From owner-freebsd-jail@freebsd.org Wed Oct 9 11:43:04 2019 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C66AA14963E for ; Wed, 9 Oct 2019 11:43:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 46pC5N4rs9z4Jch for ; Wed, 9 Oct 2019 11:43:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id A672E14963D; Wed, 9 Oct 2019 11:43:04 +0000 (UTC) Delivered-To: jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A632514963C for ; Wed, 9 Oct 2019 11:43:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46pC5N3xLnz4Jcg for ; Wed, 9 Oct 2019 11:43:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6BBE2FFE7 for ; Wed, 9 Oct 2019 11:43:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id x99Bh4iK091770 for ; Wed, 9 Oct 2019 11:43:04 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id x99Bh4jI091768 for jail@FreeBSD.org; Wed, 9 Oct 2019 11:43:04 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 240106] VNET issue with ARP and routing sockets in jails Date: Wed, 09 Oct 2019 11:43:04 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: lan@zato.ru X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Oct 2019 11:43:04 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D240106 Alexander Lunev changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lan@zato.ru --- Comment #3 from Alexander Lunev --- I think that bug that I wanted to report is somewhat similar, all main acto= rs - VNET, jails and ARP - are the same. So I have a problem with network connectivity between jails and host when u= sing jails with VNET and VLANs.=20 I've written about it to freebsd-net@ mailing list:=20 threads:=20 https://lists.freebsd.org/pipermail/freebsd-net/2019-September/054391.html https://lists.freebsd.org/pipermail/freebsd-net/2019-October/054437.html There's a topic on FreeBSD forums, which confirms this and once again expla= in the configuration with which this problem occuring, and in in great detail,= but author has "solved" his problem by simply not using configuration when you bridge physical interface with jail's VNET interface and not using jail's V= NET interface with VLANs.=20 https://forums.freebsd.org/threads/bridge-epair-not-passing-through-tagged-= vlan-traffic-between-host-and-vnet-jail.71646/ I'll add some more observation here. I recreated configuration in a virtual machine, as i wrote in my last message to freebsd-net@ here: https://lists.freebsd.org/pipermail/freebsd-net/2019-October/054475.html. Jail's vlan interface IP is 10.15.15.2 and host's vlan interface IP is 10.15.15.1. Both jail and host have no ARP entries about each other address= es.=20 So I ping from 10.15.15.2 to 10.15.15.1.=20 1. in initial configuration, I see this on em0:=20 HOST# tcpdump -i em0 -e | grep 10.15.15 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes 08:57:52.051429 02:95:ce:33:dc:0b (oui Unknown) > Broadcast, ethertype 802.= 1Q (0x8100), length 46: vlan 22, p 0, ethertype ARP, Request who-has 10.15.15.1 tell 10.15.15.2, length 28 08:57:53.071451 02:95:ce:33:dc:0b (oui Unknown) > Broadcast, ethertype 802.= 1Q (0x8100), length 46: vlan 22, p 0, ethertype ARP, Request who-has 10.15.15.1 tell 10.15.15.2, length 28 08:57:54.101515 02:95:ce:33:dc:0b (oui Unknown) > Broadcast, ethertype 802.