From owner-freebsd-jail@freebsd.org Sun Dec 13 04:45:10 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 88D3EA147F0 for ; Sun, 13 Dec 2015 04:45:10 +0000 (UTC) (envelope-from marcel.plouf@gmail.com) Received: from mail-wm0-x231.google.com (mail-wm0-x231.google.com [IPv6:2a00:1450:400c:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 24E1B19F8 for ; Sun, 13 Dec 2015 04:45:10 +0000 (UTC) (envelope-from marcel.plouf@gmail.com) Received: by mail-wm0-x231.google.com with SMTP id p66so4377226wmp.0 for ; Sat, 12 Dec 2015 20:45:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-type:content-transfer-encoding; bh=RirTymvJyg4EtsH4JwRXXxNyXCyOmIMzJlXHOhp0kq4=; b=b6ioiUVK8Wmcb8JOOF2ykjiVyi0mspA7RkCdKDvku8014j8bjJbj0veAgi8kYvEQQu EGPO86lrQxXEWH5csIRbNbI2yjoEhHOU1a99xPUBKp03kOAsRvI4uQBB7FydAVjaGrgT Ld/syhuQWlyvYg+s5A0vJ6gHF9Ip7eTY+9wPXNuKjD6UBeuTlG9Ky20b11kznRON5APK /aC5hh/+zDta+V6ajXfGnjKQB0XDJE+cA/LDg6FM3TVpYASKYBQ0uCn2DbDFC3lOrtg2 i2t43qbcs83lrj1uzZB+epb1UEWCa6WTab5S1auxWmRl8jRcNtgyoWnjp9TsxOQWZU5y x9aw== X-Received: by 10.28.182.11 with SMTP id g11mr17140763wmf.42.1449981908288; Sat, 12 Dec 2015 20:45:08 -0800 (PST) Received: from [192.168.1.244] (85-171-136-71.rev.numericable.fr. [85.171.136.71]) by smtp.gmail.com with ESMTPSA id 198sm10168799wmr.18.2015.12.12.20.45.07 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 12 Dec 2015 20:45:07 -0800 (PST) Subject: Re: Configuring network without ezjail To: "Michael B. Eichorn" , Dirk Engling , freebsd-jail@freebsd.org References: <566B67F7.1090404@gmail.com> <566B5CB6.8050009@erdgeist.org> <566B7D7E.2070507@gmail.com> <566B8183.3080306@gmail.com> <1449888253.23602.14.camel@michaeleichorn.com> <1449889151.23602.24.camel@michaeleichorn.com> From: marcel X-Enigmail-Draft-Status: N1110 Message-ID: <566D05DD.9080201@gmail.com> Date: Sun, 13 Dec 2015 05:45:01 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: <1449889151.23602.24.camel@michaeleichorn.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Dec 2015 04:45:10 -0000 On 12/12/2015 02:59, Michael B. Eichorn wrote: > On Fri, 2015-12-11 at 21:44 -0500, Michael B. Eichorn wrote: >> On Sat, 2015-12-12 at 02:08 +0000, marcel wrote: >>> ... and I think I have enabling gateway, I wrote thins in both of >>> my >>> rc.conf (jail and host): >>> >>> gateway_enable="YES" >>> >>> Is it correct ? >> You only need gateway_enable if you are doing routing, it is not >> necessary for a typical jail setup. Most of the time you are just >> adding an alias to the host's nic. OK so if I want to my jail can access to internet I have to do routing, right ? >>> But I don't think I have DNS problems, my host correctly access to >>> the >>> internet and the resolv.conf of my jail and my host are same... >>> >>> On 12/12/2015 01:50, marcel wrote: >>>> No I don't get to have an IP address... Yet I have writed this in >>>> my >>>> host's rc.conf: >>>> >>>> jail_enable="YES" >>>> jail_list="thename" >>>> jail_guantanamo_rootdir="thepath" >>>> jail_guantanamo_hostname="thename" >>>> jail_guantanamo_ip="192.168.0.12" >>>> >>>> and I use the command: >>>> >>>> jail thepath thename 192.168.0.12 /bin/csh >>>> >>>> to connect to my jail... >>>> >>>> On 11/12/2015 23:31, Dirk Engling wrote: >>>>> On 12.12.15 01:19, marcel wrote: >>>>> >>>>>> I would like to know if it is possible to configure a jail's >>>>>> network for >>>>>> accessing to the World Wide Web but without ezjail ? >>>>>> I have created my jail without ezjail (mkdir jail, make >>>>>> installworld, >>>>>> etc...) and I would like to continue without it if it's >>>>>> possible... >>>>> Sure, why doesn't it connect to the net? Does it have a RFC1918 >>>>> IP? If >>>>> so, you need to enable NAT. If not, did you enable gatewaying? >>>>> Maybe you >>>>> just have DNS problems, so is your resolv.conf set up properly? >>>>> >>>>> Without knowing what exactly is not working, I can not help >>>>> you. >>>>> >>>>> erdgeist >> I think you found some old instructions, assuming a 10.x system here >> is >> the boilerplate for a typical jail: >> >> rc.conf: >> >> jail_enable="YES" >> >> jail.conf: >> >> interface = re0; >> mount.devfs; >> exec.start = "/bin/sh /etc/rc"; >> exec.stop = "/bin/sh /etc/rc.shutdown"; >> >> thenameofthejail { >> host.hostname = host.domain.tld; >> path = /the/path/to/the/jail >> ip4.addr = 192.168.0.12; >> } >> >> and start it up with >> >> # jail -c thenameofthejail >> >> And another handy tip you can avoid building a jail with make by >> extacting the base.txz file found in places like the install media >> into >> the jail directory OK, so my jail.conf look like your jail.conf and when I type jls my jail have the IP 192.168.0.12 but when I type ifconfig in my jail I have no ip... > Oh and before I forget, the trickiest thing for me moving from ezjail > to jail was updating. Assuming your jails are complete base systems and > that you would like to use binary updates with freebsd-update, and you > have completely sparated jails without any funny tricks to save space, > here is Ike's simple jail update guide: > > edit the jail's freebsd-update.conf and change > > Components src world kernel > -to- > Components world > > then run freebsd-update like so: > > # freebsd-update -b /usr/jails/jaildir \ > -f usr/jails/jaildir/etc/freebsd-update.conf \ > -d /usr/jails/jaildir/var/db/freebsd-update fetch > # freebsd-update -b /usr/jails/jaildir \ > -f /usr/jails/jaildir/etc/freebsd-update.conf \ > -d /usr/jails/jaildir/var/db/freebsd-update install > > Using the -f flag keeps the jail from using the host config since jails > cannot update kernels anyway. And -d keeps jails and hosts from > trampling each other which is nice if you want to do more than one at a > time, or if you use freebsd-update cron. Thanks for tip ! From owner-freebsd-jail@freebsd.org Sun Dec 13 05:18:25 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6768EA42079 for ; Sun, 13 Dec 2015 05:18:25 +0000 (UTC) (envelope-from marcel.plouf@gmail.com) Received: from mail-wm0-x231.google.com (mail-wm0-x231.google.com [IPv6:2a00:1450:400c:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 021BD15E4; Sun, 13 Dec 2015 05:18:25 +0000 (UTC) (envelope-from marcel.plouf@gmail.com) Received: by wmpp66 with SMTP id p66so21497243wmp.1; Sat, 12 Dec 2015 21:18:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-type:content-transfer-encoding; bh=wmmvnsBvylTTK9fcNs3iB2EOKyYzexzBVbzQpC13YRQ=; b=Y3NCC/spkNzvT/ekfHIi/jJrlyOQSHNxuJvWDq73mBpEL9joXRdei+e2z2k8jVOotz sopVWqn92/+DWh+toL7bCExy3Z/Ls5aYSwwfDY70IOUwPxK+3W4QW8BYXGWiQKjAPSXP ACocdIM6JpceCIseoImWAbpwqoRverrkh8or4g0v77mTio0Dau+raS8zY4Sg1nTU7EkK pQpCxgEhPcTL/10kjZ13m3akev5zr12c3ioPuybXhD+Kn5CI1Pn4fpl2DdgNZhX8Jere w7FKFJ79UVUh4qzs6eSnRv4yxDZ+n9us5+tdiquDjE8bLdKZ8mnjKeeUQhQkXZLnEIYF b8lg== X-Received: by 10.28.170.66 with SMTP id t63mr16039017wme.40.1449983903526; Sat, 12 Dec 2015 21:18:23 -0800 (PST) Received: from [192.168.1.244] (85-171-136-71.rev.numericable.fr. [85.171.136.71]) by smtp.gmail.com with ESMTPSA id v129sm9404888wmg.21.2015.12.12.21.18.22 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 12 Dec 2015 21:18:22 -0800 (PST) Subject: Re: Configuring network without ezjail To: James Gritton , freebsd-jail@freebsd.org References: <566B67F7.1090404@gmail.com> <566B5CB6.8050009@erdgeist.org> <566B7D7E.2070507@gmail.com> From: marcel X-Enigmail-Draft-Status: N1110 Message-ID: <566D0DA8.8060502@gmail.com> Date: Sun, 13 Dec 2015 06:18:16 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Dec 2015 05:18:25 -0000 On 12/12/2015 18:10, James Gritton wrote: > On 2015-12-11 18:50, marcel wrote: >> No I don't get to have an IP address... Yet I have writed this in my >> host's rc.conf: >> >> jail_enable="YES" >> jail_list="thename" >> jail_guantanamo_rootdir="thepath" >> jail_guantanamo_hostname="thename" >> jail_guantanamo_ip="192.168.0.12" >> >> and I use the command: >> >> jail thepath thename 192.168.0.12 /bin/csh >> >> to connect to my jail... > > Is the jail even created? You show jail_name as "thename", but the > jail config variables are jail_quantanamo_*. So when you say > "thename" do you really mean quantanamo? Because if you don't, then > the jail won't get configured at startup. > > The command you're using to connect to the jail is actually a command > that creates a jail. That's probably not what you want, as that jail > is likely to disappear again after you exit from it. You should be > using jexec(8), assuming your jail has been properly created in the > first place. > > Now to the IP address: is your entire box behind some gateway, where > it uses a 192.168 address? If it isn't, you'll need more than to just > declare such an address - you'll need a jail with vnet, which is > rather more complex. But if it is, then the question becomes: is > 192.168.0.12 the host address, i.e. are you creating a jail that > shares the host address? If you are it should work, but most jails > aren't done this way. > > Specifying a jail's IP address only tell which of the host's existing > addresses to use. If that address isn't already set up, it won't be > used - unless you tell it to. If you're still using the rc.conf-based > jail specification, you can set jail_interface (or > jail_quantanamo_interface) to the name of the network interface where > the host's main IP address lives (e.g. "em0" or somesuch). Such a > config line is likely all you need. > > - Jamie Yes, the jail is created with the make installworld, make distribution, jail -c , etc method and I launch it with jail -c guantanamo and connect to it with jexec id shell. Yes, sorry I have badly explained so jail_name="thename", thename is guantanamo. My host is behind a router that provide me an internet access yes and yes 192.168.0.12 is my host ip so yes my jail share the host address. jls command show me this address but ifconfig command (in my jail) show me no address... I've read that in my case I've just need of jail_enable="YES" in my rc.conf... I will add with most of jail_guantanamo* variable and test... From owner-freebsd-jail@freebsd.org Sun Dec 13 06:07:32 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F304BA416FB for ; Sun, 13 Dec 2015 06:07:31 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org (gritton.org [162.220.209.