From owner-freebsd-jail@FreeBSD.ORG Mon May 31 05:02:03 2010 Return-Path: Delivered-To: freebsd-jail@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F0BA41065673; Mon, 31 May 2010 05:02:03 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (unknown [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id C7F9A8FC12; Mon, 31 May 2010 05:02:03 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o4V523Tw059614; Mon, 31 May 2010 05:02:03 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o4V523eI059610; Mon, 31 May 2010 05:02:03 GMT (envelope-from linimon) Date: Mon, 31 May 2010 05:02:03 GMT Message-Id: <201005310502.o4V523eI059610@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-amd64@FreeBSD.org, freebsd-jail@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/147162: [jail] [panic] Page Fault / Kernel panic when jail starts on boot X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 May 2010 05:02:04 -0000 Old Synopsis: Page Fault / Kernel panic when jail starts on boot New Synopsis: [jail] [panic] Page Fault / Kernel panic when jail starts on boot Responsible-Changed-From-To: freebsd-amd64->freebsd-jail Responsible-Changed-By: linimon Responsible-Changed-When: Mon May 31 05:01:35 UTC 2010 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=147162 From owner-freebsd-jail@FreeBSD.ORG Mon May 31 11:06:59 2010 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 510811065674 for ; Mon, 31 May 2010 11:06:59 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (unknown [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 3ED968FC0C for ; Mon, 31 May 2010 11:06:59 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o4VB6xaZ046037 for ; Mon, 31 May 2010 11:06:59 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o4VB6wT1046035 for freebsd-jail@FreeBSD.org; Mon, 31 May 2010 11:06:58 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 31 May 2010 11:06:58 GMT Message-Id: <201005311106.o4VB6wT1046035@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 May 2010 11:06:59 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/147162 jail [jail] [panic] Page Fault / Kernel panic when jail sta s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail o kern/133265 jail [jail] is there a solution how to run nfs client in ja o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with 7 problems total. From owner-freebsd-jail@FreeBSD.ORG Tue Jun 1 15:14:47 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B0DCA106566C for ; Tue, 1 Jun 2010 15:14:47 +0000 (UTC) (envelope-from andrew.hotlab@hotmail.com) Received: from blu0-omc1-s25.blu0.hotmail.com (blu0-omc1-s25.blu0.hotmail.com [65.55.116.36]) by mx1.freebsd.org (Postfix) with ESMTP id 7DDE08FC0A for ; Tue, 1 Jun 2010 15:14:47 +0000 (UTC) Received: from BLU138-W12 ([65.55.116.8]) by blu0-omc1-s25.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Tue, 1 Jun 2010 08:14:46 -0700 Message-ID: X-Originating-IP: [81.174.54.98] From: Andrew Hotlab To: , , Date: Tue, 1 Jun 2010 15:14:46 +0000 Importance: Normal In-Reply-To: <201005310502.o4V523eI059610@freefall.freebsd.org> References: <201005310502.o4V523eI059610@freefall.freebsd.org> Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginalArrivalTime: 01 Jun 2010 15:14:46.0923 (UTC) FILETIME=[2BF60DB0:01CB019D] Cc: Subject: RE: kern/147162: [jail] [panic] Page Fault / Kernel panic when jail starts on boot X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Jun 2010 15:14:47 -0000 ---------------------------------------- > Date: Mon=2C 31 May 2010 05:02:03 +0000 > To: linimon@FreeBSD.org=3B freebsd-amd64@FreeBSD.org=3B freebsd-jail@Free= BSD.org > From: linimon@FreeBSD.org > CC: > Subject: Re: kern/147162: [jail] [panic] Page Fault / Kernel panic when j= ail starts on boot > > Old Synopsis: Page Fault / Kernel panic when jail starts on boot > New Synopsis: [jail] [panic] Page Fault / Kernel panic when jail starts o= n boot > > Responsible-Changed-From-To: freebsd-amd64->freebsd-jail > Responsible-Changed-By: linimon > Responsible-Changed-When: Mon May 31 05:01:35 UTC 2010 > Responsible-Changed-Why: > Over to maintainer(s). > > http://www.freebsd.org/cgi/query-pr.cgi?pr=3D147162 Please do not get me wrong=2C I'm sure that all FreeBSD developers are doin= g an amazing job=2C and I cannot thank them enough... =A0but it's the first= time I'm worried by a bug in FreeBSD: I manage several jail hosts=2C and t= o encounter such a problem because of the latest security patch made my min= d back to those days when I was coping with the Microsoft Security Response= Center! :S I actually do not have the right to criticize (I barely know how difficult = is producing secure code)=2C neither I want to complain... I only=A0sincere= ly hope this has been my first and last "bad experience" with FreeBSD! :) Thank very much to all people that make FreeBSD one of the most reliable OS= out here. Andrew =20 _________________________________________________________________ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. https://signup.live.com/signup.aspx?id=3D60969= From owner-freebsd-jail@FreeBSD.ORG Tue Jun 1 15:50:05 2010 Return-Path: Delivered-To: freebsd-jail@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D786D106564A for ; Tue, 1 Jun 2010 15:50:05 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (unknown [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id ADDDF8FC24 for ; Tue, 1 Jun 2010 15:50:05 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o51Fo5Wr068111 for ; Tue, 1 Jun 2010 15:50:05 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o51Fo5S5068110; Tue, 