> You are incorrect.
>> Here is a list of some of the vnet/vimage outstanding PR's
>>
>> 143808, 147950, 148155, 152148, 160496, 160541, 161094, 164763,
>> 165252, 176112, 176929, 178480, 178482, 179264, 182350, 185092,
>> 188010, 191468
>>
>>
>>
>>
>>
>>
>>
>>
>
>
From owner-freebsd-jail@FreeBSD.ORG Sun Jul 13 02:08:55 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id CB4D6B09
for <freebsd-jail@FreeBSD.org>; Sun, 13 Jul 2014 02:08:55 +0000 (UTC)
Received: from wonkity.com (wonkity.com [67.158.26.137])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "wonkity.com", Issuer "wonkity.com" (not verified))
by mx1.freebsd.org (Postfix) with ESMTPS id 7162627E7
for <freebsd-jail@FreeBSD.org>; Sun, 13 Jul 2014 02:08:55 +0000 (UTC)
Received: from wonkity.com (localhost [127.0.0.1])
by wonkity.com (8.14.9/8.14.9) with ESMTP id s6D28q6v011238
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
for <freebsd-jail@FreeBSD.org>; Sat, 12 Jul 2014 20:08:52 -0600 (MDT)
(envelope-from wblock@wonkity.com)
Received: from localhost (wblock@localhost)
by wonkity.com (8.14.9/8.14.9/Submit) with ESMTP id s6D28qff011235
for <freebsd-jail@FreeBSD.org>; Sat, 12 Jul 2014 20:08:52 -0600 (MDT)
(envelope-from wblock@wonkity.com)
Date: Sat, 12 Jul 2014 20:08:52 -0600 (MDT)
From: Warren Block <wblock@wonkity.com>
To: freebsd-jail@FreeBSD.org
Subject: mergemaster and better support for ezjails
Message-ID: <alpine.BSF.2.11.1407121753240.50320@wonkity.com>
User-Agent: Alpine 2.11 (BSF 23 2013-08-11)
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED;
BOUNDARY="3512871622-143809998-1405217332=:50320"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3
(wonkity.com [127.0.0.1]); Sat, 12 Jul 2014 20:08:52 -0600 (MDT)
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Jul 2014 02:08:55 -0000
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
--3512871622-143809998-1405217332=:50320
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
A couple of patches to make mergemaster work better with ezjails.
These are only very superficially tested. Feedback welcome.
1. If /etc/mergemaster.rc exists in the jail, it is sourced. This
allows IGNORE_FILES to be set in the jail. And other settings, but
that's the one I wanted.
2. If /etc/localtime in the jail is a plain file, as when tzsetup has
been run in the jail, tzsetup reinstalls the same file. It will come
from the host, but at first glance this does not seem to be a
problem, seeing that jails should be updated after the host has been
updated. Because /usr/share/zoneinfo does not exist in the jail, I
did not see a clean way to use tzsetup -C. A link could be created
to the basejail's /usr/share/zoneinfo, then deleted after
tzsetup -C has run, or maybe there is a better way.
--3512871622-143809998-1405217332=:50320
Content-Type: TEXT/PLAIN; charset=US-ASCII; name=mergemaster-ezjail.diff
Content-Transfer-Encoding: BASE64
Content-ID: <alpine.BSF.2.11.1407122008520.50320@wonkity.com>
Content-Description:
Content-Disposition: attachment; filename=mergemaster-ezjail.diff
LS0tIC91c3Ivc3JjL3Vzci5zYmluL21lcmdlbWFzdGVyL21lcmdlbWFzdGVy
LnNoCTIwMTQtMDYtMDMgMDY6MTY6MDYuMDAwMDAwMDAwIC0wNjAwDQorKysg
L3Vzci9zYmluL21lcmdlbWFzdGVyCTIwMTQtMDctMTIgMTk6NDA6MjIuMDAw
MDAwMDAwIC0wNjAwDQpAQCAtMjUxLDE2ICsyNTEsMjkgQEANCiAjDQogVEVN
UFJPT1Q9Jy92YXIvdG1wL3RlbXByb290Jw0KIA0KKyMgT3B0aW9ucyBzdHJp
bmcgZm9yIGdldG9wdHMNCitPUFRfU1RSPSI6YXNjcnZoaXBDUG06dDpkdTp3
OkE6RDpGVSINCisNCisjIGlmIC1EIERFU1RESVIgaXMgc2V0LCBwcm9jZXNz
IGl0IGZpcnN0DQorREVTVERJUj0iIg0KK3doaWxlIGdldG9wdHMgIiR7T1BU
X1NUUn0iIENPTU1BTkRfTElORV9BUkdVTUVOVCA7IGRvDQorICBjYXNlICIk
e0NPTU1BTkRfTElORV9BUkdVTUVOVH0iIGluDQorICBEKQ0KKyAgICBERVNU
RElSPSR7T1BUQVJHfQ0KKyAgICA7Ow0KKyAgZXNhYw0KK2RvbmUNCisNCiAj
IFJlYWQgL2V0Yy9tZXJnZW1hc3Rlci5yYyBmaXJzdCBzbyB0aGUgb25lIGlu
ICRIT01FIGNhbiBvdmVycmlkZQ0KICMNCiBpZiBbIC1yIC9ldGMvbWVyZ2Vt
YXN0ZXIucmMgXTsgdGhlbg0KLSAgLiAvZXRjL21lcmdlbWFzdGVyLnJjDQor
