From owner-freebsd-jail@FreeBSD.ORG Sun Jun 3 23:25:19 2007 Return-Path: X-Original-To: freebsd-jail@freebsd.org Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8668C16A421 for ; Sun, 3 Jun 2007 23:25:19 +0000 (UTC) (envelope-from pfraser@gmail.com) Received: from mu-out-0910.google.com (mu-out-0910.google.com [209.85.134.186]) by mx1.freebsd.org (Postfix) with ESMTP id 184E113C46C for ; Sun, 3 Jun 2007 23:25:18 +0000 (UTC) (envelope-from pfraser@gmail.com) Received: by mu-out-0910.google.com with SMTP id w9so1291891mue for ; Sun, 03 Jun 2007 16:25:17 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=cXVQP8hMTdwa427LSQAxu+nWc2QniCO/QmA9srqkvy1WdS8XqRjYtN1jhkDgaZqW2l1rGy/5dBO33ZPiZXxNDfX/+xlnlq7wkVdG5jdD48/mVBuWeaPVGNeP6f2maFZzXfKcdGYWBX7BqTE16+8pLwEQ/Kc1nII4dawPQSMyNJQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=tRjGu5G7fU+X2FLzrftoTiyNkG2qGV5xueV3E4yRHyOODxc2AFDLEgWGzdGNPGhQDrY8Un2iaz+KQxWTfBeCW5hb6gm2ihxIEM6Ut80EVkrU0EkhYtVlvgkYHiGsZ38pef2sOvrn1hNzLFszfuYn52YAaMUw1LT5CC+fMKm6Zkc= Received: by 10.82.189.6 with SMTP id m6mr4766944buf.1180911455465; Sun, 03 Jun 2007 15:57:35 -0700 (PDT) Received: by 10.82.191.11 with HTTP; Sun, 3 Jun 2007 15:57:35 -0700 (PDT) Message-ID: Date: Mon, 4 Jun 2007 08:57:35 +1000 From: "Paul Fraser" To: freebsd-jail@freebsd.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: Subject: isc-dhcp3-server in a jail? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Jun 2007 23:25:19 -0000 Hi all, I'm playing around a bit with jails here, and have decided to try and set one up to run simply the "essential" network services - namely bind and dhcpd. I've managed to get bind working fine within the jail I've set up, but damned if I can get dhcpd to. Here's what's happening: I've build dhcpd with support for sockets, as required to run in a jail. I've then specified in rc.conf I want dhcpd to start and to listen on interface re0 (the Realtek Gig-E card in the jail host). I start dhcpd (/usr/local/etc/rc.d/isc-dhcpd start;) and get the following: Starting dhcpd. Internet Systems Consortium DHCP Server V3.0.5 Copyright 2004-2006 Internet Systems Consortium. All rights reserved. For info, please visit http://www.isc.org/sw/dhcp/ Wrote 0 deleted host decls to leases file. Wrote 0 new dynamic host decls to leases file. Wrote 0 leases to leases file. Listening on Socket/re0/192.168.72/24 Sending on Socket/re0/192.168.72/24 Now that does appear to be the correct network, but when I try and obtain a lease on any client machines on this network, I fail. Can anybody offer any insight into this? -- Regards, Paul Fraser http://furyc0de.net/ From owner-freebsd-jail@FreeBSD.ORG Mon Jun 4 12:51:17 2007 Return-Path: X-Original-To: freebsd-jail@freebsd.org Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id AB6BE16A46E for ; Mon, 4 Jun 2007 12:51:17 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from mesiob.obspm.fr (mesiob.obspm.fr [145.238.2.2]) by mx1.freebsd.org (Postfix) with ESMTP id 33CA213C43E for ; Mon, 4 Jun 2007 12:51:17 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from localhost (pcjas.obspm.fr [145.238.2.126]) by mesiob.obspm.fr (8.13.4/8.13.4/SIO Observatoire de Paris) with ESMTP id l54CpFrb008077 for ; Mon, 4 Jun 2007 14:51:15 +0200 Date: Mon, 4 Jun 2007 14:51:15 +0200 From: Albert Shih To: freebsd-jail@freebsd.org Message-ID: <20070604125115.GD7167@pcjas.obspm.fr> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.15 (2007-04-06) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (mesiob.obspm.fr [145.238.2.2]); Mon, 04 Jun 2007 14:51:15 +0200 (CEST) X-Virus-Scanned: ClamAV version 0.90.2, clamav-milter version 0.90.2 on mesiob.obspm.fr X-Virus-Status: Clean