1 Jun 2010 15:50:05 GMT (envelope-from gnats) Date: Tue, 1 Jun 2010 15:50:05 GMT Message-Id: <201006011550.o51Fo5S5068110@freefall.freebsd.org> To: freebsd-jail@FreeBSD.org From: Andriy Gapon Cc: Subject: Re: kern/147162: [jail] [panic] Page Fault / Kernel panic when jail starts on boot X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Andriy Gapon List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Jun 2010 15:50:05 -0000 The following reply was made to PR kern/147162; it has been noted by GNATS. From: Andriy Gapon To: bug-followup@FreeBSD.org, tom.dewaele@abvv.be Cc: Subject: Re: kern/147162: [jail] [panic] Page Fault / Kernel panic when jail starts on boot Date: Tue, 01 Jun 2010 18:41:26 +0300 Are you able to get a crash dump? Or at least a screen shot/capture of a panic message _with_ backtrace. Otherwise, chances of getting this resolved are lower. -- Andriy Gapon From owner-freebsd-jail@FreeBSD.ORG Tue Jun 1 16:57:36 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 17747106566C for ; Tue, 1 Jun 2010 16:57:36 +0000 (UTC) (envelope-from tjg@soe.ucsc.edu) Received: from mail-01.cse.ucsc.edu (mail-01.cse.ucsc.edu [128.114.48.32]) by mx1.freebsd.org (Postfix) with ESMTP id 050B58FC14 for ; Tue, 1 Jun 2010 16:57:35 +0000 (UTC) Received: from mail-01.cse.ucsc.edu (mail-01.cse.ucsc.edu [128.114.48.32]) by mail-01.cse.ucsc.edu (Postfix) with ESMTP id A22C5100806F; Tue, 1 Jun 2010 09:57:35 -0700 (PDT) Date: Tue, 1 Jun 2010 09:57:35 -0700 (PDT) From: Tim Gustafson To: Glen Barber Message-ID: <1644468623.360941275411455562.JavaMail.root@mail-01.cse.ucsc.edu> In-Reply-To: <1312506627.360511275411042743.JavaMail.root@mail-01.cse.ucsc.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [128.114.49.22] X-Mailer: Zimbra 5.0.20_GA_3127.RHEL5_64 (ZimbraWebClient - FF3.0 ([unknown])/5.0.20_GA_3127.RHEL5_64) Cc: freebsd-jail@freebsd.org Subject: Re: Mounting NFS From Within a Jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Jun 2010 16:57:36 -0000 > You cannot mount NFS shares inside a jail because of > rpcbind. The best solution I've found is to mount the > NFS share on the jail host, and create a nullfs mount > of that mountpoint to the jail. Ok, that makes sense (I guess), but what's the deal with these options in rc.conf then: jail_fstab="/etc/fstab.jails" jail_mount_enable="yes" I've got those both set exactly as shown, but I can't find much documentation about them and they seem to be ineffective (except that when I put an invalid file name for jail_fstab, it complains about the file being invalid). /etc/fstab.jails contains: # Device Mountpoint FStype Options Dump Pass# nfshost:/usr/ports /usr/ports nfs rw,bg 0 0 nfshost:/usr/src /usr/src nfs rw,bg 0 0 nfshost:/usr/obj /usr/obj nfs rw,bg 0 0 I was thinking that the rc.conf options listed above would somehow mount the file systems from the host OS and then start the jail, but that appears to not be the case. Am I misunderstanding the intent of these rc.conf options? Tim Gustafson Baskin School of Engineering UC Santa Cruz tjg@soe.ucsc.edu 831-459-5354 From owner-freebsd-jail@FreeBSD.ORG Thu Jun 3 14:00:06 2010 Return-Path: Delivered-To: freebsd-jail@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3E725106566B for ; Thu, 3 Jun 2010 14:00:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (unknown [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 01A398FC1D for ; Thu, 3 Jun 2010 14:00:06 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o53E05li083249 for ; Thu, 3 Jun 2010 14:00:05 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o53E05Aw083248; Thu, 3 Jun 2010 14:00:05 GMT (envelope-from gnats) Date: Thu, 3 Jun 2010 14:00:05 GMT Message-Id: <201006031400.o53E05Aw083248@freefall.freebsd.org> To: freebsd-jail@FreeBSD.org From: Cc: Subject: Re: kern/147162: [jail] [panic] Page Fault / Kernel panic when jail starts on boot X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Tom.DEWAELE@abvv.be List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jun 2010 14:00:06 -0000 The following reply was made to PR kern/147162; it has been noted by GNATS. From: To: Cc: Subject: Re: kern/147162: [jail] [panic] Page Fault / Kernel panic when jail starts on boot Date: Thu, 3 Jun 2010 15:32:03 +0200 This is a multi-part message in MIME format. ------_=_NextPart_001_01CB0321.2763EF58 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I've obtained some more information. =20 I had a hunch this was caused by a PF rule. I disabled PF and the jails did not cause a panic. Then I disabled the suspicious rule and again no panic. Re-enabled the rule -> panic. =20 This is the rule that is either directly or indirectly involved in the kernel panic: pass out quick route-to (lagg0 10.200.0.1) from 10.200.0.0/24 to ! 10.200.0.0/24 =20 I have this rule because my jails are on another vlan so they need to use another interface for outgoing packets. The problem must be linked to this rerouting. =20 Today I've built a debugging kernel with the options you suggested. I was able to get a backtrace with DDB. =20 You can find the panic here: http://tweakers.net/ext/f/iirS2Omm8Nfmbpb0BLKSRSzY/full.jpg =20 and the backtrace I did here: http://tweakers.net/ext/f/doP5G3aux6tSZdZt6hTtaWTR/full.jpg =20 =20 The backtrace has 2 pf_route calls so that confirms again my hunch. =20 This must be caused by kernel code changes made from 8.0p2 to 8.0p3 8.0p2 did not cause the kernel panic. =20 ------_=_NextPart_001_01CB0321.2763EF58 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