ICAuICIke0RFU1RESVJ9L2V0Yy9tZXJnZW1hc3Rlci5yYyINCiBmaQ0KIA0K
ICMgUmVhZCAubWVyZ2VtYXN0ZXJyYyBiZWZvcmUgY29tbWFuZCBsaW5lIHNv
IENMSSBjYW4gb3ZlcnJpZGUNCiAjDQogaWYgWyAtciAiJEhPTUUvLm1lcmdl
bWFzdGVycmMiIF07IHRoZW4NCi0gIC4gIiRIT01FLy5tZXJnZW1hc3RlcnJj
Ig0KKyAgLiAiJHtERVNURElSfS8kSE9NRS8ubWVyZ2VtYXN0ZXJyYyINCiBm
aQ0KIA0KIGZvciB2YXIgaW4gIiRAIiA7IGRvDQpAQCAtMjc5LDcgKzI5Miw4
IEBADQogDQogIyBDaGVjayB0aGUgY29tbWFuZCBsaW5lIG9wdGlvbnMNCiAj
DQotd2hpbGUgZ2V0b3B0cyAiOmFzY3J2aGlwQ1BtOnQ6ZHU6dzpEOkE6RlUi
IENPTU1BTkRfTElORV9BUkdVTUVOVCA7IGRvDQorT1BUSU5EPTENCit3aGls
ZSBnZXRvcHRzICIke09QVF9TVFJ9IiBDT01NQU5EX0xJTkVfQVJHVU1FTlQg
OyBkbw0KICAgY2FzZSAiJHtDT01NQU5EX0xJTkVfQVJHVU1FTlR9IiBpbg0K
ICAgQSkNCiAgICAgQVJDSFNUUklORz0nVEFSR0VUX0FSQ0g9JyR7T1BUQVJH
fQ0KQEAgLTM0NCw3ICszNTgsNyBAQA0KICAgICBTQ1JFRU5fV0lEVEg9JHtP
UFRBUkd9DQogICAgIDs7DQogICBEKQ0KLSAgICBERVNURElSPSR7T1BUQVJH
fQ0KKyAgICAjIGhhcyBhbHJlYWR5IGJlZW4gcHJvY2Vzc2VkDQogICAgIDs7
DQogICAqKQ0KICAgICBkaXNwbGF5X3VzYWdlDQpAQCAtMTMzNSwxMCArMTM0
OSwyMCBAQA0KIA0KIGlmIFsgLWUgIiR7REVTVERJUn0vZXRjL2xvY2FsdGlt
ZSIgLWEgISAtTCAiJHtERVNURElSfS9ldGMvbG9jYWx0aW1lIiAtYSAteiAi
JHtQUkVfV09STER9IiBdOyB0aGVuCSMgSWdub3JlIGlmIFRaID09IFVUQw0K
ICAgZWNobyAnJw0KLSAgWyAtbiAiJHtERVNURElSfSIgXSAmJiB0enNfYXJn
cz0iLUMgJHtERVNURElSfSINCi0gIGlmIFsgLWYgIiR7REVTVERJUn0vdmFy
L2RiL3pvbmVpbmZvIiBdOyB0aGVuDQotICAgIGVjaG8gIioqKiBSZWluc3Rh
bGxpbmcgYGNhdCAke0RFU1RESVJ9L3Zhci9kYi96b25laW5mb2AgYXMgJHtE
RVNURElSfS9ldGMvbG9jYWx0aW1lIg0KLSAgICB0enNldHVwICR0enNfYXJn
cyAtcg0KKyAgaWYgWyAtbiAiJHtERVNURElSfSIgXTsgdGhlbg0KKyAgICBT
SEFSRT0iJHtERVNURElSfS91c3Ivc2hhcmUiDQorICAgIFpPTkVfSU5GTz0i
JHtTSEFSRX0vem9uZWluZm8iDQorICAgIGlmIFsgLUwgIiR7U0hBUkV9IiAt
YSAhIC1lICIke1pPTkVfSU5GT30iIF07IHRoZW4NCisgICAgICAjIC91c3Iv
c2hhcmUgaXMgYSBsaW5rLCAvdXNyL3NoYXJlL3pvbmVpbmZvIGRvZXMgbm90
IGV4aXN0LCB0aGlzIGlzIGFuIGV6amFpbA0KKyAgICAgIHR6c19hcmdzPSIt
ciBcIiR7REVTVERJUn1cIiINCisgICAgZWxzZQ0KKyAgICAgICMgdGhpcyBp
cyBhIGZ1bGwgamFpbA0KKyAgICAgIHR6c19hcmdzPSItciAtQyBcIiR7REVT
VERJUn1cIiINCisgICAgZmkNCisgICAgaWYgWyAtZiAiJHtERVNURElSfS92
YXIvZGIvem9uZWluZm8iIF07IHRoZW4NCisgICAgICBlY2hvICIqKiogUmVp
bnN0YWxsaW5nIGBjYXQgJHtERVNURElSfS92YXIvZGIvem9uZWluZm9gIGFz
ICR7REVTVERJUn0vZXRjL2xvY2FsdGltZSINCisgICAgICB0enNldHVwICR0
enNfYXJncw0KKyAgICBmaQ0KICAgZWxzZQ0KICAgICBlY2hvICIqKiogVGhl
cmUgaXMgbm8gJHtERVNURElSfS92YXIvZGIvem9uZWluZm8gZmlsZSB0byB1
cGRhdGUgJHtERVNURElSfS9ldGMvbG9jYWx0aW1lLiINCiAgICAgZWNobyAn
ICAgIFlvdSBzaG91bGQgcnVuIHR6c2V0dXAnDQo=
--3512871622-143809998-1405217332=:50320--
From owner-freebsd-jail@FreeBSD.ORG Sun Jul 13 02:55:09 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id D2FF5DEE
for <freebsd-jail@freebsd.org>; Sun, 13 Jul 2014 02:55:09 +0000 (UTC)
Received: from mail-we0-x22e.google.com (mail-we0-x22e.google.com
[IPv6:2a00:1450:400c:c03::22e])
(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
(Client CN "smtp.gmail.com",
Issuer "Google Internet Authority G2" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 6CC102B08
for <freebsd-jail@freebsd.org>; Sun, 13 Jul 2014 02:55:09 +0000 (UTC)
Received: by mail-we0-f174.google.com with SMTP id x48so909181wes.19
for <freebsd-jail@freebsd.org>; Sat, 12 Jul 2014 19:55:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=date:from:to:cc:subject:message-id:references:mime-version
:content-type:content-disposition:in-reply-to:user-agent;
bh=9znH52AXghPgU3lvVqYxNM6XdeQNqJo70kKX4o7Mg5Q=;
b=GS0AOt2WHqNHowrsWgAJHL4F5Yx/yLtQfgd6HKKCADexLIlsAIvUkspxPbxJsCUZsS
Ejvj0iUctOTz6jwQpEItqSofDjvJSeaBJTPYb/bqbK3EiSpdWyA8n7978SsWWWo+Qbo5
3LsOi5HrcWXsIPBp4imq+6GqYBHdtq8LJI6GUZKbn6Ik6Up3CyUeLOxa242idAu3teE2
m7X5F7tOfIY+exV3bS9PjC0WnkKKr8yJ/606jxb/1zMMMF70Rt+3WQaFJy2JwT0jrvhP
kI/OzynixAuUuZVb5k8LMPgZgVf7YKhoALI4LuzoCqCtXVXVvAet/Mkwvj5oBPvwwBAB
kk4w==
X-Received: by 10.180.19.40 with SMTP id b8mr15387010wie.77.1405220107675;
Sat, 12 Jul 2014 19:55:07 -0700 (PDT)
Received: from dft-labs.eu (n1x0n-1-pt.tunnel.tserv5.lon1.ipv6.he.net.