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "www.gritton.org", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id C883B1E4C for ; Sun, 13 Dec 2015 06:07:31 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org (gritton.org [162.220.209.3]) by gritton.org (8.15.2/8.15.2) with ESMTPS id tBD67Tml036575 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sat, 12 Dec 2015 23:07:30 -0700 (MST) (envelope-from jamie@freebsd.org) Received: (from www@localhost) by gritton.org (8.15.2/8.15.2/Submit) id tBD67TSJ036574; Sat, 12 Dec 2015 23:07:29 -0700 (MST) (envelope-from jamie@freebsd.org) X-Authentication-Warning: gritton.org: www set sender to jamie@freebsd.org using -f To: freebsd-jail@freebsd.org Subject: Re: Configuring network without ezjail X-PHP-Originating-Script: 0:rcube.php MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Sat, 12 Dec 2015 23:07:29 -0700 From: James Gritton In-Reply-To: <566D0DA8.8060502@gmail.com> References: <566B67F7.1090404@gmail.com> <566B5CB6.8050009@erdgeist.org> <566B7D7E.2070507@gmail.com> <566D0DA8.8060502@gmail.com> Message-ID: <2c9d05b19812c983e0da5bd0513fab4f@gritton.org> X-Sender: jamie@freebsd.org User-Agent: Roundcube Webmail/1.1.2 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Dec 2015 06:07:32 -0000 On 2015-12-12 23:18, marcel wrote: > On 12/12/2015 18:10, James Gritton wrote: >> On 2015-12-11 18:50, marcel wrote: >>> No I don't get to have an IP address... Yet I have writed this in my >>> host's rc.conf: >>> >>> jail_enable="YES" >>> jail_list="thename" >>> jail_guantanamo_rootdir="thepath" >>> jail_guantanamo_hostname="thename" >>> jail_guantanamo_ip="192.168.0.12" >>> >>> and I use the command: >>> >>> jail thepath thename 192.168.0.12 /bin/csh >>> >>> to connect to my jail... >> >> Is the jail even created? You show jail_name as "thename", but the >> jail config variables are jail_quantanamo_*. So when you say >> "thename" do you really mean quantanamo? Because if you don't, then >> the jail won't get configured at startup. >> >> The command you're using to connect to the jail is actually a command >> that creates a jail. That's probably not what you want, as that jail >> is likely to disappear again after you exit from it. You should be >> using jexec(8), assuming your jail has been properly created in the >> first place. >> >> Now to the IP address: is your entire box behind some gateway, where >> it uses a 192.168 address? If it isn't, you'll need more than to just >> declare such an address - you'll need a jail with vnet, which is >> rather more complex. But if it is, then the question becomes: is >> 192.168.0.12 the host address, i.e. are you creating a jail that >> shares the host address? If you are it should work, but most jails >> aren't done this way. >> >> Specifying a jail's IP address only tell which of the host's existing >> addresses to use. If that address isn't already set up, it won't be >> used - unless you tell it to. If you're still using the rc.conf-based >> jail specification, you can set jail_interface (or >> jail_quantanamo_interface) to the name of the network interface where >> the host's main IP address lives (e.g. "em0" or somesuch). Such a >> config line is likely all you need. >> >> - Jamie > Yes, the jail is created with the make installworld, make distribution, > jail -c , etc method and I launch it with jail -c guantanamo and > connect > to it with jexec id shell. > > Yes, sorry I have badly explained so jail_name="thename", thename is > guantanamo. > > My host is behind a router that provide me an internet access yes and > yes 192.168.0.12 is my host ip so yes my jail share the host address. > jls command show me this address but ifconfig command (in my jail) show > me no address... > > I've read that in my case I've just need of jail_enable="YES" in my > rc.conf... I will add with most of jail_guantanamo* variable and > test... If 192.168.0.12 is your host IP, try creating the jail without IP address restrictions. I don't think you can do that with with the old rc.conf-based specification, but with a jail.conf file (or from a command line), you just add "ip4=inherit" and don't mention an ip4.address at all. That will create a jail that has access to all of the host IP addresses. - Jamie From owner-freebsd-jail@freebsd.org Sun Dec 13 07:51:00 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 13B72A14789 for ; Sun, 13 Dec 2015 07:51:00 +0000 (UTC) (envelope-from sodynet1@gmail.com) Received: from mail-lf0-x22d.google.com (mail-lf0-x22d.google.com [IPv6:2a00:1450:4010:c07::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7831D1FBC for ; Sun, 13 Dec 2015 07:50:59 +0000 (UTC) (envelope-from sodynet1@gmail.com) Received: by lfdl133 with SMTP id l133so101680066lfd.2 for ; Sat, 12 Dec 2015 23:50:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=i0wHkMSySZgr08clZfc9jjp57PLCiwntZ5MHGNVfq8U=; b=AGi8+x3NcxGa6Qs4duCf1RzWD4SoBAwdV+6bJLl2ZwxWyb1l1g7WH3k3Sh+u2PE2Mr hZDvTA3jISPycJngyvocUiSncrrt93RrIg9ToyKzPXoch3eLQ1trTE1JE+DmfwqqoQH+ bE0WfhghDefSCdkFslOcq5ijMWDaXiwAVVF0CuOkfMt1n9Q89mMtfV7gGQZnxne7xO/X CebwIPPC4P1ORwAIu7L3piJNJr+OqvgkbpVUMd5aZ0R8uc2/S5r89z+tXnYmJm8Gi4RN GO4YsDf+D3vIGgv8H3yZ6Fl+iIKUDC0OTRc7vJwB8U5bqlejUeEU8z4M2/SoISYuPPpU r7lA== MIME-Version: 1.0 X-Received: by 10.25.151.133 with SMTP id z127mr10707602lfd.105.1449993056279; Sat, 12 Dec 2015 23:50:56 -0800 (PST) Received: by 10.112.93.194 with HTTP; Sat, 12 Dec 2015 23:50:55 -0800 (PST) Received: by 10.112.93.194 with HTTP; Sat, 12 Dec 2015 23:50:55 -0800 (PST) In-Reply-To: <566D05DD.9080201@gmail.com> References: <566B67F7.1090404@gmail.com> <566B5CB6.8050009@erdgeist.org> <566B7D7E.2070507@gmail.com> <566B8183.3080306@gmail.com> <1449888253.23602.14.camel@michaeleichorn.com> <1449889151.23602.24.camel@michaeleichorn.com> <566D05DD.9080201@gmail.com> Date: Sun, 13 Dec 2015 09:50:55 +0200 Message-ID: Subject: Re: Configuring network without ezjail From: Sami Halabi To: marcel Cc: freebsd-jail@freebsd.org, Dirk Engling , "Michael B. Eichorn" Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Dec 2015 07:51:00 -0000 hi, I think you need to configure the ip in the host first kater it'll be seen in the jail. using rf 1918 addreses means you need NAT in your router to have access the internet. rather than that using the term 'routing' is incorrecg unless you have multiple hops to get the packets to the router. Sami =D7=91=D7=AA=D7=90=D7=A8=D7=99=D7=9A 13 =D7=91=D7=93=D7=A6=D7=9E=D7=B3 2015= 6:45 AM,=E2=80=8F "marcel" =D7=9B=D7=AA=D7=91: > > > On 12/12/2015 02:59, Michael B. Eichorn wrote: > > On Fri, 2015-12-11 at 21:44 -0500, Michael B. Eichorn wrote: > >> On Sat, 2015-12-12 at 02:08 +0000, marcel wrote: > >>> ... and I think I have enabling gateway, I wrote thins in both of > >>> my > >>> rc.conf (jail and host): > >>> > >>> gateway_enable=3D"YES" > >>> > >>> Is it correct ? > >> You only need gateway_enable if you are doing routing, it is not > >> necessary for a typical jail setup. Most of the time you are just > >> adding an alias to the host's nic. > OK so if I want to my jail can access to internet I have to do routing, > right ? > >>> But I don't think I have DNS problems, my host correctly access to > >>> the > >>> internet and the resolv.conf of my jail and my host are same... > >>> > >>> On 12/12/2015 01:50, marcel wrote: > >>>> No I don't get to have an IP address... Yet I have writed this in > >>>> my > >>>> host's rc.conf: > >>>> > >>>> jail_enable=3D"YES" > >>>> jail_list=3D"thename" > >>>> jail_guantanamo_rootdir=3D"thepath" > >>>> jail_guantanamo_hostname=3D"thename" > >>>> jail_guantanamo_ip=3D"192.168.0.12" > >>>> > >>>> and I use the command: > >>>> > >>>> jail thepath thename 192.168.0.12 /bin/csh > >>>> > >>>> to connect to my jail... > >>>> > >>>> On 11/12/2015 23:31, Dirk Engling wrote: > >>>>> On 12.12.15 01:19, marcel wrote: > >>>>> > >>>>>> I would like to know if it is possible to configure a jail's > >>>>>> network for > >>>>>> accessing to the World Wide Web but without ezjail ? > >>>>>> I have created my jail without ezjail (mkdir jail, make > >>>>>> installworld, > >>>>>> etc...) and I would like to continue without it if it's > >>>>>> possible... > >>>>> Sure, why doesn't it connect to the net? Does it have a RFC1918 > >>>>> IP? If > >>>>> so, you need to enable NAT. If not, did you enable gatewaying? > >>>>> Maybe you > >>>>> just have DNS problems, so is your resolv.conf set up properly? > >>>>> > >>>>> Without knowing what exactly is not working, I can not help > >>>>> you. > >>>>> > >>>>> erdgeist > >> I think you found some old instructions, assuming a 10.x system here > >> is > >> the boilerplate for a typical jail: > >> > >> rc.conf: > >> > >> jail_enable=3D"YES" > >> > >> jail.conf: > >> > >> interface =3D re0; > >> mount.devfs; > >> exec.start =3D "/bin/sh /etc/rc"; > >> exec.stop =3D "/bin/sh /etc/rc.shutdown"; > >> > >> thenameofthejail { > >> host.hostname =3D host.domain.tld; > >> path =3D /the/path/to/the/jail > >> ip4.addr =3D 192.168.0.12; > >> } > >> > >> and start it up with > >> > >> # jail -c thenameofthejail > >> > >> And another handy tip you can avoid building a jail with make by > >> extacting the base.txz file found in places like the install media > >> into > >> the jail directory > OK, so my jail.conf look like your jail.conf and when I type jls my jail > have the IP 192.168.0.12 but when I type ifconfig in my jail I have no > ip... > > Oh and before I forget, the trickiest thing for me moving from ezjail > > to jail was updating. Assuming your jails are complete base systems and > > that you would like to use binary updates with freebsd-update, and you > > have completely sparated jails without any funny tricks to save space, > > here is Ike's simple jail update guide: > > > > edit the jail's freebsd-update.conf and change > > > > Components src world kernel > > -to- > > Components world > > > > then run freebsd-update like so: > > > > # freebsd-update -b /usr/jails/jaildir \ > > -f usr/jails/jaildir/etc/freebsd-update.conf \ > > -d /usr/jails/jaildir/var/db/freebsd-update fetch > > # freebsd-update -b /usr/jails/jaildir \ > > -f /usr/jails/jaildir/etc/freebsd-update.conf \ > > -d /usr/jails/jaildir/var/db/freebsd-update install > > > > Using the -f flag keeps the jail from using the host config since jails > > cannot update kernels anyway. And -d keeps jails and hosts from > > trampling each other which is nice if you want to do more than one at a > > time, or if you use freebsd-update cron. > Thanks for tip ! > _______________________________________________ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > From owner-freebsd-jail@freebsd.org Sun Dec 13 14:14:39 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 076C4A439DD for ; Sun, 13 Dec 2015 14:14:39 +0000 (UTC) (envelope-from ike@michaeleichorn.com) Received: from mx1.eichornenterprises.com (mx1.eichornenterprises.com [104.236.13.