= 1Q (0x8100), length 46: vlan 22, p 0, ethertype ARP, Request who-has 10.15.15.1 tell 10.15.15.2, length 28 2. then I added ARP entry in jail:=20 JAIL# arp -s 10.15.15.1 00:0c:29:2f:6c:08 HOST# tcpdump -i em0 -e | grep 10.15.15 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes 09:07:10.321257 00:0c:29:2f:6c:08 (oui Unknown) > Broadcast, ethertype 802.= 1Q (0x8100), length 46: vlan 22, p 0, ethertype ARP, Request who-has 10.15.15.2 tell 10.15.15.1, length 28 09:07:11.391300 00:0c:29:2f:6c:08 (oui Unknown) > Broadcast, ethertype 802.= 1Q (0x8100), length 46: vlan 22, p 0, ethertype ARP, Request who-has 10.15.15.2 tell 10.15.15.1, length 28 09:07:12.415232 00:0c:29:2f:6c:08 (oui Unknown) > Broadcast, ethertype 802.= 1Q (0x8100), length 46: vlan 22, p 0, ethertype ARP, Request who-has 10.15.15.2 tell 10.15.15.1, length 28 3. then I added jail ARP entry to host:=20 HOST# arp -s 10.15.15.2 02:95:ce:33:dc:0b and ICMP requests started to pass from jail to host, and vlan22 interface on host receiving packets and sending replies:=20 HOST# tcpdump -i vlan22 -e | grep 10.15.15 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vlan22, link-type EN10MB (Ethernet), capture size 262144 bytes 09:37:11.517054 02:95:ce:33:dc:0b (oui Unknown) > 00:0c:29:2f:6c:08 (oui Unknown), ethertype IPv4 (0x0800), length 98: 10.15.15.2 > 10.15.15.1: ICMP echo request, id 25864, seq 0, length 64 09:37:11.517063 00:0c:29:2f:6c:08 (oui Unknown) > 02:95:ce:33:dc:0b (oui Unknown), ethertype IPv4 (0x0800), length 98: 10.15.15.1 > 10.15.15.2: ICMP echo reply, id 25864, seq 0, length 64 but i don't see them on host's epair0a interface, bridged with em0 in bridg= e0, there are only requests on epair0a:=20 HOST# tcpdump -i epair0a -e | grep 10.15.15 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on epair0a, link-type EN10MB (Ethernet), capture size 262144 bytes 09:40:44.178363 02:95:ce:33:dc:0b (oui Unknown) > 00:0c:29:2f:6c:08 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 22, p 0, ethertype IP= v4, 10.15.15.2 > 10.15.15.1: ICMP echo request, id 32264, seq 0, length 64 09:40:45.221713 02:95:ce:33:dc:0b (oui Unknown) > 00:0c:29:2f:6c:08 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 22, p 0, ethertype IP= v4, 10.15.15.2 > 10.15.15.1: ICMP echo request, id 32264, seq 1, length 64 09:40:46.253079 02:95:ce:33:dc:0b (oui Unknown) > 00:0c:29:2f:6c:08 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 22, p 0, ethertype IP= v4, 10.15.15.2 > 10.15.15.1: ICMP echo request, id 32264, seq 2, length 64 and on em0 i see only replies: HOST# tcpdump -i em0 -e | grep 10.15.15 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes 09:41:11.092092 00:0c:29:2f:6c:08 (oui Unknown) > 02:95:ce:33:dc:0b (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 22, p 0, ethertype IP= v4, 10.15.15.1 > 10.15.15.2: ICMP echo reply, id 34568, seq 0, length 64 09:41:12.096310 00:0c:29:2f:6c:08 (oui Unknown) > 02:95:ce:33:dc:0b (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 22, p 0, ethertype IP= v4, 10.15.15.1 > 10.15.15.2: ICMP echo reply, id 34568, seq 1, length 64 09:41:13.121890 00:0c:29:2f:6c:08 (oui Unknown) > 02:95:ce:33:dc:0b (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 22, p 0, ethertype IP= v4, 10.15.15.1 > 10.15.15.2: ICMP echo reply, id 34568, seq 2, length 64 and on bridge interface nor requests nor replies are shown.