[2001:470:1f08:1f7::2])
by mx.google.com with ESMTPSA id wu6sm15543645wjb.46.2014.07.12.19.55.06
for <multiple recipients>
(version=TLSv1.2 cipher=RC4-SHA bits=128/128);
Sat, 12 Jul 2014 19:55:06 -0700 (PDT)
Date: Sun, 13 Jul 2014 04:55:04 +0200
From: Mateusz Guzik <mjguzik@gmail.com>
To: Warren Block <wblock@wonkity.com>
Subject: Re: mergemaster and better support for ezjails
Message-ID: <20140713025504.GB16884@dft-labs.eu>
References: <alpine.BSF.2.11.1407121753240.50320@wonkity.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <alpine.BSF.2.11.1407121753240.50320@wonkity.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: freebsd-jail@FreeBSD.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Jul 2014 02:55:09 -0000
On Sat, Jul 12, 2014 at 08:08:52PM -0600, Warren Block wrote:
> A couple of patches to make mergemaster work better with ezjails.
>
> These are only very superficially tested. Feedback welcome.
>
> 1. If /etc/mergemaster.rc exists in the jail, it is sourced. This
> allows IGNORE_FILES to be set in the jail. And other settings, but
> that's the one I wanted.
>
How exactly does it work?
Is jailed root allowed to create /etc/mergemaster.rc?
If so, that would be a jail escape vector - an attacker puts commands they
want to execute inside and mergemaster sourcing the file will trigger
executing them.
In fact running mergemaster from "outside" on an untrusted jail seems
like a security weakness even without jailed-root controlled rc file
since they can try to do something fishy with symlinks which now resolve
to stuff on the host.
The following should be safe enough:
- have a dedicated RO jail
- mount to-be-updated jail under /mnt/jail or whatever
- mount sources/whatever RO under /usr/src or whatever
- run update process from inside dedicated RO jail
--
Mateusz Guzik <mjguzik gmail.com>
From owner-freebsd-jail@FreeBSD.ORG Sun Jul 13 03:24:38 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 1CEAD1CA
for <freebsd-jail@FreeBSD.org>; Sun, 13 Jul 2014 03:24:38 +0000 (UTC)
Received: from wonkity.com (wonkity.com [67.158.26.137])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "wonkity.com", Issuer "wonkity.com" (not verified))
by mx1.freebsd.org (Postfix) with ESMTPS id C33332DC6
for <freebsd-jail@FreeBSD.org>; Sun, 13 Jul 2014 03:24:37 +0000 (UTC)
Received: from wonkity.com (localhost [127.0.0.1])
by wonkity.com (8.14.9/8.14.9) with ESMTP id s6D3OZQR029164
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
Sat, 12 Jul 2014 21:24:35 -0600 (MDT)
(envelope-from wblock@wonkity.com)
Received: from localhost (wblock@localhost)
by wonkity.com (8.14.9/8.14.9/Submit) with ESMTP id s6D3OZw9029161;
Sat, 12 Jul 2014 21:24:35 -0600 (MDT)
(envelope-from wblock@wonkity.com)
Date: Sat, 12 Jul 2014 21:24:35 -0600 (MDT)
From: Warren Block <wblock@wonkity.com>
To: Mateusz Guzik <mjguzik@gmail.com>
Subject: Re: mergemaster and better support for ezjails
In-Reply-To: <20140713025504.GB16884@dft-labs.eu>
Message-ID: <alpine.BSF.2.11.1407122056420.50320@wonkity.com>
References: <alpine.BSF.2.11.1407121753240.50320@wonkity.com>
<20140713025504.GB16884@dft-labs.eu>
User-Agent: Alpine 2.11 (BSF 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3
(wonkity.com [127.0.0.1]); Sat, 12 Jul 2014 21:24:35 -0600 (MDT)
Cc: freebsd-jail@FreeBSD.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Jul 2014 03:24:38 -0000
On Sun, 13 Jul 2014, Mateusz Guzik wrote:
> On Sat, Jul 12, 2014 at 08:08:52PM -0600, Warren Block wrote:
>> A couple of patches to make mergemaster work better with ezjails.
>>
>> These are only very superficially tested. Feedback welcome.
>>
>> 1. If /etc/mergemaster.rc exists in the jail, it is sourced. This
>> allows IGNORE_FILES to be set in the jail. And other settings, but
>> that's the one I wanted.
>>
>
> How exactly does it work?
>
> Is jailed root allowed to create /etc/mergemaster.rc?
Yes. Or at least I don't know of anything preventing that.
> If so, that would be a jail escape vector - an attacker puts commands they
> want to execute inside and mergemaster sourcing the file will trigger
> executing them.
Ouch. Seems obvious now that you mention it. Probably mergemaster.rc
should have a defined format rather than being sourced anyway.
Another way to implement ignored files would be to extend the
definitions in (the host's) /etc/mergemaster.rc to include ignored files
by jail name or full path.
Full paths do not work presently because IGNORE_FILES just deletes the
temporary file so it is not compared.
> In fact running mergemaster from "outside" on an untrusted jail seems
> like a security weakness even without jailed-root controlled rc file
> since they can try to do something fishy with symlinks which now resolve
> to stuff on the host.
>
> The following should be safe enough:
> - have a dedicated RO jail
> - mount to-be-updated jail under /mnt/jail or whatever
> - mount sources/whatever RO under /usr/src or whatever
> - run update process from inside dedicated RO jail
Thank you!
From owner-freebsd-jail@FreeBSD.ORG Sun Jul 13 05:37:48 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id AAD24833
for <freebsd-jail@freebsd.org>; Sun, 13 Jul 2014 05:37:48 +0000 (UTC)
Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id E0D7425D8
for <freebsd-jail@freebsd.org>; Sun, 13 Jul 2014 05:37:46 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id s6D5bfRT059556;
Sun, 13 Jul 2014 15:37:41 +1000 (EST)
(envelope-from smithi@nimnet.asn.au)
Date: Sun, 13 Jul 2014 15:37:41 +1000 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: Warren Block <wblock@wonkity.com>
Subject: Re: mergemaster and better support for ezjails
In-Reply-To: <alpine.BSF.2.11.1407121753240.50320@wonkity.com>
Message-ID: <20140713152442.K50382@sola.nimnet.asn.au>
References: <alpine.BSF.2.11.1407121753240.50320@wonkity.com>
MIME-Version: 1.0
Content-Type: MULTIPART/Mixed;
BOUNDARY="3512871622-143809998-1405217332=:50320"
Content-ID: <20140713152442.U50382@sola.nimnet.asn.au>
Cc: freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Jul 2014 05:37:48 -0000
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
--3512871622-143809998-1405217332=:50320
Content-Type: TEXT/PLAIN; FORMAT=flowed; CHARSET=US-ASCII
Content-ID: <20140713152442.M50382@sola.nimnet.asn.au>
On Sat, 12 Jul 2014 20:08:52 -0600, Warren Block wrote:
> A couple of patches to make mergemaster work better with ezjails.