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx1.eichornenterprises.com", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id BB6F91278 for ; Sun, 13 Dec 2015 14:14:38 +0000 (UTC) (envelope-from ike@michaeleichorn.com) Received: from mail.eichornenterprises.com (cpe-184-59-147-149.neo.res.rr.com [184.59.147.149]) by mx1.eichornenterprises.com (OpenSMTPD) with ESMTP id 34caa141; Sun, 13 Dec 2015 09:14:34 -0500 (EST) Received: by mail.eichornenterprises.com (OpenSMTPD) with ESMTPSA id b3fb4bbf TLS version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO; Sun, 13 Dec 2015 09:14:33 -0500 (EST) Message-ID: <1450016073.15959.10.camel@michaeleichorn.com> Subject: Re: Configuring network without ezjail From: "Michael B. Eichorn" To: marcel , Dirk Engling , freebsd-jail@freebsd.org Date: Sun, 13 Dec 2015 09:14:33 -0500 In-Reply-To: <566D05DD.9080201@gmail.com> References: <566B67F7.1090404@gmail.com> <566B5CB6.8050009@erdgeist.org> <566B7D7E.2070507@gmail.com> <566B8183.3080306@gmail.com> <1449888253.23602.14.camel@michaeleichorn.com> <1449889151.23602.24.camel@michaeleichorn.com> <566D05DD.9080201@gmail.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.18.2 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Dec 2015 14:14:39 -0000 On Sun, 2015-12-13 at 05:45 +0000, marcel wrote: > > On 12/12/2015 02:59, Michael B. Eichorn wrote: > > On Fri, 2015-12-11 at 21:44 -0500, Michael B. Eichorn wrote: > > > On Sat, 2015-12-12 at 02:08 +0000, marcel wrote: > > > > ... and I think I have enabling gateway, I wrote thins in both > > > > of > > > > my > > > > rc.conf (jail and host): > > > > > > > > gateway_enable="YES" > > > > > > > > Is it correct ? > > > You only need gateway_enable if you are doing routing, it is not > > > necessary for a typical jail setup. Most of the time you are just > > > adding an alias to the host's nic. > OK so if I want to my jail can access to internet I have to do > routing, > right ? No. In your other email you mentioned the host is behind a router, just assign the jail a static ip on the same subnet as the host. The router will treat it very similarly to adding another computer via a switch. > > > > But I don't think I have DNS problems, my host correctly access > > > > to > > > > the > > > > internet and the resolv.conf of my jail and my host are same... > > > > > > > > On 12/12/2015 01:50, marcel wrote: > > > > > No I don't get to have an IP address... Yet I have writed > > > > > this in > > > > > my > > > > > host's rc.conf: > > > > > > > > > > jail_enable="YES" > > > > > jail_list="thename" > > > > > jail_guantanamo_rootdir="thepath" > > > > > jail_guantanamo_hostname="thename" > > > > > jail_guantanamo_ip="192.168.0.12" > > > > > > > > > > and I use the command: > > > > > > > > > > jail thepath thename 192.168.0.12 /bin/csh > > > > > > > > > > to connect to my jail... > > > > > > > > > > On 11/12/2015 23:31, Dirk Engling wrote: > > > > > > On 12.12.15 01:19, marcel wrote: > > > > > > > > > > > > > I would like to know if it is possible to configure a > > > > > > > jail's > > > > > > > network for > > > > > > > accessing to the World Wide Web but without ezjail ? > > > > > > > I have created my jail without ezjail (mkdir jail, make > > > > > > > installworld, > > > > > > > etc...) and I would like to continue without it if it's > > > > > > > possible... > > > > > > Sure, why doesn't it connect to the net? Does it have a > > > > > > RFC1918 > > > > > > IP? If > > > > > > so, you need to enable NAT. If not, did you enable > > > > > > gatewaying? > > > > > > Maybe you > > > > > > just have DNS problems, so is your resolv.conf set up > > > > > > properly? > > > > > > > > > > > > Without knowing what exactly is not working, I can not help > > > > > > you. > > > > > > > > > > > >   erdgeist > > > I think you found some old instructions, assuming a 10.x system > > > here > > > is > > > the boilerplate for a typical jail: > > > > > > rc.conf: > > > > > >   jail_enable="YES" > > > > > > jail.conf: > > > > > >   interface = re0; > > >   mount.devfs; > > >   exec.start = "/bin/sh /etc/rc"; > > >   exec.stop = "/bin/sh /etc/rc.shutdown"; > > > > > >   thenameofthejail { > > >         host.hostname = host.domain.tld; > > > path = /the/path/to/the/jail > > >         ip4.addr = 192.168.0.12; > > >   } > > > > > > and start it up with > > > > > > # jail -c thenameofthejail > > > > > > And another handy tip you can avoid building a jail with make by > > > extacting the base.txz file found in places like the install > > > media > > > into > > > the jail directory > OK, so my jail.conf look like your jail.conf and when I type jls my > jail > have the IP 192.168.0.12 but when I type ifconfig in my jail I have > no ip... Is 192.168.0.12 your host IP? The jail needs a different static IP address e.g. 182,168.0.13. There are ways around this but usually you want a different IP. Each jail and the host have a different IP. The setting ip4.addr in jail.conf will cause jail(8) to create an alias with the new IP on the NIC specified by interface in jail.conf. Destroying the jail with `jail -r ` removes the alias. > > Oh and before I forget, the trickiest thing for me moving from > > ezjail > > to jail was updating. Assuming your jails are complete base systems > > and > > that you would like to use binary updates with freebsd-update, and > > you > > have completely sparated jails without any funny tricks to save > > space, > > here is Ike's simple jail update guide: > > > > edit the jail's freebsd-update.conf and change > > > > Components src world kernel > > -to- > > Components world > > > > then run freebsd-update like so: > > > > # freebsd-update -b /usr/jails/jaildir \ > > -f usr/jails/jaildir/etc/freebsd-update.conf \ > > -d /usr/jails/jaildir/var/db/freebsd-update fetch > > # freebsd-update -b /usr/jails/jaildir \ > > -f /usr/jails/jaildir/etc/freebsd-update.conf \ > > -d /usr/jails/jaildir/var/db/freebsd-update install > > > > Using the -f flag keeps the jail from using the host config since > > jails > > cannot update kernels anyway. And -d keeps jails and hosts from > > trampling each other which is nice if you want to do more than one > > at a > > time, or if you use freebsd-update cron. > Thanks for tip ! From owner-freebsd-jail@freebsd.org Sun Dec 13 15:24:00 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A790FA14B10 for ; Sun, 13 Dec 2015 15:24:00 +0000 (UTC) (envelope-from jamie@gritton.org) Received: from gritton.org (gritton.org [162.220.209.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "www.gritton.org", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 89B5D1255 for ; Sun, 13 Dec 2015 15:24:00 +0000 (UTC) (envelope-from jamie@gritton.org) Received: from gritton.org (gritton.org [162.220.209.3]) by gritton.org (8.15.2/8.15.2) with ESMTPS id tBDFNvXJ041264 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 13 Dec 2015 08:23:58 -0700 (MST) (envelope-from jamie@gritton.org) Received: (from www@localhost) by gritton.org (8.15.2/8.15.2/Submit) id tBDFNvpv041263; Sun, 13 Dec 2015 08:23:57 -0700 (MST) (envelope-from jamie@gritton.org) X-Authentication-Warning: gritton.org: www set sender to jamie@gritton.org using -f To: freebsd-jail@freebsd.org Subject: Re: OSS in jail X-PHP-Originating-Script: 0:rcube.php MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Sun, 13 Dec 2015 08:23:57 -0700 From: James Gritton In-Reply-To: <20151212224422.GB4884@hpmini> References: <20151212224422.GB4884@hpmini> Message-ID: X-Sender: jamie@gritton.org User-Agent: Roundcube Webmail/1.1.2 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Dec 2015 15:24:00 -0000 On 2015-12-12 15:44, Luís Fernando Schultz Xavier da Silveira wrote: > > I would like one of my jails to have the ability to play back sound, > but not to record it. As I understand, sound is played back by writing > to /dev/dsp and recorded by reading from it. Hence, placing the > /dev/dsp > device (and /dev/dsp[0-9]* devices) in the jail via devfs.rules is not > a solution since the jail superuser can override permissions on these > devices and even read from them when they lack read permission. > > Is there a way to give a device to a jail in write-only mode? > If not, is it possible to create a virtual OSS stack and give that to > the jail? > How would you solve this problem? > > Also, is it possible to give the jail a mixer device that can only read > mixer settings but not alter them? There is no mechanism for adding a device to a jail with partial permissions. Generally, it wouldn't just be reading and writing, but a per-device decision on different ioctl calls. This would require an entire