=20 HOST# tcpdump -i bridge0 -e | grep 10.15.15 ... silince ... Is it normal and I'm doing something wrong?=20 I wanted to make jails act as the normal freebsd host with one dedicated VN= ET interface with VLANs. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-jail@freebsd.org Thu Oct 10 15:54:57 2019 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 24843142471 for ; Thu, 10 Oct 2019 15:54:57 +0000 (UTC) (envelope-from ashley.garvin@oceanwebdigitalsolutions.com) Received: from n1nlsmtp03.shr.prod.ams1.secureserver.net (n1nlsmtp03.shr.prod.ams1.secureserver.net [188.121.43.193]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "relay-hosting.secureserver.net", Issuer "Starfield Secure Certificate Authority - G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46pwdX1V23z4GRZ for ; Thu, 10 Oct 2019 15:54:55 +0000 (UTC) (envelope-from ashley.garvin@oceanwebdigitalsolutions.com) Received: from n3plcpnl0011.prod.ams3.secureserver.net ([160.153.146.156]) by : HOSTING RELAY : with ESMTP id Iadwi0D7CLoCYIadwip7Sn; Thu, 10 Oct 2019 08:46:20 -0700 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=oceanwebdigitalsolutions.com; s=default; h=Content-Type:MIME-Version: Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=1IVz+bowF5TLAwGeY/HLu4JmedH7s2yfq0X8GmxfJA8=; b=sZBHycymVzNJ50pDrNzjX9dUW jzOvDj+AencurUhImWWggazeU4QfcSGUh8Fnpolya3hpVf3qZVciHnPOzxyU/pEy74eCFkqYMsG77 J8yyfIke1ohwQyUN7m7Jd4Te1CFK07qQYvIa9OXtObi/HM20TUKX8dafB6enxNkyGrdk87VUOzly1 Hv78DuZIDhViLysr7N5z2JB5g11eCZpNR2NwyKgBgp9RvzVs/eXhxvUQSeq51yKNCdwT7IJhvZq00 CBSCdjIXubDHcK85pb897Uzl1hBdv9/6j2p0R3ukqvb1fBP3/th3fN5TQg3OWOogoKY+G85md9Lxs OUNF831yQ==; Received: from [5.8.30.21] (port=51250 helo=WS40) by n3plcpnl0011.prod.ams3.secureserver.net with esmtpsa (TLSv1:ECDHE-RSA-AES256-SHA:256) (Exim 4.92) (envelope-from ) id 1iIadv-00B2xN-Pj for freebsd-jail@freebsd.org; Thu, 10 Oct 2019 08:46:20 -0700 From: "Ashley Garvin" To: Subject: Southwest Dental Conference 2019 Date: Thu, 10 Oct 2019 21:16:40 +0530 Message-ID: <03fc01d57f81$eb0f12c0$c12d3840$@oceanwebdigitalsolutions.com> MIME-Version: 1.0 X-Priority: 1 (Highest) X-MSMail-Priority: High X-Mailer: Microsoft Outlook 15.0 Importance: High Thread-Index: AdV/gegO7N4DMasbS/ew8UTklLywZg== Content-Language: en-us X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - n3plcpnl0011.prod.ams3.secureserver.net X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - oceanwebdigitalsolutions.com X-Get-Message-Sender-Via: n3plcpnl0011.prod.ams3.secureserver.net: authenticated_id: ashley.garvin@oceanwebdigitalsolutions.com X-Authenticated-Sender: n3plcpnl0011.prod.ams3.secureserver.net: ashley.garvin@oceanwebdigitalsolutions.com X-Source: X-Source-Args: X-Source-Dir: X-CMAE-Envelope: MS4wfI1ntCWQ/ouk5MZvNgqQ+2qVL9YYyoJzeBRK3MOQFwRQi6SpabXDyTeEnD5LCwzwc6swwwUMkKsB/e1csmVEKk5svsiIRafGWYf3afzNma+eoXjGF5Xh pFdFJ3KXyKISKYdCjdsmlBtVnzsdENTX/i9G7ad5bTKHjcAd45dJTUeoJ8AlJUSYw/+NHVOksm2tm6OsXwTt/lnHeXqVlju4v2sAkm5cogwESDHMJIhWvyU8 257Y1TKVMDj3KMNoNO2Tig== X-Rspamd-Queue-Id: 46pwdX1V23z4GRZ X-Spamd-Bar: ++++ Authentication-Results: mx1.freebsd.org; dkim=none (invalid DKIM record) header.d=oceanwebdigitalsolutions.com header.s=default header.b=sZBHycym; dmarc=none; spf=none (mx1.freebsd.org: domain of ashley.garvin@oceanwebdigitalsolutions.com has no SPF policy when checking 188.121.43.193) smtp.mailfrom=ashley.garvin@oceanwebdigitalsolutions.com X-Spamd-Result: default: False [4.97 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; RWL_MAILSPIKE_GOOD(0.00)[193.43.121.188.rep.mailspike.net : 127.0.0.18]; HAS_X_SOURCE(0.00)[]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[oceanwebdigitalsolutions.com:~]; HAS_X_ANTIABUSE(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; HAS_X_PRIO_ONE(0.00)[1]; ASN(0.00)[asn:26496, ipnet:188.121.40.0/22, country:US]; MID_RHS_MATCH_FROM(0.00)[]; HAS_X_AS(0.00)[ashley.garvin@oceanwebdigitalsolutions.com]; ARC_NA(0.00)[]; RECEIVED_SPAMHAUS_XBL(5.00)[156.146.153.160.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.4]; NEURAL_HAM_MEDIUM(-0.66)[-0.661,0]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; DMARC_NA(0.00)[oceanwebdigitalsolutions.com]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(0.09)[ip: (0.12), ipnet: 188.121.40.0/22(0.19), asn: 26496(0.17), country: US(-0.05)]; NEURAL_SPAM_LONG(0.65)[0.648,0]; RCVD_IN_DNSWL_NONE(0.00)[193.43.121.188.list.dnswl.org : 127.0.5.0]; R_DKIM_PERMFAIL(0.00)[oceanwebdigitalsolutions.com:s=default]; R_SPF_NA(0.00)[]; HAS_X_GMSV(0.00)[ashley.garvin@oceanwebdigitalsolutions.com]; RCVD_TLS_ALL(0.00)[]; GREYLIST(0.00)[pass,body] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Oct 2019 15:54:57 -0000 Hi, We are providing the Attendees list of Southwest Dental Conference 2019 With 11,000 visitors. If you are interested, please let me know your thoughts, so that I can send you the pricing for it. Best Regards, Best Regards, Ashley Garvin - Business Analyst If you do not wish to hear from us again, please respond back with and we will honour your request From owner-freebsd-jail@freebsd.org Fri Oct 11 12:24:16 2019 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4EB7D14C2EF for ; Fri, 11 Oct 2019 12:24:16 +0000 (UTC) (envelope-from lan@zato.ru) Received: from mail.zato.ru (mail.zato.ru [178.255.248.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.zato.ru", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46qRvy4W3Wz4T27 for ; Fri, 11 Oct 2019 12:24:14 +0000 (UTC) (envelope-from lan@zato.ru) Received: from startsnto.ru ([81.200.243.105] helo=[192.168.175.30]) by mail.zato.ru with esmtpsa (TLSv1.2:AES128-SHA:128) (Exim 4.84 (FreeBSD)) (envelope-from ) id 1iItxr-00037E-1g for freebsd-jail@freebsd.org; Fri, 11 Oct 2019 15:24:12 +0300 To: freebsd-jail@freebsd.org From: "Alexander N. Lunev" Message-ID: <2a606e15-20bb-0976-213e-b83294a6f504@zato.ru> Date: Fri, 11 Oct 2019 15:24:04 +0300 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: ru Content-Transfer-Encoding: 7bit X-SA-Exim-Connect-IP: 81.200.243.105 X-SA-Exim-Mail-From: lan@zato.ru X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mail.zato.local X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=unavailable autolearn_force=no version=3.4.2 Subject: databases/mongodb36 in jail - Failed to mlock: Operation not permitted X-SA-Exim-Version: 4.2 X-SA-Exim-Scanned: Yes (on mail.zato.ru) X-Rspamd-Queue-Id: 46qRvy4W3Wz4T27 X-Spamd-Bar: ------ X-Spamd-Result: default: False [-6.73 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[zato.ru:s=mailserverdkimkey]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:178.255.248.12]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-3.73)[ip: (-9.81), ipnet: 178.255.248.0/24(-4.91), asn: 56868(-3.93), country: RU(0.01)]; DKIM_TRACE(0.00)[zato.ru:+]; DMARC_POLICY_ALLOW(-0.50)[zato.ru,reject]; RECEIVED_SPAMHAUS_PBL(0.00)[105.243.200.81.