>
> These are only very superficially tested. Feedback welcome.
>
> 1. If /etc/mergemaster.rc exists in the jail, it is sourced. This
> allows IGNORE_FILES to be set in the jail. And other settings, but
> that's the one I wanted.
# Read /etc/mergemaster.rc first so the one in $HOME can override
#
if [ -r /etc/mergemaster.rc ]; then
- . /etc/mergemaster.rc
+ . "${DESTDIR}/etc/mergemaster.rc"
fi
# Read .mergemasterrc before command line so CLI can override
#
if [ -r "$HOME/.mergemasterrc" ]; then
- . "$HOME/.mergemasterrc"
+ . "${DESTDIR}/$HOME/.mergemasterrc"
fi
Maybe a dumb question, but ..
In both cases, don't we need to test the readability of those files with
${DESTDIR} prepended, rather than the originals, before sourcing them?
Or can we here safely assume that they will exist? Or doesn't it matter?
cheers, Ian
--3512871622-143809998-1405217332=:50320
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII; NAME=mergemaster-ezjail.diff
Content-Transfer-Encoding: BASE64
Content-ID: <alpine.BSF.2.11.1407122008520.50320@wonkity.com>
Content-Description:
Content-Disposition: ATTACHMENT; FILENAME=mergemaster-ezjail.diff
LS0tIC91c3Ivc3JjL3Vzci5zYmluL21lcmdlbWFzdGVyL21lcmdlbWFzdGVy
LnNoCTIwMTQtMDYtMDMgMDY6MTY6MDYuMDAwMDAwMDAwIC0wNjAwDQorKysg
L3Vzci9zYmluL21lcmdlbWFzdGVyCTIwMTQtMDctMTIgMTk6NDA6MjIuMDAw
MDAwMDAwIC0wNjAwDQpAQCAtMjUxLDE2ICsyNTEsMjkgQEANCiAjDQogVEVN
UFJPT1Q9Jy92YXIvdG1wL3RlbXByb290Jw0KIA0KKyMgT3B0aW9ucyBzdHJp
bmcgZm9yIGdldG9wdHMNCitPUFRfU1RSPSI6YXNjcnZoaXBDUG06dDpkdTp3
OkE6RDpGVSINCisNCisjIGlmIC1EIERFU1RESVIgaXMgc2V0LCBwcm9jZXNz
IGl0IGZpcnN0DQorREVTVERJUj0iIg0KK3doaWxlIGdldG9wdHMgIiR7T1BU
X1NUUn0iIENPTU1BTkRfTElORV9BUkdVTUVOVCA7IGRvDQorICBjYXNlICIk
e0NPTU1BTkRfTElORV9BUkdVTUVOVH0iIGluDQorICBEKQ0KKyAgICBERVNU
RElSPSR7T1BUQVJHfQ0KKyAgICA7Ow0KKyAgZXNhYw0KK2RvbmUNCisNCiAj
IFJlYWQgL2V0Yy9tZXJnZW1hc3Rlci5yYyBmaXJzdCBzbyB0aGUgb25lIGlu
ICRIT01FIGNhbiBvdmVycmlkZQ0KICMNCiBpZiBbIC1yIC9ldGMvbWVyZ2Vt
YXN0ZXIucmMgXTsgdGhlbg0KLSAgLiAvZXRjL21lcmdlbWFzdGVyLnJjDQor
ICAuICIke0RFU1RESVJ9L2V0Yy9tZXJnZW1hc3Rlci5yYyINCiBmaQ0KIA0K
ICMgUmVhZCAubWVyZ2VtYXN0ZXJyYyBiZWZvcmUgY29tbWFuZCBsaW5lIHNv
IENMSSBjYW4gb3ZlcnJpZGUNCiAjDQogaWYgWyAtciAiJEhPTUUvLm1lcmdl
bWFzdGVycmMiIF07IHRoZW4NCi0gIC4gIiRIT01FLy5tZXJnZW1hc3RlcnJj
Ig0KKyAgLiAiJHtERVNURElSfS8kSE9NRS8ubWVyZ2VtYXN0ZXJyYyINCiBm
aQ0KIA0KIGZvciB2YXIgaW4gIiRAIiA7IGRvDQpAQCAtMjc5LDcgKzI5Miw4
IEBADQogDQogIyBDaGVjayB0aGUgY29tbWFuZCBsaW5lIG9wdGlvbnMNCiAj
DQotd2hpbGUgZ2V0b3B0cyAiOmFzY3J2aGlwQ1BtOnQ6ZHU6dzpEOkE6RlUi
IENPTU1BTkRfTElORV9BUkdVTUVOVCA7IGRvDQorT1BUSU5EPTENCit3aGls
ZSBnZXRvcHRzICIke09QVF9TVFJ9IiBDT01NQU5EX0xJTkVfQVJHVU1FTlQg
OyBkbw0KICAgY2FzZSAiJHtDT01NQU5EX0xJTkVfQVJHVU1FTlR9IiBpbg0K
ICAgQSkNCiAgICAgQVJDSFNUUklORz0nVEFSR0VUX0FSQ0g9JyR7T1BUQVJH
fQ0KQEAgLTM0NCw3ICszNTgsNyBAQA0KICAgICBTQ1JFRU5fV0lEVEg9JHtP
UFRBUkd9DQogICAgIDs7DQogICBEKQ0KLSAgICBERVNURElSPSR7T1BUQVJH
fQ0KKyAgICAjIGhhcyBhbHJlYWR5IGJlZW4gcHJvY2Vzc2VkDQogICAgIDs7
DQogICAqKQ0KICAgICBkaXNwbGF5X3VzYWdlDQpAQCAtMTMzNSwxMCArMTM0
OSwyMCBAQA0KIA0KIGlmIFsgLWUgIiR7REVTVERJUn0vZXRjL2xvY2FsdGlt
ZSIgLWEgISAtTCAiJHtERVNURElSfS9ldGMvbG9jYWx0aW1lIiAtYSAteiAi
JHtQUkVfV09STER9IiBdOyB0aGVuCSMgSWdub3JlIGlmIFRaID09IFVUQw0K
ICAgZWNobyAnJw0KLSAgWyAtbiAiJHtERVNURElSfSIgXSAmJiB0enNfYXJn
cz0iLUMgJHtERVNURElSfSINCi0gIGlmIFsgLWYgIiR7REVTVERJUn0vdmFy
L2RiL3pvbmVpbmZvIiBdOyB0aGVuDQotICAgIGVjaG8gIioqKiBSZWluc3Rh
bGxpbmcgYGNhdCAke0RFU1RESVJ9L3Zhci9kYi96b25laW5mb2AgYXMgJHtE
RVNURElSfS9ldGMvbG9jYWx0aW1lIg0KLSAgICB0enNldHVwICR0enNfYXJn
cyAtcg0KKyAgaWYgWyAtbiAiJHtERVNURElSfSIgXTsgdGhlbg0KKyAgICBT
SEFSRT0iJHtERVNURElSfS91c3Ivc2hhcmUiDQorICAgIFpPTkVfSU5GTz0i
JHtTSEFSRX0vem9uZWluZm8iDQorICAgIGlmIFsgLUwgIiR7U0hBUkV9IiAt
YSAhIC1lICIke1pPTkVfSU5GT30iIF07IHRoZW4NCisgICAgICAjIC91c3Iv
c2hhcmUgaXMgYSBsaW5rLCAvdXNyL3NoYXJlL3pvbmVpbmZvIGRvZXMgbm90
IGV4aXN0LCB0aGlzIGlzIGFuIGV6amFpbA0KKyAgICAgIHR6c19hcmdzPSIt
ciBcIiR7REVTVERJUn1cIiINCisgICAgZWxzZQ0KKyAgICAgICMgdGhpcyBp
cyBhIGZ1bGwgamFpbA0KKyAgICAgIHR6c19hcmdzPSItciAtQyBcIiR7REVT