jail device framework that doesn't exist. I suppose it's possible to create a virtual OSS stack - sounds like a pretty big project though. If I had this job to do, that's likely the direction I'd go, though instead of a virtual OSS driver, I'd consider something on the user level, with a listening UNIX socket inside the jail. I doubt this would work seamlessly without recompiling software though (again, the ioctl question). - Jamie From owner-freebsd-jail@freebsd.org Sun Dec 13 16:05:29 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4DE2CA42E4C for ; Sun, 13 Dec 2015 16:05:29 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C482A1498 for ; Sun, 13 Dec 2015 16:05:28 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from tom.home (kostik@localhost [127.0.0.1]) by kib.kiev.ua (8.15.2/8.15.2) with ESMTPS id tBDG5MaP057984 (version=TLSv1 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Sun, 13 Dec 2015 18:05:23 +0200 (EET) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.10.3 kib.kiev.ua tBDG5MaP057984 Received: (from kostik@localhost) by tom.home (8.15.2/8.15.2/Submit) id tBDG5McE057982; Sun, 13 Dec 2015 18:05:22 +0200 (EET) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Sun, 13 Dec 2015 18:05:22 +0200 From: Konstantin Belousov To: James Gritton Cc: freebsd-jail@freebsd.org Subject: Re: OSS in jail Message-ID: <20151213160522.GY82577@kib.kiev.ua> References: <20151212224422.GB4884@hpmini> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on tom.home X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Dec 2015 16:05:29 -0000 On Sun, Dec 13, 2015 at 08:23:57AM -0700, James Gritton wrote: > On 2015-12-12 15:44, Lu??s Fernando Schultz Xavier da Silveira wrote: > > > > I would like one of my jails to have the ability to play back sound, > > but not to record it. As I understand, sound is played back by writing > > to /dev/dsp and recorded by reading from it. Hence, placing the > > /dev/dsp > > device (and /dev/dsp[0-9]* devices) in the jail via devfs.rules is not > > a solution since the jail superuser can override permissions on these > > devices and even read from them when they lack read permission. > > > > Is there a way to give a device to a jail in write-only mode? > > If not, is it possible to create a virtual OSS stack and give that to > > the jail? > > How would you solve this problem? > > > > Also, is it possible to give the jail a mixer device that can only read > > mixer settings but not alter them? > > There is no mechanism for adding a device to a jail with partial > permissions. Generally, it wouldn't just be reading and writing, but a > per-device decision on different ioctl calls. This would require an > entire jail device framework that doesn't exist. > > I suppose it's possible to create a virtual OSS stack - sounds like a > pretty big project though. If I had this job to do, that's likely the > direction I'd go, though instead of a virtual OSS driver, I'd consider > something on the user level, with a listening UNIX socket inside the > jail. I doubt this would work seamlessly without recompiling software > though (again, the ioctl question). There is a lot of usermode sound servers, already written, some of them are even used. I am sure that among the dozens there are several which would allow to restrict access and provide connector into the jail. IMO it is much more practical way to achieve the stated goal than try to restrict /dev/dsp access. From owner-freebsd-jail@freebsd.org Sun Dec 13 17:50:18 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 906D4A438D0 for ; Sun, 13 Dec 2015 17:50:18 +0000 (UTC) (envelope-from schultz@ime.usp.br) Received: from iris.ime.usp.br (iris.ime.usp.br [143.107.45.5]) by mx1.freebsd.org (Postfix) with ESMTP id 4E1AD15B3 for ; Sun, 13 Dec 2015 17:50:17 +0000 (UTC) (envelope-from schultz@ime.usp.br) Received: from hpmini (unknown [187.65.219.230]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: schultz@iris.ime.usp.br) by iris.ime.usp.br (Postfix) with ESMTPSA id 9E6042900D5F; Sun, 13 Dec 2015 15:50:13 -0200 (BRST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ime.usp.br; s=mail; t=1450029017; bh=lMwFx+a7CL2f/+Wjrx2RHESUmcixAIDLFYGuTt96Rp4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=mwXnmJfycLDmbpbrn2KpKH9Fno1ZmNXC2BYY4Iqx3vpKLBkiidNBqflMmxd48nzIq uXA+sUy0LmVTVJK2IL+nkLYgQajxDxeO4yxTuecZvLmbSdYuCsWcOhYFzhKukLewva x4BmiuKULHPKOH+sZGMRmI+O8L5c05Y8Hvac0E3o= Date: Sun, 13 Dec 2015 15:52:01 -0200 From: =?utf-8?B?THXDrXM=?= Fernando Schultz Xavier da Silveira To: Konstantin Belousov Cc: James Gritton , freebsd-jail@freebsd.org Subject: Re: OSS in jail Message-ID: <20151213175201.GB871@hpmini> References: <20151212224422.GB4884@hpmini> <20151213160522.GY82577@kib.kiev.ua> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20151213160522.GY82577@kib.kiev.ua> User-Agent: Mutt/1.5.23 (2014-03-12) X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on iris.ime.usp.br X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Dec 2015 17:50:18 -0000 I see. I does indeed seem a sound server is the appropriate solution. Thanks. On Sun, Dec 13, 2015 at 06:05:22PM +0200, Konstantin Belousov wrote: > On Sun, Dec 13, 2015 at 08:23:57AM -0700, James Gritton wrote: > > On 2015-12-12 15:44, Lu??s Fernando Schultz Xavier da Silveira wrote: > > > > > > I would like one of my jails to have the ability to play back sound, > > > but not to record it. As I understand, sound is played back by writing > > > to /dev/dsp and recorded by reading from it. Hence, placing the > > > /dev/dsp > > > device (and /dev/dsp[0-9]* devices) in the jail via devfs.rules is not > > > a solution since the jail superuser can override permissions on these > > > devices and even read from them when they lack read permission. > > > > > > Is there a way to give a device to a jail in write-only mode? > > > If not, is it possible to create a virtual OSS stack and give that to > > > the jail? > > > How would you solve this problem? > > > > > > Also, is it possible to give the jail a mixer device that can only read > > > mixer settings but not alter them? > > > > There is no mechanism for adding a device to a jail with partial > > permissions. Generally, it wouldn't just be reading and writing, but a > > per-device decision on different ioctl calls. This would require an > > entire jail device framework that doesn't exist. > > > > I suppose it's possible to create a virtual OSS stack - sounds like a > > pretty big project though. If I had this job to do, that's likely the > > direction I'd go, though instead of a virtual OSS driver, I'd consider > > something on the user level, with a listening UNIX socket inside the > > jail. I doubt this would work seamlessly without recompiling software > > though (again, the ioctl question). > > There is a lot of usermode sound servers, already written, some of them > are even used. I am sure that among the dozens there are several which > would allow to restrict access and provide connector into the jail. > > IMO it is much more practical way to achieve the stated goal than try > to restrict /dev/dsp access. > _______________________________________________ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > From owner-freebsd-jail@freebsd.org Sun Dec 13 17:54:16 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7339FA43BE1 for ; Sun, 13 Dec 2015 17:54:16 +0000 (UTC) (envelope-from marcel.plouf@gmail.com) Received: from mail-wm0-x22f.google.com (mail-wm0-x22f.google.com [IPv6:2a00:1450:400c:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 038701948 for ; Sun, 13 Dec 2015 17:54:16 +0000 (UTC) (envelope-from marcel.plouf@gmail.com) Received: by mail-wm0-x22f.google.com with SMTP id n186so17359327wmn.0 for ; Sun, 13 Dec 2015 09:54:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-type:content-transfer-encoding; bh=/dyNaZfTk5Gic6anfQY1S3kDKn7S7p99Ma8k2yORCIo=; b=p0M6ln89hLMJtkTePeGGlVHZxShV+6NERCHhO2zxt+JBg7nLB4kFn6UI52a13QnNC1 K+C2f4r5XE0rrBMI6vZIIxcf739hLGXLGyRGdcWNr0J/n6ewsJKRMFtD1Flnm9N/U5HO Kob/H7eDhfH3vXrhuD/nXq31Pqep815ecPd19GGc24Vs/UlbtEXK/+Jy4/rmPzMHvvoa H629ZFMQcGYgiUMTISSrRvcxigjQHg3gF4kCCnSPy7jjsK4lkCDVpFWF4LxI7GG1F16Z NmRGKh5Fo/WEM8SY3U3DgzUYkzczpSsskiEp/Ym83wzTjSlITnmsHDnx+Tnfnj5hYPCM Ry4w== X-Received: by 10.194.192.198 with SMTP id hi6mr32859131wjc.141.1450029253580; Sun, 13 Dec 2015 09:54:13 -0800 (PST) Received: from [192.168.1.244] (85-171-136-71.rev.numericable.fr. [85.171.136.71]) by smtp.gmail.com with ESMTPSA id z1sm26058255wje.35.2015.12.13.09.54.12 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 13 Dec 2015 09:54:13 -0800 (PST) Subject: Re: Configuring network without ezjail To: "Michael B. Eichorn" , Dirk Engling , freebsd-jail@freebsd.org References: <566B67F7.1090404@gmail.com> <566B5CB6.8050009@erdgeist.org> <566B7D7E.2070507@gmail.com> <566B8183.3080306@gmail.com> <1449888253.23602.14.camel@michaeleichorn.com> <1449889151.23602.24.camel@michaeleichorn.com> <566D05DD.9080201@gmail.com> <1450016073.15959.10.camel@michaeleichorn.com> From: marcel X-Enigmail-Draft-Status: N1110 Message-ID: <566DBECE.1000602@gmail.com> Date: Sun, 13 Dec 2015 18:54:06 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: <1450016073.15959.10.camel@michaeleichorn.