Subject: -u option for jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Albert.Shih@obspm.fr List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Jun 2007 12:51:17 -0000 Hi all Maybe my question is stupid, but is there any possibility to use -u user (user != root) in the /etc/rc.conf for launch a jail with a specific user ? For example, can we have for any jail a different user ? Regards. -- Albert SHIH Observatoire de Paris Meudon SIO batiment 15 Heure local/Local time: Lun 4 jui 2007 14:49:10 CEST From owner-freebsd-jail@FreeBSD.ORG Fri Jun 8 00:27:57 2007 Return-Path: X-Original-To: freebsd-jail@freebsd.org Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 33BB616A468 for ; Fri, 8 Jun 2007 00:27:57 +0000 (UTC) (envelope-from scrappy@freebsd.org) Received: from hub.org (hub.org [200.46.204.220]) by mx1.freebsd.org (Postfix) with ESMTP id F30EF13C45D for ; Fri, 8 Jun 2007 00:27:56 +0000 (UTC) (envelope-from scrappy@freebsd.org) Received: from localhost (maia-1.hub.org [200.46.204.191]) by hub.org (Postfix) with ESMTP id 6ACFAB47985; Thu, 7 Jun 2007 21:27:57 -0300 (ADT) Received: from hub.org ([200.46.204.220]) by localhost (mx1.hub.org [200.46.204.191]) (amavisd-maia, port 10024) with ESMTP id 17228-10; Thu, 7 Jun 2007 21:27:56 -0300 (ADT) Received: from ganymede.hub.org (blk-89-241-126.eastlink.ca [24.89.241.126]) by hub.org (Postfix) with ESMTP id F2D71B47984; Thu, 7 Jun 2007 21:27:56 -0300 (ADT) Received: from localhost (localhost [127.0.0.1]) by ganymede.hub.org (Postfix) with ESMTP id 013C949463; Thu, 7 Jun 2007 21:27:59 -0300 (ADT) Date: Thu, 07 Jun 2007 21:27:59 -0300 From: "Marc G. Fournier" To: freebsd-jail@freebsd.org Message-ID: X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline Cc: Subject: Status on CPU/Memory Patches ... X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jun 2007 00:27:57 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 With 7.x shortly being frozen, I'm curious as to whether anyone has had a run at these patches yet? Chris, have you had a chance of updating your patches to 6.x? I'm daring enough to put them onto some production servers running <40 jails each, to give them some 'real world, under load' testing ... - ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email . scrappy@hub.org MSN . scrappy@hub.org Yahoo . yscrappy Skype: hub.org ICQ . 7615664 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFGaKKP4QvfyHIvDvMRAkw5AJsHc1tuWTgxm/aM7XuqBzvTKnGHLACfcVPL 2ZeGTmCvyq2WC+OAGvT6laY= =2G1D -----END PGP SIGNATURE----- From owner-freebsd-jail@FreeBSD.ORG Fri Jun 8 00:39:44 2007 Return-Path: X-Original-To: freebsd-jail@freebsd.org Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C627816A515 for ; Fri, 8 Jun 2007 00:39:44 +0000 (UTC) (envelope-from scrappy@freebsd.org) Received: from hub.org (hub.org [200.46.204.220]) by mx1.freebsd.org (Postfix) with ESMTP id 8BCA113C46A for ; Fri, 8 Jun 2007 00:39:44 +0000 (UTC) (envelope-from scrappy@freebsd.org) Received: from localhost (maia-3.hub.org [200.46.204.184]) by hub.org (Postfix) with ESMTP id 248E5B47986; Thu, 7 Jun 2007 21:39:45 -0300 (ADT) Received: from hub.org ([200.46.204.220]) by localhost (mx1.hub.org [200.46.204.184]) (amavisd-maia, port 10024) with ESMTP id 74087-09; Thu, 7 Jun 2007 21:39:36 -0300 (ADT) Received: from ganymede.hub.org (blk-89-241-126.eastlink.ca [24.89.241.126]) by hub.org (Postfix) with ESMTP id 85B45B47984; Thu, 7 Jun 2007 21:39:44 -0300 (ADT) Received: from localhost (localhost [127.0.0.1]) by ganymede.hub.org (Postfix) with ESMTP id 0581649576; Thu, 7 Jun 2007 21:39:47 -0300 (ADT) Date: Thu, 07 Jun 2007 21:39:47 -0300 From: "Marc G. Fournier" To: freebsd-jail@freebsd.org