VERJUn1cIiINCisgICAgZmkNCisgICAgaWYgWyAtZiAiJHtERVNURElSfS92
YXIvZGIvem9uZWluZm8iIF07IHRoZW4NCisgICAgICBlY2hvICIqKiogUmVp
bnN0YWxsaW5nIGBjYXQgJHtERVNURElSfS92YXIvZGIvem9uZWluZm9gIGFz
ICR7REVTVERJUn0vZXRjL2xvY2FsdGltZSINCisgICAgICB0enNldHVwICR0
enNfYXJncw0KKyAgICBmaQ0KICAgZWxzZQ0KICAgICBlY2hvICIqKiogVGhl
cmUgaXMgbm8gJHtERVNURElSfS92YXIvZGIvem9uZWluZm8gZmlsZSB0byB1
cGRhdGUgJHtERVNURElSfS9ldGMvbG9jYWx0aW1lLiINCiAgICAgZWNobyAn
ICAgIFlvdSBzaG91bGQgcnVuIHR6c2V0dXAnDQo=
--3512871622-143809998-1405217332=:50320--
From owner-freebsd-jail@FreeBSD.ORG Sun Jul 13 06:26:25 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id D31B3DC9
for <freebsd-jail@freebsd.org>; Sun, 13 Jul 2014 06:26:25 +0000 (UTC)
Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 3C07E28C7
for <freebsd-jail@freebsd.org>; Sun, 13 Jul 2014 06:26:24 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id s6D6QFMP061296;
Sun, 13 Jul 2014 16:26:15 +1000 (EST)
(envelope-from smithi@nimnet.asn.au)
Date: Sun, 13 Jul 2014 16:26:15 +1000 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: Peter Toth <peter.toth198@gmail.com>
Subject: Re: securelevel in VNET jails using ipfw(8)
In-Reply-To: <CAEUAJxt8qMpvcLCSjSHUU-jMAHVRQvzjh1C++tF5tgB_0LYeHw@mail.gmail.com>
Message-ID: <20140713161302.M50382@sola.nimnet.asn.au>
References: <20140713014641.J50382@sola.nimnet.asn.au>
<CAEUAJxt8qMpvcLCSjSHUU-jMAHVRQvzjh1C++tF5tgB_0LYeHw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Cc: freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Jul 2014 06:26:25 -0000
On Sun, 13 Jul 2014 07:42:42 +1200, Peter Toth wrote:
> Hi Ian,
>
> This is for the jail's securelevel option. If you set it to the highest
> number 3 it will fail to load IPFW rules in a jail during startup.
>
> Snip from "man securelevel":
> Network secure mode - same as highly secure mode, plus IP packet
> filter rules (see ipfw(8), ipfirewall(4) and pfctl(8)) cannot be
> changed and dummynet(4) or pf(4) configuration cannot be adjusted.
>
> Cheers,
> Peter
I understood why 3 wouldn't work. What I hadn't realised was that you
were defaulting iocage jails to securelevel 3, which just shows that I
hadn't read the manual :)
ezjail has tests for securelevel > 0 re installing or updating, but I
assumed that to refer to the host's securelevel.
Thanks, Ian
> On Sun, Jul 13, 2014 at 4:08 AM, Ian Smith <smithi@nimnet.asn.au> wrote:
>
> > Hi Peter,
> >
> > from your FAQ at http://iocage.readthedocs.org/en/latest/faq.html
> >
> > "If you plan on using IPFW inside a jail make sure securelevel is set to 2"
> >
> > Unless this is also a FAQ you can point me to, can you explain why this
> > is needed? Reading security(7) leaves me unclear on how securelevels
> > apply in a jail, or what it may be about ipfw(8) particularly that could
> > compromise jail (or host?) security, that other services could not?
> >
> > cheers, Ian
From owner-freebsd-jail@FreeBSD.ORG Sun Jul 13 09:45:45 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id A75B6373
for <freebsd-jail@freebsd.org>; Sun, 13 Jul 2014 09:45:45 +0000 (UTC)
Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id E2437264C
for <freebsd-jail@freebsd.org>; Sun, 13 Jul 2014 09:45:44 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id s6D9jUKi067830;
Sun, 13 Jul 2014 19:45:32 +1000 (EST)
(envelope-from smithi@nimnet.asn.au)
Date: Sun, 13 Jul 2014 19:45:30 +1000 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: Peter Ross <Peter.Ross@alumni.tu-berlin.de>
Subject: Re: vnet jail and ipfw/nat on host - keep-state problem?
In-Reply-To: <alpine.DEB.2.02.1407091622060.32174@PetersBigBox>
Message-ID: <20140713185006.S50382@sola.nimnet.asn.au>
References: <alpine.DEB.2.02.1407091517130.32174@PetersBigBox>
<alpine.DEB.2.02.1407091622060.32174@PetersBigBox>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Cc: freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Jul 2014 09:45:45 -0000
Hi Peter, going back to your second message ..