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Dec 2015 17:54:16 -0000 On 13/12/2015 14:14, Michael B. Eichorn wrote: > On Sun, 2015-12-13 at 05:45 +0000, marcel wrote: >> On 12/12/2015 02:59, Michael B. Eichorn wrote: >>> On Fri, 2015-12-11 at 21:44 -0500, Michael B. Eichorn wrote: >>>> On Sat, 2015-12-12 at 02:08 +0000, marcel wrote: >>>>> ... and I think I have enabling gateway, I wrote thins in both >>>>> of >>>>> my >>>>> rc.conf (jail and host): >>>>> >>>>> gateway_enable="YES" >>>>> >>>>> Is it correct ? >>>> You only need gateway_enable if you are doing routing, it is not >>>> necessary for a typical jail setup. Most of the time you are just >>>> adding an alias to the host's nic. >> OK so if I want to my jail can access to internet I have to do >> routing, >> right ? > No. In your other email you mentioned the host is behind a router, just > assign the jail a static ip on the same subnet as the host. The router > will treat it very similarly to adding another computer via a switch. I've already done this and it doesn't work, jls show the address I have configured but when ifconfig shownothing in the jail, and still have no internet cnnection in the jail... > >>>>> But I don't think I have DNS problems, my host correctly access >>>>> to >>>>> the >>>>> internet and the resolv.conf of my jail and my host are same... >>>>> >>>>> On 12/12/2015 01:50, marcel wrote: >>>>>> No I don't get to have an IP address... Yet I have writed >>>>>> this in >>>>>> my >>>>>> host's rc.conf: >>>>>> >>>>>> jail_enable="YES" >>>>>> jail_list="thename" >>>>>> jail_guantanamo_rootdir="thepath" >>>>>> jail_guantanamo_hostname="thename" >>>>>> jail_guantanamo_ip="192.168.0.12" >>>>>> >>>>>> and I use the command: >>>>>> >>>>>> jail thepath thename 192.168.0.12 /bin/csh >>>>>> >>>>>> to connect to my jail... >>>>>> >>>>>> On 11/12/2015 23:31, Dirk Engling wrote: >>>>>>> On 12.12.15 01:19, marcel wrote: >>>>>>> >>>>>>>> I would like to know if it is possible to configure a >>>>>>>> jail's >>>>>>>> network for >>>>>>>> accessing to the World Wide Web but without ezjail ? >>>>>>>> I have created my jail without ezjail (mkdir jail, make >>>>>>>> installworld, >>>>>>>> etc...) and I would like to continue without it if it's >>>>>>>> possible... >>>>>>> Sure, why doesn't it connect to the net? Does it have a >>>>>>> RFC1918 >>>>>>> IP? If >>>>>>> so, you need to enable NAT. If not, did you enable >>>>>>> gatewaying? >>>>>>> Maybe you >>>>>>> just have DNS problems, so is your resolv.conf set up >>>>>>> properly? >>>>>>> >>>>>>> Without knowing what exactly is not working, I can not help >>>>>>> you. >>>>>>> >>>>>>> erdgeist >>>> I think you found some old instructions, assuming a 10.x system >>>> here >>>> is >>>> the boilerplate for a typical jail: >>>> >>>> rc.conf: >>>> >>>> jail_enable="YES" >>>> >>>> jail.conf: >>>> >>>> interface = re0; >>>> mount.devfs; >>>> exec.start = "/bin/sh /etc/rc"; >>>> exec.stop = "/bin/sh /etc/rc.shutdown"; >>>> >>>> thenameofthejail { >>>> host.hostname = host.domain.tld; >>>> path = /the/path/to/the/jail >>>> ip4.addr = 192.168.0.12; >>>> } >>>> >>>> and start it up with >>>> >>>> # jail -c thenameofthejail >>>> >>>> And another handy tip you can avoid building a jail with make by >>>> extacting the base.txz file found in places like the install >>>> media >>>> into >>>> the jail directory >> OK, so my jail.conf look like your jail.conf and when I type jls my >> jail >> have the IP 192.168.0.12 but when I type ifconfig in my jail I have >> no ip... > Is 192.168.0.12 your host IP? The jail needs a different static IP > address e.g. 182,168.0.13. There are ways around this but usually you > want a different IP. Each jail and the host have a different IP. The > setting ip4.addr in jail.conf will cause jail(8) to create an alias > with the new IP on the NIC specified by interface in jail.conf. > Destroying the jail with `jail -r ` removes the alias. OK, I did'nt know jail -r for removing the alias, thanks ! >>> Oh and before I forget, the trickiest thing for me moving from >>> ezjail >>> to jail was updating. Assuming your jails are complete base systems >>> and >>> that you would like to use binary updates with freebsd-update, and >>> you >>> have completely sparated jails without any funny tricks to save >>> space, >>> here is Ike's simple jail update guide: >>> >>> edit the jail's freebsd-update.conf and change >>> >>> Components src world kernel >>> -to- >>> Components world >>> >>> then run freebsd-update like so: >>> >>> # freebsd-update -b /usr/jails/jaildir \ >>> -f usr/jails/jaildir/etc/freebsd-update.conf \ >>> -d /usr/jails/jaildir/var/db/freebsd-update fetch >>> # freebsd-update -b /usr/jails/jaildir \ >>> -f /usr/jails/jaildir/etc/freebsd-update.conf \ >>> -d /usr/jails/jaildir/var/db/freebsd-update install >>> >>> Using the -f flag keeps the jail from using the host config since >>> jails >>> cannot update kernels anyway. And -d keeps jails and hosts from >>> trampling each other which is nice if you want to do more than one >>> at a >>> time, or if you use freebsd-update cron. >> Thanks for tip ! But anyway, the jail I try to configure is on a remote computer and he just has gone to shutdown... and to turn on I have to do some kilometers and I haven't the time for the moment... So for the moment subject is closed, thanks for your incredible help all ! From owner-freebsd-jail@freebsd.org Sun Dec 13 18:00:16 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E36D3A43F25 for ; Sun, 13 Dec 2015 18:00:16 +0000 (UTC) (envelope-from marcel.plouf@gmail.com) Received: from mail-wm0-x22d.google.com (mail-wm0-x22d.google.com [IPv6:2a00:1450:400c:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 870971A5F; Sun, 13 Dec 2015 18:00:16 +0000 (UTC) (envelope-from marcel.plouf@gmail.com) Received: by mail-wm0-x22d.google.com with SMTP id p66so34031686wmp.1; Sun, 13 Dec 2015 10:00:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-type:content-transfer-encoding; bh=BSWHdAD16AR9HV0dG8hYM2ckZmA1sYh0Av+sJiL4MZA=; b=nCUuxaVAta2I7KF70Dbzdw4pBJUXyzaD+6qWBJEYM2XBZA2dvZZiCP99sHDBXbkygC Q9Q9TLsFCtCh7T5WUtpJdmcDR+d0Pq0CwLHOl2kyYGd5M06/25ZLZEKk2XbkKcIv6LOp IjJX3RXjTWK9hvu8N3XKJ8vuFS9FJ+Tf31ojpbYFHADXDPSlUROoGMSWKPXcTh8ibg2i hje11Cfuf/YWDt9+RUs2hhNNWS4WdcvXvPiM+ksnHfcdc7YzEV6NEZoEqmztFHoQvQeD 09Te3TcynyL7sBveQfnKL7AnMnHa+mLQrMT7NPYZ6jG0TR6x4jWuqWr1l4pxNyBaNb+d TwDw== X-Received: by 10.28.96.193 with SMTP id u184mr18634714wmb.64.1450029615050; Sun, 13 Dec 2015 10:00:15 -0800 (PST) Received: from [192.168.1.244] (85-171-136-71.rev.numericable.fr. [85.171.136.71]) by smtp.gmail.com with ESMTPSA id q4sm26147414wja.6.2015.12.13.10.00.13 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 13 Dec 2015 10:00:13 -0800 (PST) Subject: Re: Configuring network without ezjail To: James Gritton , freebsd-jail@freebsd.org References: <566B67F7.1090404@gmail.com> <566B5CB6.8050009@erdgeist.org> <566B7D7E.2070507@gmail.com> <566D0DA8.8060502@gmail.com> <2c9d05b19812c983e0da5bd0513fab4f@gritton.org> From: marcel Message-ID: <566DC037.5010100@gmail.com> Date: Sun, 13 Dec 2015 19:00:07 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: <2c9d05b19812c983e0da5bd0513fab4f@gritton.org> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Dec 2015 18:00:17 -0000 On 13/12/2015 06:07, James Gritton wrote: > On 2015-12-12 23:18, marcel wrote: >> On 12/12/2015 18:10, James Gritton wrote: >>> On 2015-12-11 18:50, marcel wrote: >>>> No I don't get to have an IP address... Yet I have writed this in my >>>> host's rc.conf: >>>> >>>> jail_enable="YES" >>>> jail_list="thename" >>>> jail_guantanamo_rootdir="thepath" >>>> jail_guantanamo_hostname="thename" >>>> jail_guantanamo_ip="192.168.0.12" >>>> >>>> and I use the command: >>>> >>>> jail thepath thename 192.168.0.12 /bin/csh >>>> >>>> to connect to my jail... >>> >>> Is the jail even created? You show jail_name as "thename", but the >>> jail config variables are jail_quantanamo_*. So when you say >>> "thename" do you really mean quantanamo? Because if you don't, then >>> the jail won't get configured at startup. >>> >>> The command you're using to connect to the jail is actually a command >>> that creates a jail. That's probably not what you want, as that jail >>> is likely to disappear again after you exit from it. You should be >>> using jexec(8), assuming your jail has been properly created in the >>> first place. >>> >>> Now to the IP address: is your entire box behind some gateway, where >>> it uses a 192.168 address? If it isn't, you'll need more than to just >>> declare such an address - you'll need a jail with vnet, which is >>> rather more complex. But if it is, then the question becomes: is >>> 192.168.0.12 the host address, i.e. are you creating a jail that >>> shares the host address? If you are it should work, but most jails >>> aren't done this way. >>> >>> Specifying a jail's IP address only tell which of the host's existing >>> addresses to use. If that address isn't already set up, it won't be >>> used - unless you tell it to. If you're still using the rc.conf-based >>> jail specification, you can set jail_interface (or >>> jail_quantanamo_interface) to the name of the network interface where >>> the host's main IP address lives (e.g. "em0" or somesuch). Such a >>> config line is likely all you need. >>> >>> - Jamie >> Yes, the jail is created with the make installworld, make distribution, >> jail -c , etc method and I launch it with jail -c guantanamo and connect >> to it with jexec id shell. >> >> Yes, sorry I have badly explained so jail_name="thename", thename is >> guantanamo. >> >> My host is behind a router that provide me an internet access yes and >> yes 192.168.0.12 is my host ip so yes my jail share the host address. >> jls command show me this address but ifconfig command (in my jail) show >> me no address... >> >> I've read that in my case I've just need of jail_enable="YES" in my >> rc.conf... I will add with most of jail_guantanamo* variable and test... > > If 192.168.0.12 is your host IP, try creating the jail without IP > address restrictions. I don't think you can do that with with the old > rc.conf-based specification, but with a jail.conf file (or from a > command line), you just add "ip4=inherit" and don't mention an > ip4.address at all. That will create a jail that has access to all of > the host IP addresses. > > - Jamie I was trying what you said but the remote machine where the jail is on has gone to shutdown (I don't know why...) and I have to do some kilometers to turn on and I haven't the time for the moment so subject is closed for the moment... Thanks a lot for