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:56868, ipnet:178.255.248.0/24, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Oct 2019 12:24:16 -0000 Hello everybody. I want to run MongoDB 3.6 in a jail, and stuck in a bug with mlock. # uname -a FreeBSD foo.zato.local 12.1-PRERELEASE FreeBSD 12.1-PRERELEASE r352266 GENERIC amd64 # pkg install mongodb36 ... # sysrc mongod_enable="YES" # service mongod start Then connect to mongo from shell and try to add user like they say in tutorial https://docs.mongodb.com/v3.6/tutorial/enable-authentication/ : # mongo MongoDB shell version v3.6.13 connecting to: mongodb://127.0.0.1:27017/?gssapiServiceName=mongodb Implicit session: session { "id" : UUID("1e9f8ba6-4882-4453-a6ac-89c51edb3269") } MongoDB server version: 3.6.13 Welcome to the MongoDB shell. ... skip warnings ... > use admin switched to db admin > db.createUser( ... { ... user: "newAdmin", ... pwd: "abc123", ... roles: [ { role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase" ] ... } ... ) Successfully added user: { "user" : "newAdmin", "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" }, "readWriteAnyDatabase" ] } > bye Then try to login using newly created user: # mongo -u newAdmin -p abc123 MongoDB shell version v3.6.13 connecting to: mongodb://127.0.0.1:27017/?gssapiServiceName=mongodb 2019-10-11T15:17:37.223+0300 F - [thread1] Failed to mlock: Operation not permitted 2019-10-11T15:17:37.224+0300 F - [thread1] Fatal Assertion 28832 at src/mongo/base/secure_allocator.cpp 249 2019-10-11T15:17:37.226+0300 F - [thread1] ***aborting after fassert() failure 2019-10-11T15:17:37.229+0300 F - [thread1] Got signal: 6 (Abort trap). 0x28a40b9 0x28a397b 0x802fda3c0 ----- BEGIN BACKTRACE ----- {"backtrace":[{"b":"1021000","o":"18830B9","s":"_ZN5mongo15printStackTraceERNSt3__113basic_ostreamIcNS0_11char_traitsIcEEEE"},{"b":"1021000","o":"188297B","s":"_ZN5mongo29reportOutOfMemoryErrorAndExitEv"},{"b":"802FC6000","o":"143C0","s":"_pthread_sigmask"}],"processInfo":{ "mongodbVersion" : "3.6.13", "gitVersion" : "db3c76679b7a3d9b443a0e1b3e45ed02b88c539f", "compiledModules" : [], "uname" : { "sysname" : "FreeBSD", "release" : "12.1-PRERELEASE", "version" : "FreeBSD 12.1-PRERELEASE r352266 GENERIC", "machine" : "amd64" } }} mongo(_ZN5mongo15printStackTraceERNSt3__113basic_ostreamIcNS0_11char_traitsIcEEEE+0x39) [0x28a40b9] mongo(_ZN5mongo29reportOutOfMemoryErrorAndExitEv+0x15B) [0x28a397b] libthr.so.3(_pthread_sigmask+0x530) [0x802fda3c0] ----- END BACKTRACE ----- This will work if not in jail. mongod is running with --setParameter=disabledSecureAllocatorDomains=*: /usr/local/bin/mongod --logpath /var/db/mongodb/mongod.log --logappend --setParameter=disabledSecureAllocatorDomains=* --config /usr/local/etc/mongodb.conf --dbpath /var/db/mongodb --fork Is it a bug, or I need to tinker with jail parameters somehow? -- Best regards, Alexander Lunev