On Wed, 9 Jul 2014 16:24:27 +1000, Peter Ross wrote:
> P.S. I also have the following rules near the top:
>
> 01000 check-state
> 01100 allow tcp from any to any established
For one thing, if you are running named as an authoritative nameserver
in the jail, you'll also need to forward tcp port 53 traffic as well, as
that's what's needed for zone updates to/from secondary NS. So you may
need to separate tcp port 53 traffic from other host traffic too.
And often, if setting state for your tcp rules as well, you rather want
to _deny_ established traffic, but it does depend on your mix of rules.
> 01200 allow ip from any to any frag
Indeed.
> Peter
>
> On Wed, 9 Jul 2014, Peter Ross wrote:
>
> > Hi all,
> >
> > I am setting up a host with vnet jails without a public IP.
> >
> > E.g. a vnet jail with a DNS server (bind) running inside.
> >
> > The setup:
> >
> > Internet->age0(host interface with natd and external IP)
> > ->bridge10(10.0.10.254)->epair1a
> > ->epair1b(10.0.10.1 in bind vnet jail)
> >
> > Inside the jail I have a simple open ipfw firewall
> > (ipfw allow ip4 from any to any)
> >
> > Here the rules relevant to let UDP port 53 connect from the outside world
> > (with natd redirecting "redirect_port udp 10.0.10.1:53 external.ip:53")
> >
> > 00100 divert 8668 ip4 from any to any via age0
> > 03100 allow udp from any to 10.0.10.1 dst-port 53 keep-state
> > 03200 allow udp from any to me dst-port 53 keep-state
> >
> > This does not allow DNS requests from the outside, they only get returned
> > by adding
> >
> > 03300 allow udp from me 53 to any
It's not quite clear which addresses are where; could you show ifconfig
for the host interfaces, including bridge and epair, obscuring public
IP/s as necessary? 'me' on the host refers to any address configured on
any of the host's interfaces, so might be a bit broad; more explicit
rule/s might reveal this problem better?
Personally I don't use stateful rules for DNS at all, and I'm pretty
careful if ever I use 'in keep-state' at all. Hmm, maybe rule 3100
should be qualified with 'in', or you may be inflicting a double-state
situation? Use 'ipfw -ted show' to examine dynamic rules incl. expired.
> > I am pretty confident that the rules above work with "real interfaces". I
> > have similar routers with ipfw/natd, there things are even more limited by
> > interface rules (recv/xmit).
> >
> > Does this mean, "keep-state" are not working properly in the mentioned vnet
> > setup?
Not sure, but if it were me I'd add 'log' to all relevant rules and make
sure net.inet.ip.fw.verbose_limit is set to something sensible, like the
default of 100, in order to actually outline your flows. It might be
helpful to temporarily log packets to and from the jail also, assuming
that logging to jail's /etc/security is working properly these days?
(verbose_limit reminds me of another of Joe B's silly recommendations in
the IPFW Handbook section that I promised Warren I'd help clean up ..)
cheers, Ian
From owner-freebsd-jail@FreeBSD.ORG Sun Jul 13 16:17:04 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 842ABEC4
for <freebsd-jail@freebsd.org>; Sun, 13 Jul 2014 16:17:04 +0000 (UTC)
Received: from wonkity.com (wonkity.com [67.158.26.137])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "wonkity.com", Issuer "wonkity.com" (not verified))
by mx1.freebsd.org (Postfix) with ESMTPS id 31611234D
for <freebsd-jail@freebsd.org>; Sun, 13 Jul 2014 16:17:04 +0000 (UTC)
Received: from wonkity.com (localhost [127.0.0.1])
by wonkity.com (8.14.9/8.14.9) with ESMTP id s6DGGxfo010229
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
Sun, 13 Jul 2014 10:16:59 -0600 (MDT)
(envelope-from wblock@wonkity.com)
Received: from localhost (wblock@localhost)
by wonkity.com (8.14.9/8.14.9/Submit) with ESMTP id s6DGGwn0010222;
Sun, 13 Jul 2014 10:16:59 -0600 (MDT)
(envelope-from wblock@wonkity.com)
Date: Sun, 13 Jul 2014 10:16:58 -0600 (MDT)
From: Warren Block <wblock@wonkity.com>
To: Ian Smith <smithi@nimnet.asn.au>
Subject: Re: mergemaster and better support for ezjails
In-Reply-To: <20140713152442.K50382@sola.nimnet.asn.au>
Message-ID: <alpine.BSF.2.11.1407131011100.8810@wonkity.com>
References: <alpine.BSF.2.11.1407121753240.50320@wonkity.com>
<20140713152442.K50382@sola.nimnet.asn.au>
User-Agent: Alpine 2.11 (BSF 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3
(wonkity.com [127.0.0.1]); Sun, 13 Jul 2014 10:16:59 -0600 (MDT)
Cc: freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Jul 2014 16:17:04 -0000
On Sun, 13 Jul 2014, Ian Smith wrote:
> On Sat, 12 Jul 2014 20:08:52 -0600, Warren Block wrote:
>> A couple of patches to make mergemaster work better with ezjails.
>> > These are only very superficially tested. Feedback welcome.
>> > 1. If /etc/mergemaster.rc exists in the jail, it is sourced. This
>> allows IGNORE_FILES to be set in the jail. And other settings, but
>> that's the one I wanted.
>
> # Read /etc/mergemaster.rc first so the one in $HOME can override
> #
> if [ -r /etc/mergemaster.rc ]; then
> - . /etc/mergemaster.rc
> + . "${DESTDIR}/etc/mergemaster.rc"
> fi
>
> # Read .mergemasterrc before command line so CLI can override
> #
> if [ -r "$HOME/.mergemasterrc" ]; then
> - . "$HOME/.mergemasterrc"
> + . "${DESTDIR}/$HOME/.mergemasterrc"
> fi
>
> Maybe a dumb question, but ..
>
> In both cases, don't we need to test the readability of those files with
> ${DESTDIR} prepended, rather than the originals, before sourcing them? Or
> can we here safely assume that they will exist? Or doesn't it matter?
Yes, you are right, but it doesn't matter because as Mateusz Guzik
points out, it's not safe to source those files from a jail.