your help, I will try again the next time... From owner-freebsd-jail@freebsd.org Sun Dec 13 18:02:47 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 310A9A421D7 for ; Sun, 13 Dec 2015 18:02:47 +0000 (UTC) (envelope-from marcel.plouf@gmail.com) Received: from mail-wm0-x229.google.com (mail-wm0-x229.google.com [IPv6:2a00:1450:400c:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AE7861D91 for ; Sun, 13 Dec 2015 18:02:46 +0000 (UTC) (envelope-from marcel.plouf@gmail.com) Received: by mail-wm0-x229.google.com with SMTP id n186so17520027wmn.0 for ; Sun, 13 Dec 2015 10:02:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-type; bh=eLKsONCEwpa1xhgEGbrmkqpcqUXP3Fg2YO9yqpnVFqM=; b=Nfh+3ZyZj4n7B4C0YpnO1uK0Medsy0gDnTylTcAEaeI0AccRqWTsontsGlwCL+KULZ g/XyIPQ6n786aJGodTy/IFnCsWY1TaIyTSkrFss50gTbPAKIhYsNK2v5XAN0pz0Md0cb aRTAdrYYDbYKD9ZhPxaUoDbh7hw2Hc+dNpq4LrvY9WFJRkVZMsna+5hhSTl9meytMgfg 6TFe9W4gd53WMykfRW9h/KMVb9mHEive7TB8OUD3FVxejfySwoecZhrwlugUKVP0KQAq xwoCKWniiwwZklvzapsqHgQ+ZoXMUtZgUXknO3Kl59a5DT5Yk9z8pUQHU/SdZ5yOxgP5 W0Mg== X-Received: by 10.194.209.195 with SMTP id mo3mr33232081wjc.16.1450029765062; Sun, 13 Dec 2015 10:02:45 -0800 (PST) Received: from [192.168.1.244] (85-171-136-71.rev.numericable.fr. [85.171.136.71]) by smtp.gmail.com with ESMTPSA id a63sm12506581wmc.5.2015.12.13.10.02.44 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 13 Dec 2015 10:02:44 -0800 (PST) Subject: Re: Configuring network without ezjail To: Sami Halabi References: <566B67F7.1090404@gmail.com> <566B5CB6.8050009@erdgeist.org> <566B7D7E.2070507@gmail.com> <566B8183.3080306@gmail.com> <1449888253.23602.14.camel@michaeleichorn.com> <1449889151.23602.24.camel@michaeleichorn.com> <566D05DD.9080201@gmail.com> Cc: freebsd-jail@freebsd.org, Dirk Engling , "Michael B. Eichorn" From: marcel Message-ID: <566DC0CD.7060502@gmail.com> Date: Sun, 13 Dec 2015 19:02:37 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Dec 2015 18:02:47 -0000 On 13/12/2015 07:50, Sami Halabi wrote: > > hi, > I think you need to configure the ip in the host first kater it'll be > seen in the jail. > > using rf 1918 addreses means you need NAT in your router to have > access the internet. > rather than that using the term 'routing' is incorrecg unless you have > multiple hops to get the packets to the router. > > Sami > The IP on the host works perfectly, internet access too... But anyway the remote machine on which the jail is on has suddently shutdown and I can't turn on for the moment so subject is closed... Thanks for your help ! > > בתאריך 13 בדצמ׳ 2015 6:45 AM,‏ "marcel" > כתב: > > > > On 12/12/2015 02:59, Michael B. Eichorn wrote: > > On Fri, 2015-12-11 at 21:44 -0500, Michael B. Eichorn wrote: > >> On Sat, 2015-12-12 at 02:08 +0000, marcel wrote: > >>> ... and I think I have enabling gateway, I wrote thins in both of > >>> my > >>> rc.conf (jail and host): > >>> > >>> gateway_enable="YES" > >>> > >>> Is it correct ? > >> You only need gateway_enable if you are doing routing, it is not > >> necessary for a typical jail setup. Most of the time you are just > >> adding an alias to the host's nic. > OK so if I want to my jail can access to internet I have to do > routing, > right ? > >>> But I don't think I have DNS problems, my host correctly access to > >>> the > >>> internet and the resolv.conf of my jail and my host are same... > >>> > >>> On 12/12/2015 01:50, marcel wrote: > >>>> No I don't get to have an IP address... Yet I have writed this in > >>>> my > >>>> host's rc.conf: > >>>> > >>>> jail_enable="YES" > >>>> jail_list="thename" > >>>> jail_guantanamo_rootdir="thepath" > >>>> jail_guantanamo_hostname="thename" > >>>> jail_guantanamo_ip="192.168.0.12" > >>>> > >>>> and I use the command: > >>>> > >>>> jail thepath thename 192.168.0.12 /bin/csh > >>>> > >>>> to connect to my jail... > >>>> > >>>> On 11/12/2015 23:31, Dirk Engling wrote: > >>>>> On 12.12.15 01:19, marcel wrote: > >>>>> > >>>>>> I would like to know if it is possible to configure a jail's > >>>>>> network for > >>>>>> accessing to the World Wide Web but without ezjail ? > >>>>>> I have created my jail without ezjail (mkdir jail, make > >>>>>> installworld, > >>>>>> etc...) and I would like to continue without it if it's > >>>>>> possible... > >>>>> Sure, why doesn't it connect to the net? Does it have a RFC1918 > >>>>> IP? If > >>>>> so, you need to enable NAT. If not, did you enable gatewaying? > >>>>> Maybe you > >>>>> just have DNS problems, so is your resolv.conf set up properly? > >>>>> > >>>>> Without knowing what exactly is not working, I can not help > >>>>> you. > >>>>> > >>>>> erdgeist > >> I think you found some old instructions, assuming a 10.x system > here > >> is > >> the boilerplate for a typical jail: > >> > >> rc.conf: > >> > >> jail_enable="YES" > >> > >> jail.conf: > >> > >> interface = re0; > >> mount.devfs; > >> exec.start = "/bin/sh /etc/rc"; > >> exec.stop = "/bin/sh /etc/rc.shutdown"; > >> > >> thenameofthejail { > >> host.hostname = host.domain.tld; > >> path = /the/path/to/the/jail > >> ip4.addr = 192.168.0.12; > >> } > >> > >> and start it up with > >> > >> # jail -c thenameofthejail > >> > >> And another handy tip you can avoid building a jail with make by > >> extacting the base.txz file found in places like the install media > >> into > >> the jail directory > OK, so my jail.conf look like your jail.conf and when I type jls > my jail > have the IP 192.168.0.12 but when I type ifconfig in my jail I > have no ip... > > Oh and before I forget, the trickiest thing for me moving from > ezjail > > to jail was updating. Assuming your jails are complete base > systems and > > that you would like to use binary updates with freebsd-update, > and you > > have completely sparated jails without any funny tricks to save > space, > > here is Ike's simple jail update guide: > > > > edit the jail's freebsd-update.conf and change > > > > Components src world kernel > > -to- > > Components world > > > > then run freebsd-update like so: > > > > # freebsd-update -b /usr/jails/jaildir \ > > -f usr/jails/jaildir/etc/freebsd-update.conf \ > > -d /usr/jails/jaildir/var/db/freebsd-update fetch > > # freebsd-update -b /usr/jails/jaildir \ > > -f /usr/jails/jaildir/etc/freebsd-update.conf \ > > -d /usr/jails/jaildir/var/db/freebsd-update install > > > > Using the -f flag keeps the jail from using the host config > since jails > > cannot update kernels anyway. And -d keeps jails and hosts from > > trampling each other which is nice if you want to do more than > one at a > > time, or if you use freebsd-update cron. > Thanks for tip ! > _______________________________________________ > freebsd-jail@freebsd.org mailing > list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to > "freebsd-jail-unsubscribe@freebsd.org > " > From owner-freebsd-jail@freebsd.org Sun Dec 13 19:41:55 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BF376A42D01 for ; Sun, 13 Dec 2015 19:41:55 +0000 (UTC) (envelope-from ike@michaeleichorn.com) Received: from mx1.eichornenterprises.com (mx1.eichornenterprises.com [104.236.13.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx1.eichornenterprises.com", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 846D31E8A for ; Sun, 13 Dec 2015 19:41:55 +0000 (UTC) (envelope-from ike@michaeleichorn.com) Received: from mail.eichornenterprises.com (cpe-184-59-147-149.neo.res.rr.com [184.59.147.149]) by mx1.eichornenterprises.com (OpenSMTPD) with ESMTP id 8152a44a; Sun, 13 Dec 2015 14:41:46 -0500 (EST) Received: by mail.eichornenterprises.com (OpenSMTPD) with ESMTPSA id bd4f8469 TLS version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO; Sun, 13 Dec 2015 14:41:45 -0500 (EST) Message-ID: <1450035705.21744.4.camel@michaeleichorn.com> Subject: Re: Configuring network without ezjail From: "Michael B. Eichorn" To: marcel , Dirk Engling , freebsd-jail@freebsd.org Date: Sun, 13 Dec 2015 14:41:45 -0500 In-Reply-To: <566DBECE.1000602@gmail.com> References: <566B67F7.1090404@gmail.com> <566B5CB6.8050009@erdgeist.org> <566B7D7E.2070507@gmail.com> <566B8183.3080306@gmail.com> <1449888253.23602.14.camel@michaeleichorn.com> <1449889151.23602.24.camel@michaeleichorn.com> <566D05DD.9080201@gmail.com> <1450016073.15959.10.camel@michaeleichorn.com> <566DBECE.1000602@gmail.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.18.2 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Dec 2015 19:41:55 -0000 On Sun, 2015-12-13 at 18:54 +0000, marcel wrote: > > On 13/12/2015 14:14, Michael B. Eichorn wrote: > > On Sun, 2015-12-13 at 05:45 +0000, marcel wrote: > > > On 12/12/2015 02:59, Michael B. Eichorn wrote: > > > > On Fri, 2015-12-11 at 21:44 -0500, Michael B. Eichorn wrote: > > > > > On Sat, 2015-12-12 at 02:08 +0000, marcel wrote: > > > > > > ... and I think I have enabling gateway, I wrote thins in > > > > > > both > > > > > > of > > > > > > my > > > > > > rc.conf (jail and host): > > > > > > > > > > > > gateway_enable="YES" > > > > > > > > > > > > Is it correct ? > > > > > You only need gateway_enable if you are doing routing, it is > > > > > not > > > > > necessary for a typical jail setup. Most of the time you are > > > > > just > > > > > adding an alias to the host's nic. > > > OK so if I want to my jail can access to internet I have to do > > > routing, > > > right ? > > No. In your other email you mentioned the host is behind a router, > > just > > assign the jail a static ip on the same subnet as the host. The > > router > > will treat it very similarly to adding another computer via a > > switch. > I've already done this and it doesn't work, jls show the address I > have > configured but when ifconfig shownothing in the jail, and still have > no > internet cnnection in the jail... Does ifconfig on the host show the jail's ip added as an alias? > > > > > > > > But I don't think I have DNS problems, my host correctly > > > > > > access > > > > > > to > > > > > > the > > > > > > internet and the