I've obtained some more = information.

 

I had a hunch this was caused = by a PF rule.

I disabled PF and the jails = did not cause a panic.

Then I disabled the = suspicious rule and again no panic.

Re-enabled the rule -> = panic.

 

This is the rule that is = either directly or indirectly involved in the kernel panic:

pass out quick route-to = (lagg0 10.200.0.1) from 10.200.0.0/24 to ! 10.200.0.0/24

 

I have this rule because my = jails are on another vlan so they need to use another interface for outgoing = packets.

The problem must be linked to = this rerouting.

 

Today I've built a debugging = kernel with the options you suggested.

I was able to get a backtrace = with DDB.

 

You can find the panic = here:

http://tweakers.net/ext/f/iirS2Omm8Nfmbpb0BLKSRSzY/full.jpg<= /span>

and the backtrace I did = here:

http://tweakers.net/ext/f/doP5G3aux6tSZdZt6hTtaWTR/full.jpg<= /span>

 

The backtrace has 2 pf_route = calls so that confirms again my hunch.

 

This must be caused by kernel = code changes made from 8.0p2 to 8.0p3

8.0p2 did not cause the = kernel panic.

 

------_=_NextPart_001_01CB0321.2763EF58-- From owner-freebsd-jail@FreeBSD.ORG Thu Jun 3 14:30:04 2010 Return-Path: Delivered-To: freebsd-jail@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1CA0C1065670 for ; Thu, 3 Jun 2010 14:30:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (unknown [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 0393A8FC0A for ; Thu, 3 Jun 2010 14:30:04 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o53EU3bN009012 for ; Thu, 3 Jun 2010 14:30:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o53EU3c5009007; Thu, 3 Jun 2010 14:30:03 GMT (envelope-from gnats) Date: Thu, 3 Jun 2010 14:30:03 GMT Message-Id: <201006031430.o53EU3c5009007@freefall.freebsd.org> To: freebsd-jail@FreeBSD.org From: Cc: Subject: Re: kern/147162: [jail] [panic] Page Fault / Kernel panic when jail starts on boot X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Tom.DEWAELE@abvv.be List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jun 2010 14:30:04 -0000 The following reply was made to PR kern/147162; it has been noted by GNATS. From: To: , Cc: Subject: Re: kern/147162: [jail] [panic] Page Fault / Kernel panic when jail starts on boot Date: Thu, 3 Jun 2010 16:26:25 +0200 I've obtained some more information. I had a hunch this was caused by a PF rule. I disabled PF and the jails did not cause a panic. Then I disabled the suspicious rule and again no panic. Re-enabled the rule -> panic. This is the rule that is either directly or indirectly involved in the kernel panic: pass out quick route-to (lagg0 10.200.0.1) from 10.200.0.0/24 to ! 10.200.0.0/24 I have this rule because my jails are on another vlan so they need to use another interface for outgoing packets. The problem must be linked to this rerouting. Today I've built a debugging kernel with the options you suggested. I was able to get a backtrace with DDB. You can find the panic here: http://tweakers.net/ext/f/iirS2Omm8Nfmbpb0BLKSRSzY/full.jpg and the backtrace I did here: http://tweakers.net/ext/f/doP5G3aux6tSZdZt6hTtaWTR/full.jpg The backtrace has 2 pf_route calls so that confirms again my hunch. This must be caused by kernel code changes made from 8.0p2 to 8.0p3 8.0p2 did not cause the kernel panic. From owner-freebsd-jail@FreeBSD.ORG Thu Jun 3 14:50:03 2010 Return-Path: Delivered-To: freebsd-jail@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 336991065672 for ; Thu, 3 Jun 2010 14:50:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (unknown [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 092BF8FC14 for ; Thu, 3 Jun 2010 14:50:02 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o53Eo2WB026436 for ; Thu, 3 Jun 2010 