Message-ID: X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline Cc: Alex Lyashkov Subject: Jail2 patches ... X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jun 2007 00:39:44 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Alex ... With 7.x shortly being frozen, do you know if there are any plans on integrating the Jail2 work you've done so far into it? Also, not sure how 'p4' works, but is it possible to get a set of patches against 6-STABLE? Like Chris' work, I'd be interested in throwing this onto some of my production servers, give it some 'real world' exposure, but I don't run -CURRENT on production, so would need a set of 6-STABLE patches for it ... Thanks ... - ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email . scrappy@hub.org MSN . scrappy@hub.org Yahoo . yscrappy Skype: hub.org ICQ . 7615664 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFGaKVT4QvfyHIvDvMRAkUDAKC2OLDE57sBfhf2RTG8mkNDBCYMEwCg1xe1 F6Xk9PHcOMllecdhSwz9b5c= =dMTF -----END PGP SIGNATURE----- From owner-freebsd-jail@FreeBSD.ORG Fri Jun 8 08:35:01 2007 Return-Path: X-Original-To: freebsd-jail@freebsd.org Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8CAF316A484 for ; Fri, 8 Jun 2007 08:35:01 +0000 (UTC) (envelope-from wolf@k18.ch) Received: from mail.k18.ch (mail.k18.ch [62.2.105.52]) by mx1.freebsd.org (Postfix) with ESMTP id CDC3313C458 for ; Fri, 8 Jun 2007 08:35:00 +0000 (UTC) (envelope-from wolf@k18.ch) Received: (qmail 28494 invoked from network); 8 Jun 2007 08:08:41 -0000 Received: by simscan 1.2.0 ppid: 28488, pid: 28491, t: 0.0602s scanners: attach: 1.2.0 clamav: 0.90.3/m: Received: from efw.atel.k18.ch (HELO [192.168.10.51]) (Authenticated:wolf@[192.168.10.1]) (envelope-sender ) by mail.k18.ch (qmail-ldap-1.03) with AES256-SHA encrypted SMTP for ; 8 Jun 2007 08:08:41 -0000 Message-ID: <46690E88.9040506@k18.ch> Date: Fri, 08 Jun 2007 10:08:40 +0200 From: Alain Wolf User-Agent: Thunderbird 2.0.0.0 (X11/20070326) MIME-Version: 1.0 To: Albert.Shih@obspm.fr References: <20070604125115.GD7167@pcjas.obspm.fr> In-Reply-To: <20070604125115.GD7167@pcjas.obspm.fr> X-Enigmail-Version: 0.95.1 OpenPGP: id=6CB1BC68 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org Subject: Re: -u option for jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jun 2007 08:35:01 -0000 Albert Shih wrote, On 06/04/2007 02:51 PM: > Hi all > > Maybe my question is stupid, but is there any possibility to use > > -u user (user != root) > > in the /etc/rc.conf for launch a jail with a specific user ? For example, > can we have for any jail a different user ? > > Regards. > > Hi Al Maybe my answer is stupid, but since the idea of a jail should mostly look like an independent system, there is a root user and any user you wish *inside* the jail. If you would like to have users on the hosting system with the ability to start and stop their own jails from outisde their jails, I would look into something like sudo or a web-cgi with a strong authentication and authorization (maybe webmin does that?). Regards Alain From owner-freebsd-jail@FreeBSD.ORG Fri Jun 8 08:47:05 2007 Return-Path: X-Original-To: freebsd-jail@freebsd.org Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4C69616A469 for ; Fri, 8 Jun 2007 08:47:05 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from mesiob.obspm.fr (mesiob.obspm.fr [145.238.2.2]) by mx1.freebsd.org (Postfix) with ESMTP id DE02A13C45B for ; Fri, 8 Jun 2007 08:47:04 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from localhost (pcjas.obspm.fr [145.238.2.126]) by mesiob.obspm.fr (8.13.4/8.13.4/SIO Observatoire de Paris) with ESMTP id l588l1uD013448; Fri, 8 Jun 2007 10:47:01 +0200 Date: Fri, 8 Jun 