From owner-freebsd-jail@FreeBSD.ORG Sun Jul 13 16:27:44 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 7EB2636E
for <freebsd-jail@freebsd.org>; Sun, 13 Jul 2014 16:27:44 +0000 (UTC)
Received: from mail-wi0-x22e.google.com (mail-wi0-x22e.google.com
[IPv6:2a00:1450:400c:c05::22e])
(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
(Client CN "smtp.gmail.com",
Issuer "Google Internet Authority G2" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 1820C2409
for <freebsd-jail@freebsd.org>; Sun, 13 Jul 2014 16:27:43 +0000 (UTC)
Received: by mail-wi0-f174.google.com with SMTP id d1so1440762wiv.1
for <freebsd-jail@freebsd.org>; Sun, 13 Jul 2014 09:27:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=from:to:cc:subject:date:message-id:mime-version:content-type
:content-transfer-encoding:thread-index:content-language;
bh=6fPQxWSDY1up1w6aHWRYQmKV15C8I7mtOF/t+GCfPWY=;
b=KDhuYyqJa2x7AxOUvEUN4wwwsV7fItXUVx/fs8ZNsV1Ds7Nvpxm/FW+F27mtTJZ7oY
st31yFbo223fxXFu55lNy3SVdkwfwxwXCgWlDyAnYGe8N6u0kocfiNBSXaCTMmGm7xFi
gr9eebDQ3/aPGwJuxE4Q1JaYLMadQQccyaQRdageTd2gBQg+E0S6oURXLwQO5XDSiaO+
wMdKnXPD5Vy8DNSl44SaHbWYDqN3PLrV3tbDtxKqPmLywB5Q8Mp/3JplSMrY0rJt4/ur
du80e+9OdQ2fuy201ZSRJRYGYAbFNTTfW6T0JW3rBxCx19c8Zt4o+Tw1WVJ4JIFebLB+
/3IA==
X-Received: by 10.180.39.33 with SMTP id m1mr18936649wik.82.1405268862295;
Sun, 13 Jul 2014 09:27:42 -0700 (PDT)
Received: from botmachine (muszelka.nat.student.pw.edu.pl. [194.29.137.5])
by mx.google.com with ESMTPSA id cz4sm20433419wib.23.2014.07.13.09.27.40
for <multiple recipients>
(version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
Sun, 13 Jul 2014 09:27:41 -0700 (PDT)
From: "Marcin Michta" <marcin.michta@gmail.com>
To: "'Fbsd8'" <fbsd8@a1poweruser.com>,
"'wishmaster'" <artemrts@ukr.net>
Subject: Re: Re: Jail vnet features
Date: Sun, 13 Jul 2014 18:30:04 +0200
Message-ID: <001801cf9eb7$b4eeb3e0$1ecc1ba0$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: Ac+et40IFCA8Z/yPR46XsOfWoxPFqg==
Content-Language: pl
Cc: freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Jul 2014 16:27:44 -0000
>
>wishmaster wrote:
>>=20
>> =20
>> --- Original message ---
>> From: "Fbsd8" <fbsd8@a1poweruser.com>
>> Date: 11 July 2014, 16:49:08
>> =20
>>=20
>>=20
>>> Marcin Michta wrote:
>>>> Hello,
>>>>
>>>>
>>>>
>>>> I want to ask what are advantages and disadvantages using VNET?
>>>>
>>>> I know that it allows each jail to have a private networking stack, =
>>>> but what else?
>>>>
>>>>
>>>>
>>>> Regards
>>>>
>>>> Marthin
>>>>
>>> Its experimental, it has many bugs posted in PR system, loses memory =
>>> every time a vnet jail is stopped, firewalls in vnet jail don't =
work,=20
>>> other that these show stoppers, use at your own risk.
>>=20
>> Hey, man. Stop panic!
>>=20
>> Firewall works very well. Memory leak on shutdown it is not very big =
problem.
>> Main advantage for me is: I am able to filtering and prioritization =
traffic coming thought base system. My vnete'ed jails is like a regular =
LAN clients and they share INET pipe with appropriate weight. I use =
ipfw.
>>=20
>
>
>Oh ya, host panic on boot is another common happing with vimage and =
firewall ipf and pf trying to run inside of a vnet jail and on the host =
at the same time.
>
>Many people DO consider any kind of memory leak in kernel software such =
as vimage is a really big show stopper for not using it in a production =
system.
>
>If you read a little bit closer the previous post you will see it's =
talking about firewall running inside of a vnet/vimage jail. It doesn't
> say anything about running a host firewall directing traffic to a ip =
number assigned to a vnet jail.
>
>Here is a list of some of the vnet outstanding PR's
>
>143808, 147950, 148155, 152148, 160496, 160541, 161094, 164763, 165252, =
176112, 176929, 178480, 178482, 179264, 182350, 185092, 188010, 191468
>
>vnet/vimage is experimental and should never be used in a production =
system and be exposed to the public network. It is not a secure software =
configuration. Sure you can disregard all warnings and common sense and =
risk >your host system, thats your choice.
I didn't know about these problems
I'll check these PR
Thanks for help for you all :)
Regards
Marthin
From owner-freebsd-jail@FreeBSD.ORG Sun Jul 13 23:02:38 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 3CFB9EA1
for <freebsd-jail@freebsd.org>; Sun, 13 Jul 2014 23:02:38 +0000 (UTC)
Received: from mail-ig0-x22a.google.com (mail-ig0-x22a.google.com
[IPv6:2607:f8b0:4001:c05::22a])
(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
(Client CN "smtp.gmail.com",
Issuer "Google Internet Authority G2" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 0B9722143
for <freebsd-jail@freebsd.org>; Sun, 13 Jul 2014 23:02:37 +0000 (UTC)
Received: by mail-ig0-f170.google.com with SMTP id h3so1138951igd.3
for <freebsd-jail@freebsd.org>; Sun, 13 Jul 2014 16:02:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:cc:content-type;
bh=38CwAGJvb91yaRAzzrXhSmUfhfyXzQbA3LAl2YlWgO8=;
b=EkexH+YYAsHsh7i7WkpTDDgcf4DyIPuDNmCh8pxcxtOiQYVHMynAeT0+0yutKPOpf3
xvBI1qWH5QWboaXKSmuATs9UL3qw3wN9TN+fvXQgNiSl2CVSoqKT92MFoVRHF/GB1C/X
XueUoR93QwIfbgHf888F4s9ny6uh/ktfm9UiVgQhoJGGTEtxUpbY+Xq2y9dJ27pkY1T3
dHtehVMnpSD/1DJ3IqWbYqBqkq/HnmMKmp8jxw5hmFbrF0Tkf5Qs721TQuCmOm4mG9O8
nhjzwwx5gpYXqRhhmK3+gl6T/9dbgi7WPLb/OHcyP7hUzpEJLHqK56OtsVyXzGM2nPRd
pQaQ==
MIME-Version: 1.0
X-Received: by 10.50.112.136 with SMTP id iq8mr20373603igb.38.1405292556039;
Sun, 13 Jul 2014 16:02:36 -0700 (PDT)
Received: by 10.43.59.6 with HTTP; Sun, 13 Jul 2014 16:02:35 -0700 (PDT)
In-Reply-To: <001801cf9eb7$b4eeb3e0$1ecc1ba0$@gmail.com>
References: <001801cf9eb7$b4eeb3e0$1ecc1ba0$@gmail.com>
Date: Mon, 14 Jul 2014 11:02:35 +1200
Message-ID: <CAEUAJxvTZyhXo8gDW-ju+PtDA72Ky-3JQZPh_7mOoF-d6hGv4g@mail.gmail.com>
Subject: Re: Re: Jail vnet features
From: Peter Toth <peter.toth198@gmail.com>
To: Marcin Michta <marcin.michta@gmail.com>
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.18
Cc: freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Jul 2014 23:02:38 -0000
On Mon, Jul 14, 2014 at 4:30 AM, Marcin Michta <marcin.michta@gmail.com>
wrote:
> >
> >wishmaster wrote:
> >>
> >>
> >> --- Original message ---
> >> From: "Fbsd8" <fbsd8@a1poweruser.com>
> >> Date: 11 July 2014, 16:49:08
> >>
> >>
> >>
> >>> Marcin Michta wrote:
> >>>> Hello,
> >>>>
> >>>>
> >>>>
> >>>> I want to ask what are advantages and disadvantages using VNET?