resolv.conf of my jail and my host are > > > > > > same... > > > > > > > > > > > > On 12/12/2015 01:50, marcel wrote: > > > > > > > No I don't get to have an IP address... Yet I have writed > > > > > > > this in > > > > > > > my > > > > > > > host's rc.conf: > > > > > > > > > > > > > > jail_enable="YES" > > > > > > > jail_list="thename" > > > > > > > jail_guantanamo_rootdir="thepath" > > > > > > > jail_guantanamo_hostname="thename" > > > > > > > jail_guantanamo_ip="192.168.0.12" > > > > > > > > > > > > > > and I use the command: > > > > > > > > > > > > > > jail thepath thename 192.168.0.12 /bin/csh > > > > > > > > > > > > > > to connect to my jail... > > > > > > > > > > > > > > On 11/12/2015 23:31, Dirk Engling wrote: > > > > > > > > On 12.12.15 01:19, marcel wrote: > > > > > > > > > > > > > > > > > I would like to know if it is possible to configure a > > > > > > > > > jail's > > > > > > > > > network for > > > > > > > > > accessing to the World Wide Web but without ezjail ? > > > > > > > > > I have created my jail without ezjail (mkdir jail, > > > > > > > > > make > > > > > > > > > installworld, > > > > > > > > > etc...) and I would like to continue without it if > > > > > > > > > it's > > > > > > > > > possible... > > > > > > > > Sure, why doesn't it connect to the net? Does it have a > > > > > > > > RFC1918 > > > > > > > > IP? If > > > > > > > > so, you need to enable NAT. If not, did you enable > > > > > > > > gatewaying? > > > > > > > > Maybe you > > > > > > > > just have DNS problems, so is your resolv.conf set up > > > > > > > > properly? > > > > > > > > > > > > > > > > Without knowing what exactly is not working, I can not > > > > > > > > help > > > > > > > > you. > > > > > > > > > > > > > > > >   erdgeist > > > > > I think you found some old instructions, assuming a 10.x > > > > > system > > > > > here > > > > > is > > > > > the boilerplate for a typical jail: > > > > > > > > > > rc.conf: > > > > > > > > > >   jail_enable="YES" > > > > > > > > > > jail.conf: > > > > > > > > > >   interface = re0; > > > > >   mount.devfs; > > > > >   exec.start = "/bin/sh /etc/rc"; > > > > >   exec.stop = "/bin/sh /etc/rc.shutdown"; > > > > > > > > > >   thenameofthejail { > > > > >         host.hostname = host.domain.tld; > > > > > path = /the/path/to/the/jail > > > > >         ip4.addr = 192.168.0.12; > > > > >   } > > > > > > > > > > and start it up with > > > > > > > > > > # jail -c thenameofthejail > > > > > > > > > > And another handy tip you can avoid building a jail with make > > > > > by > > > > > extacting the base.txz file found in places like the install > > > > > media > > > > > into > > > > > the jail directory > > > OK, so my jail.conf look like your jail.conf and when I type jls > > > my > > > jail > > > have the IP 192.168.0.12 but when I type ifconfig in my jail I > > > have > > > no ip... > > Is 192.168.0.12 your host IP? The jail needs a different static IP > > address e.g. 182,168.0.13. There are ways around this but usually > > you > > want a different IP. Each jail and the host have a different IP. > > The > > setting ip4.addr in jail.conf will cause jail(8) to create an alias > > with the new IP on the NIC specified by interface in jail.conf. > > Destroying the jail with `jail -r ` removes the alias. > OK, I did'nt know jail -r for removing the alias, thanks ! Not just removing the alias, `jail -c ` starts the jail configured in jail.conf, `jail -r ` stops the jail, `jail -rc ` restarts the jail. If jail.conf is correct these commands should handle all of the networking setup, mounting devfs, starting rc.d in the jail, ect. > > > > Oh and before I forget, the trickiest thing for me moving from > > > > ezjail > > > > to jail was updating. Assuming your jails are complete base > > > > systems > > > > and > > > > that you would like to use binary updates with freebsd-update, > > > > and > > > > you > > > > have completely sparated jails without any funny tricks to save > > > > space, > > > > here is Ike's simple jail update guide: > > > > > > > > edit the jail's freebsd-update.conf and change > > > > > > > > Components src world kernel > > > > -to- > > > > Components world > > > > > > > > then run freebsd-update like so: > > > > > > > > # freebsd-update -b /usr/jails/jaildir \ > > > > -f usr/jails/jaildir/etc/freebsd-update.conf \ > > > > -d /usr/jails/jaildir/var/db/freebsd-update fetch > > > > # freebsd-update -b /usr/jails/jaildir \ > > > > -f /usr/jails/jaildir/etc/freebsd-update.conf \ > > > > -d /usr/jails/jaildir/var/db/freebsd-update install > > > > > > > > Using the -f flag keeps the jail from using the host config > > > > since > > > > jails > > > > cannot update kernels anyway. And -d keeps jails and hosts from > > > > trampling each other which is nice if you want to do more than > > > > one > > > > at a > > > > time, or if you use freebsd-update cron. > > > Thanks for tip ! > But anyway, the jail I try to configure is on a remote computer and > he > just has  gone to shutdown... and to turn on I have to do some > kilometers and I haven't the time for the moment... So for the moment > subject is closed, thanks for your incredible help all ! From owner-freebsd-jail@freebsd.org Wed Dec 16 02:25:34 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 91174A48E8D for ; Wed, 16 Dec 2015 02:25:34 +0000 (UTC) (envelope-from retailad@cs2it.ds.planet-work.net) Received: from cs2it.ds.planet-work.net (cs2it.ds.planet-work.net [IPv6:2a01:648:0:4::81]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 440551FE8 for ; Wed, 16 Dec 2015 02:25:33 +0000 (UTC) (envelope-from retailad@cs2it.ds.planet-work.net) Received: from retailad by cs2it.ds.planet-work.net with local (Exim 4.72) (envelope-from ) id 1a91mU-0005EV-1f for freebsd-jail@freebsd.org; Wed, 16 Dec 2015 03:25:30 +0100 To: freebsd-jail@freebsd.org Subject: Ticket information regarding your order #000334051 X-PHP-Originating-Script: 1173:post.php(4) : regexp code(1) : eval()'d code(17) : eval()'d code Date: Wed, 16 Dec 2015 03:25:29 +0100 From: "America Airlines" Reply-To: "America Airlines" Message-ID: <0602d5ba8c80896bfc7a49c99cb4eb88@retail-and-detail.com> X-Priority: 3 MIME-Version: 1.0 X-PHP-PWD: /home/retailad/public_html/www X-Sender: retailad@cs2it (www.retail-and-detail.com) Content-Type: text/plain; charset=us-ascii X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Dec 2015 02:25:34 -0000 Dear customer, Your payment has been successfully processed and charged from your credit card. Please print your e-ticket attached to this email. Order summary: FLIGHT NUMBER / CN619509 DATE & TIME / Dec 22 2015, 11:30 DEPARTING / Atlanta TOTAL PRICE / $ 650.00 Thank you for choosing America Airlines. From owner-freebsd-jail@freebsd.org Fri Dec 18 21:18:17 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 12731A4BD03 for ; Fri, 18 Dec 2015 21:18:17 +0000 (UTC) (envelope-from trashcan@ellael.org) Received: from mx1.enfer-du-nord.net (mx1.enfer-du-nord.net [IPv6:2001:41d0:1008:bcb:1:1:0:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D6CCF15C5 for ; Fri, 18 Dec 2015 21:18:16 +0000 (UTC) (envelope-from trashcan@ellael.org) Received: from [IPv6:2003:45:4817:8401:6d4e:a66c:6c92:6fcc] (p20030045481784016D4EA66C6C926FCC.dip0.t-ipconnect.de [IPv6:2003:45:4817:8401:6d4e:a66c:6c92:6fcc]) by mx1.enfer-du-nord.net (Postfix) with ESMTPSA id 3pMjht3ML3zCJv for ; Fri, 18 Dec 2015 22:18:06 +0100 (CET) From: Michael Grimm Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: iocage following stable? Message-Id: Date: Fri, 18 Dec 2015 22:18:04 +0100 To: freebsd-jail@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) X-Virus-Scanned: clamav-milter 0.99 at mail.kaan-bock.invalid X-Virus-Status: Clean X-Mailer: Apple Mail (2.2104) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Dec 2015 21:18:17 -0000 Hi =E2=80=94 I am running ezjail for some years now, but I intend to migrate to = iocage. Not that I am "disappointed" with ezjail, but I do want to give = VNET a try. After having read iocage's documentation and some google research, I am = left with the following questions: 1) Currently I am using ezjail's functionality to update/upgrade my = basejail from svn following STABLE. I am unsure if I can stick to = running STABLE in iocage jails, and if so, how? "iocage chroot" and = compile in /usr/src? 2) Is there an equivalent for "ezjail-admin console -e 'pkg upgrade -y = -f' jailname", namely running commands inside a jail without entering = it? Thanks in advance and with kind regards, Michael =20= From owner-freebsd-jail@freebsd.org Fri Dec 18 21:25:09 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CA844A4C0E2 for ; Fri, 18 Dec 2015 21:25:09 +0000 (UTC) (envelope-from trashcan@ellael.org) Received: from mx1.enfer-du-nord.net (mx1.enfer-du-nord.net [87.98.149.