2007 10:47:01 +0200 From: Albert Shih To: "Marc G. Fournier" Message-ID: <20070608084701.GA18265@pcjas.obspm.fr> References: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.15 (2007-04-06) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (mesiob.obspm.fr [145.238.2.2]); Fri, 08 Jun 2007 10:47:01 +0200 (CEST) X-Virus-Scanned: ClamAV version 0.90.3, clamav-milter version 0.90.3 on mesiob.obspm.fr X-Virus-Status: Clean Cc: Alex Lyashkov , freebsd-jail@freebsd.org Subject: Re: Jail2 patches ... X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Albert.Shih@obspm.fr List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jun 2007 08:47:05 -0000 Le 07/06/2007 à 21:39:47-0300, Marc G. Fournier a écrit > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi all. > > With 7.x shortly being frozen, do you know if there are any plans on > integrating the Jail2 work you've done so far into it? Stupid question : What's new in jail2 ? Or where can I find some news ? Regards. -- Albert SHIH Observatoire de Paris Meudon SIO batiment 15 Heure local/Local time: Ven 8 jui 2007 10:46:24 CEST From owner-freebsd-jail@FreeBSD.ORG Fri Jun 8 08:51:18 2007 Return-Path: X-Original-To: freebsd-jail@freebsd.org Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E022216A46C for ; Fri, 8 Jun 2007 08:51:18 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from mesiob.obspm.fr (mesiob.obspm.fr [145.238.2.2]) by mx1.freebsd.org (Postfix) with ESMTP id 7FAF213C4B9 for ; Fri, 8 Jun 2007 08:51:18 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from localhost (pcjas.obspm.fr [145.238.2.126]) by mesiob.obspm.fr (8.13.4/8.13.4/SIO Observatoire de Paris) with ESMTP id l588pHcH015018; Fri, 8 Jun 2007 10:51:17 +0200 Date: Fri, 8 Jun 2007 10:51:17 +0200 From: Albert Shih To: Alain Wolf Message-ID: <20070608085117.GB18265@pcjas.obspm.fr> References: <20070604125115.GD7167@pcjas.obspm.fr> <46690E88.9040506@k18.ch> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <46690E88.9040506@k18.ch> User-Agent: Mutt/1.5.15 (2007-04-06) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (mesiob.obspm.fr [145.238.2.2]); Fri, 08 Jun 2007 10:51:17 +0200 (CEST) X-Virus-Scanned: ClamAV version 0.90.3, clamav-milter version 0.90.3 on mesiob.obspm.fr X-Virus-Status: Clean Cc: freebsd-jail@freebsd.org Subject: Re: -u option for jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Albert.Shih@obspm.fr List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jun 2007 08:51:19 -0000 Le 08/06/2007 à 10:08:40+0200, Alain Wolf a écrit > Albert Shih wrote, On 06/04/2007 02:51 PM: > > Hi all > > > > Maybe my question is stupid, but is there any possibility to use > > > > -u user (user != root) > > > > in the /etc/rc.conf for launch a jail with a specific user ? For example, > > can we have for any jail a different user ? > > > > Regards. > > > > > Hi Al > Maybe my answer is stupid, but since the idea of a jail should mostly > look like an independent system, there is a root user and any user you > wish *inside* the jail. > > If you would like to have users on the hosting system with the ability > to start and stop their own jails from outisde their jails, I would look > into something like sudo or a web-cgi with a strong authentication and > authorization (maybe webmin does that?). Well It's not my idea.... My idea is : if (maybe very big «if») jail a security breach and the guest system is comprimise maybe if the jail run with another uid this can make the hosting system more secure. I don't known if you understand me, my english is very poor.. Regards. -- Albert SHIH Observatoire de Paris Meudon SIO batiment 15 Heure local/Local time: Ven 8 jui 2007 10:47:51 CEST