> >>>>
> >>>> I know that it allows each jail to have a private networking stack,
> >>>> but what else?
> >>>>
> >>>>
> >>>>
> >>>> Regards
> >>>>
> >>>> Marthin
> >>>>
> >>> Its experimental, it has many bugs posted in PR system, loses memory
> >>> every time a vnet jail is stopped, firewalls in vnet jail don't work,
> >>> other that these show stoppers, use at your own risk.
> >>
> >> Hey, man. Stop panic!
> >>
> >> Firewall works very well. Memory leak on shutdown it is not very big
> problem.
> >> Main advantage for me is: I am able to filtering and prioritization
> traffic coming thought base system. My vnete'ed jails is like a regular LAN
> clients and they share INET pipe with appropriate weight. I use ipfw.
> >>
> >
> >
> >Oh ya, host panic on boot is another common happing with vimage and
> firewall ipf and pf trying to run inside of a vnet jail and on the host at
> the same time.
> >
> >Many people DO consider any kind of memory leak in kernel software such
> as vimage is a really big show stopper for not using it in a production
> system.
> >
> >If you read a little bit closer the previous post you will see it's
> talking about firewall running inside of a vnet/vimage jail. It doesn't
> > say anything about running a host firewall directing traffic to a ip
> number assigned to a vnet jail.
> >
> >Here is a list of some of the vnet outstanding PR's
> >
> >143808, 147950, 148155, 152148, 160496, 160541, 161094, 164763, 165252,
> 176112, 176929, 178480, 178482, 179264, 182350, 185092, 188010, 191468
> >
> >vnet/vimage is experimental and should never be used in a production
> system and be exposed to the public network. It is not a secure software
> configuration. Sure you can disregard all warnings and common sense and
> risk >your host system, thats your choice.
>
> I didn't know about these problems
> I'll check these PR
> Thanks for help for you all :)
>
> Regards
> Marthin
>
> _______________________________________________
> freebsd-jail@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"
>
The majority of those PR's were raised for 8.x and 9.x and on top of that
not even for production releases but RC, BETA and PRERELEASE. Some of those
were resolved already and some are completely irrelevant.
The vast majority refers to PF inside a jail, which is a known issue anyway
(just avoid it). You can run IPFW inside a jail however and PF on the host
itself all at the same time given that you use 10-RELEASE (preferably
amd64).
If you want to test drive VNET here are a few hints to avoid problems:
1. Don't try to enable PF inside the jail
2. Only add a wired and epair interfaces into a bridge - avoid wireless
(might trigger a crash)
3. Don't use ALTQ - as far as I know ALTQ is not supported with VNET anyway
yet
4. Use the GENERIC kernel configuration and just add options "VIMAGE"
And just for amusement, two of those completely irrelevant PR's, not even
VNET related listed previously:
188010 - https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=188010 (ACPI and
BTW: Status: Issue Resolved FIXED)
176929 - https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=176929
(gnome-speech and Issue Resolved FIXED)
Not going to dissect the other remaining PR's - as I mentioned above mostly
outdated except the ones related to PF inside a jail and a memory leak
which is not a showstopper and can be avoided.
Also on another note, I constantly bump into alarmist and misinformation
emails related to VNET by a certain individual.
Telling folks off and actively deterring them from even trying to test
drive VNET jails.
This is not doing any favor to the community - VNET is one of the exciting
features (like Crossbow in Illumos) people want to see mature.
Actively deterring these efforts is definitely not going to help and has a
very negative impact!
As for the advantages, a VNET enabled jail will provide much better
isolation (own network stack) and control than a shared IP based jail setup
where the local traffic might be exposed across jails. Also VNET allows per
jail IPFW firewall rules independent from the host's IPFW. With VNET you
can build and simulate complex network setups I believe this was one of the
main drives to create VIMAGE/VNET.
Peter
From owner-freebsd-jail@FreeBSD.ORG Tue Jul 15 09:06:53 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id ED863490
for <freebsd-jail@FreeBSD.org>; Tue, 15 Jul 2014 09:06:53 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id D25152E8D
for <freebsd-jail@FreeBSD.org>; Tue, 15 Jul 2014 09:06:53 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s6F96rrI081337
for <freebsd-jail@FreeBSD.org>; Tue, 15 Jul 2014 09:06:53 GMT
(envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 191279] [qjail] jail allow.sysvipc & devfs.ruleset - doesn't
work from rc.d script
Date: Tue, 15 Jul 2014 09:06:54 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 9.2-RELEASE
X-Bugzilla-Keywords:
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: dreamcat4@gmail.com
X-Bugzilla-Status: Issue Resolved
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: bug_status resolution short_desc
Message-ID: <bug-191279-9824-OVifj056tX@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-191279-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-191279-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jul 2014 09:06:54 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191279
dreamcat4@gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|Needs Triage |Issue Resolved
Resolution|--- |FIXED
Summary|[jail] jail allow.sysvipc - |[qjail] jail allow.sysvipc
|doesn't work until jail is |& devfs.ruleset - doesn't
|started TWICE after reboot |work from rc.d script
--- Comment #14 from dreamcat4@gmail.com ---
Joe has fixed in qjail 3.5. It's been committed.
--
You are receiving this mail because:
You are the assignee for the bug.