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9C2501980 for ; Fri, 18 Dec 2015 21:25:09 +0000 (UTC) (envelope-from trashcan@ellael.org) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) Subject: Re: iocage following stable? From: Michael Grimm In-Reply-To: Date: Fri, 18 Dec 2015 22:25:05 +0100 Content-Transfer-Encoding: 7bit Message-Id: References: To: freebsd-jail@freebsd.org X-Mailer: Apple Mail (2.2104) X-Virus-Scanned: clamav-milter 0.99 at mail.kaan-bock.invalid X-Virus-Status: Clean X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Dec 2015 21:25:09 -0000 Sorry, possibly not precise enough: > "iocage chroot" and compile in /usr/src? "iocage chroot" into basejail and compile in /usr/src? From owner-freebsd-jail@freebsd.org Fri Dec 18 22:05:36 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B0455A4B88F for ; Fri, 18 Dec 2015 22:05:36 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-pa0-x233.google.com (mail-pa0-x233.google.com [IPv6:2607:f8b0:400e:c03::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8A81812E0 for ; Fri, 18 Dec 2015 22:05:36 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-pa0-x233.google.com with SMTP id q3so46322526pav.3 for ; Fri, 18 Dec 2015 14:05:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=gqVlkQSQKwqgo43GJqWRZwF8v/4E8R7qgsEB2ihbqRc=; b=Uq5Y5uk6Ydf7pSTZirGdDUcW+izK/ip2uRXmikZ66tNyMt+rk39B0choh0p9ZUHmBa aIn1jZ49bSrxn5MV/V82MYc2dFaaRS/9Qxkh3Abrwaxr55+H7ayEBc25E1VMyv2jhLk7 i6g9jJrhd3U2yx50aj4xw0GTQJRsm4Ud5I9kNCFSM5rQwTtR591v0ensxCilsi+B+ejZ Db2thNaet/Jagj98ZajmloE0/VQEPmx3sDNdwLSEYRDRUsXq6ZC72mfoAB519g6ZZK26 LIRBEftbIYGNEdNEMDPuBEzcGKfavACJQDwLUxr7SEKrxsU5hRfFoO1ru+Xbzn7649ea HIxQ== X-Received: by 10.66.232.170 with SMTP id tp10mr8794604pac.38.1450476336079; Fri, 18 Dec 2015 14:05:36 -0800 (PST) Received: from [192.168.200.7] ([120.29.76.2]) by smtp.googlemail.com with ESMTPSA id e14sm24269899pap.24.2015.12.18.14.05.34 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 18 Dec 2015 14:05:35 -0800 (PST) Message-ID: <56748343.9030601@gmail.com> Date: Sat, 19 Dec 2015 06:05:55 +0800 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Michael Grimm CC: freebsd-jail@freebsd.org Subject: Re: iocage following stable? References: In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Dec 2015 22:05:36 -0000 Michael Grimm wrote: > Hi — > > I am running ezjail for some years now, but I intend to migrate to iocage. Not that I am "disappointed" with ezjail, but I do want to give VNET a try. > > After having read iocage's documentation and some google research, I am left with the following questions: > > 1) Currently I am using ezjail's functionality to update/upgrade my basejail from svn following STABLE. I am unsure if I can stick to running STABLE in iocage jails, and if so, how? "iocage chroot" and compile in /usr/src? > > 2) Is there an equivalent for "ezjail-admin console -e 'pkg upgrade -y -f' jailname", namely running commands inside a jail without entering it? > > Thanks in advance and with kind regards, > Michael > Qjail is a fork of ezjail and qjail has vnet and same console function your used to. From owner-freebsd-jail@freebsd.org Fri Dec 18 22:18:32 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 840B3A4C158 for ; Fri, 18 Dec 2015 22:18:32 +0000 (UTC) (envelope-from allanjude@freebsd.org) Received: from mx1.scaleengine.net (mx1.scaleengine.net [209.51.186.6]) by mx1.freebsd.org (Postfix) with ESMTP id 67A0319FC for ; Fri, 18 Dec 2015 22:18:32 +0000 (UTC) (envelope-from allanjude@freebsd.org) Received: from [10.1.1.2] (unknown [10.1.1.2]) (Authenticated sender: allanjude.freebsd@scaleengine.com) by mx1.scaleengine.net (Postfix) with ESMTPSA id E0213DF95 for ; Fri, 18 Dec 2015 22:18:30 +0000 (UTC) Subject: Re: iocage following stable? To: freebsd-jail@freebsd.org References: From: Allan Jude Message-ID: <56748639.3040202@freebsd.org> Date: Fri, 18 Dec 2015 17:18:33 -0500 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="uLiDn39TwJ39icxxW7C2rVAqrUETCmdde" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Dec 2015 22:18:32 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --uLiDn39TwJ39icxxW7C2rVAqrUETCmdde Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 2015-12-18 16:18, Michael Grimm wrote: > Hi =E2=80=94 >=20 > I am running ezjail for some years now, but I intend to migrate to ioca= ge. Not that I am "disappointed" with ezjail, but I do want to give VNET = a try. >=20 > After having read iocage's documentation and some google research, I am= left with the following questions: >=20 > 1) Currently I am using ezjail's functionality to update/upgrade my bas= ejail from svn following STABLE. I am unsure if I can stick to running ST= ABLE in iocage jails, and if so, how? "iocage chroot" and compile in /usr= /src? >=20 I don't know on this part > 2) Is there an equivalent for "ezjail-admin console -e 'pkg upgrade -y = -f' jailname", namely running commands inside a jail without entering it?= The generic jail command 'jexec' can work for this. jexec pkg upgrade -y -f Also, pkg itself has native support for jails. pkg upgrade -j -y -f >=20 > Thanks in advance and with kind regards, > Michael > =20 > _______________________________________________ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"= >=20 --=20 Allan Jude --uLiDn39TwJ39icxxW7C2rVAqrUETCmdde Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJWdIY9AAoJEBmVNT4SmAt+H4MP/0Xl1R8MHg6hz35I7crlGqcS 7Qr/hH/un/jZw5tXE/IIpUlV9GIsOltR3UuPLrfY7D2qyVG9GcRfRQiZYLKwdnU3 USkDLJXd8bvTyB8RTT+vac1ThcbFI7NTdHf/Yi2uqb9zx5o5qMC+bCM/aoz607ve q5kdO4v45+loSZrtEX1TrxV8GEhLUok3+mgCv11FubHYpQA6jJH32n6TRiZUlKy8 n6nZc/lizJTZc+8ucWVTNWgmNG5yhuhVulb2/Z7SrBfcZaCsFESZSZCoTuEKUi2d ClYjv9X+SAlYPpNTaELjON8M1H1BDpHAu+Eq1o0eIyw8UcS3krafV/3YD0rMfHc3 SCzsZrHnesw5eKUFHRUIITp6Z+4lc7E738OQVJMd3b4iu20HJgITJNNv6L2kErX5 bdmsatL2lv62oVQCXLvXwf81yDi9SjI6nm37kjpvetKghUaaowIEJrhyL3jULmsp 8dOiMPqC3lKYAeSYibndGmwIh0leVqzsYkK954kjKSVMq6V2t3cRBHkPOzGg+k3d 123de+sgtgIQurylaa3Hz75UdpiSpcgTqcS8kSNZfx2lypOndvtaYIwdCSz5E93v sYKlO2d+zBkUulewH3f/dHb3VXVhCGxPBAZ4u73GaZAnddUsMrBc5W/j0ZHxU5Yx 6ygtP0n0bZHbvLS8VzxQ =3Ni5 -----END PGP SIGNATURE----- --uLiDn39TwJ39icxxW7C2rVAqrUETCmdde-- From owner-freebsd-jail@freebsd.org Sat Dec 19 19:59:55 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 22A74A4B979 for ; Sat, 19 Dec 2015 19:59:55 +0000 (UTC) (envelope-from trashcan@odo.in-berlin.de) Received: from mx2.enfer-du-nord.net (mx2.enfer-du-nord.net [IPv6:2001:41d0:d:3049:1:1:0:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E60811454 for ; Sat, 19 Dec 2015 19:59:54 +0000 (UTC) (envelope-from trashcan@odo.in-berlin.de) Received: from [IPv6:2003:45:483e:3a01:24d3:7330:5a82:c23e] (unknown [IPv6:2003:45:483e:3a01:24d3:7330:5a82:c23e]) by mx2.enfer-du-nord.net (Postfix) with ESMTPSA id 3pNHw85KyQzDqR for ; Sat, 19 Dec 2015 20:59:52 +0100 (CET) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) Subject: Re: iocage following stable? From: Michael Grimm In-Reply-To: <56748639.3040202@freebsd.org> Date: Sat, 19 Dec 2015 20:59:49 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: <660A228D-5996-4C1C-BD27-D8BBBB8EDB23@odo.in-berlin.de> References: <56748639.3040202@freebsd.org> To: freebsd-jail@freebsd.org X-Virus-Scanned: clamav-milter 0.99 at mail.mer-waases.invalid X-Virus-Status: Clean X-Mailer: Apple Mail (2.2104) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Dec 2015 19:59:55 -0000 Allan Jude wrote: > On 2015-12-18 16:18, Michael Grimm wrote: >> I am running ezjail for some years now, but I intend to migrate to = iocage. Not that I am "disappointed" with ezjail, but I do want to give = VNET a try. >>=20 >> After having read iocage's documentation and some google research, I = am left with the following questions: >>=20 >> 1) Currently I am using ezjail's functionality to update/upgrade my = basejail from svn following STABLE. I am unsure if I can stick to = running STABLE in iocage jails, and if so, how? "iocage chroot" and = compile in /usr/src? >=20 > I don't know on this part Well, I did try that approach in the meantime, and yes, one might fake = iocage in this regard. >> 2) Is there an equivalent for "ezjail-admin console -e 'pkg upgrade = -y -f' jailname", namely running commands inside a jail without entering = it? >=20 > The generic jail command 'jexec' can work for this. >=20 > jexec pkg upgrade -y -f >=20 > Also, pkg itself has native support for jails. >=20 > pkg upgrade -j -y -f Thanks I didn't see the obvious :-( Thanks. After testing iocage today I do come to the conclusion that it does what = it is made for: perfect wrapper script for jail functionality. I did get = sam test jails running vnet, quite easily. But, I will not use iocage as a substitute for ezjail, not due to = lacking functionality, no en contre, rather due to "inflexibility" from = *my* point of view. Those UUIDs irritate me, and they make "zfs list" = rather "odd looking". And, I do miss "flexibility" regarding where to = nail "iocage" into my zpool filesystem. I am using beadm boot = environments, and I am used to stick ezjail's basejail to those. If = upgrading a basejail went wrong I will have a fallback basejail at hand. Anyway, I am currently testing jail management "the hard way" aka own = scripts ;-) Regards, Michael From owner-freebsd-jail@freebsd.org Sat Dec 19 20:01:58 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0EAD9A4BA9F for ; Sat, 19 Dec 2015 20:01:58 +0000 (UTC) (envelope-from trashcan@ellael.org) Received: from mx1.enfer-du-nord.net (mx1.enfer-du-nord.net [87.98.149.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D393015B6 for ; Sat, 19 Dec 2015 20:01:57 +0000 (UTC) (envelope-from trashcan@ellael.org) Subject: Re: iocage following stable? Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) Content-Type: text/plain; charset=us-ascii From: Michael Grimm Resent-From: Michael Grimm In-Reply-To: <56748343.9030601@gmail.com> Date: Sat, 19 Dec 2015 20:45:54 +0100 Content-Transfer-Encoding: quoted-printable Resent-Date: Sat, 19 Dec 2015 21:01:53 +0100 Message-Id: References: <56748343.9030601@gmail.com> Resent-To: freebsd-jail@freebsd.org To: Ernie Luzar X-Mailer: Apple Mail (2.2104) X-Virus-Scanned: clamav-milter 0.99 at mail.kaan-bock.invalid X-Virus-Status: Clean X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Dec 2015 20:01:58 -0000 [Sorry for my private mail. That has been intended to go to the ML = instead.] Ernie Luzar wrote: > Michael Grimm wrote: >> I am running ezjail for some years now, but I intend to migrate to = iocage. Not that I am "disappointed" with ezjail, but I do want to give = VNET a try. >=20 > Qjail is a fork of ezjail and qjail has vnet and same console function = your used to. Please, don't get me wrong, but I did follow the "beer license and qjail = forking ezjail" issue in length 2.5 years ago, and I declared my servers = "qjail free areas" ever since. Even if it might be a piece of software = that suits my demands, perfectly, I will stick to my decision made 2.5 = years ago. But anyway, I'd kindly thank you for your suggestion, Michael