14:50:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o53Eo2qo026430; Thu, 3 Jun 2010 14:50:02 GMT (envelope-from gnats) Date: Thu, 3 Jun 2010 14:50:02 GMT Message-Id: <201006031450.o53Eo2qo026430@freefall.freebsd.org> To: freebsd-jail@FreeBSD.org From: "Bjoern A. Zeeb" Cc: Subject: Re: kern/147162: [jail] [panic] Page Fault / Kernel panic when jail starts on boot X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Bjoern A. Zeeb" List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jun 2010 14:50:03 -0000 The following reply was made to PR kern/147162; it has been noted by GNATS. From: "Bjoern A. Zeeb" To: bug-followup@FreeBSD.org, tom.dewaele@abvv.be Cc: Subject: Re: kern/147162: [jail] [panic] Page Fault / Kernel panic when jail starts on boot Date: Thu, 3 Jun 2010 14:39:59 +0000 (UTC) Hi, the only kernel changes from 8.0p2 to 8.0p3 are related to NFS imho. You are not also using NFS with this machine? If you are not, this is likely due to some changed timing or similar and you are just hitting generel problem that most likely is entirely unrelated to jails and would either be a pf@ or a net@ kernel issue. /bz From owner-freebsd-jail@FreeBSD.ORG Thu Jun 3 19:10:04 2010 Return-Path: Delivered-To: freebsd-jail@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 06966106566B for ; Thu, 3 Jun 2010 19:10:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (unknown [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 8910A8FC1E for ; Thu, 3 Jun 2010 19:10:03 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o53JA3b3049140 for ; Thu, 3 Jun 2010 19:10:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o53JA3cK049139; Thu, 3 Jun 2010 19:10:03 GMT (envelope-from gnats) Date: Thu, 3 Jun 2010 19:10:03 GMT Message-Id: <201006031910.o53JA3cK049139@freefall.freebsd.org> To: freebsd-jail@FreeBSD.org From: Cc: Subject: RE: kern/147162: [jail] [panic] Page Fault / Kernel panic when jail starts on boot X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Tom.DEWAELE@abvv.be List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jun 2010 19:10:04 -0000 The following reply was made to PR kern/147162; it has been noted by GNATS. From: To: , Cc: Subject: RE: kern/147162: [jail] [panic] Page Fault / Kernel panic when jail starts on boot Date: Thu, 3 Jun 2010 21:08:44 +0200 Hi Bjoern, I am not using NFS. I received an security announcement concerning jails (FreeBSD-SA-10:04.jail) which was fixed in 8.0p3. That's why I assumed that there were kernel changes for the jail system. Then can be a wrongful assumption of my part. You can be entirely right that this has nothing the to do with the jail system or updating to 8.0p3. But this is the first time I ran into this kernel panic. It started after my first reboot with the 8.0p3 kernel. It panics every time my first jail boots and always due to the ping proces. I did not change my system between 8.0p2 and 8.0p3. No hardware changes/firmware updates or changes to pf.conf or rc.conf. I only kept my ports up to date. I feel it is linked to 8.0p3 but it might indeed be a net/pf issue. Kind regards, Tom From owner-freebsd-jail@FreeBSD.ORG Thu Jun 3 19:15:40 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 092731065677 for ; Thu, 3 Jun 2010 19:15:40 +0000 (UTC) (envelope-from SamanKaya@netscape.net) Received: from imr-da01.mx.aol.com (imr-da01.mx.aol.com [205.188.105.143]) by mx1.freebsd.org (Postfix) with ESMTP id C03458FC22 for ; Thu, 3 Jun 2010 19:15:39 +0000 (UTC) Received: from mtaout-da02.r1000.mx.aol.com (mtaout-da02.r1000.mx.aol.com [172.29.51.130]) by imr-da01.mx.aol.com (8.14.1/8.14.1) with ESMTP id o53JFPOE023139 for ; Thu, 3 Jun 2010 15:15:25 -0400 Received: from [172.16.0.66] (unknown [212.156.209.87]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mtaout-da02.r1000.mx.aol.com (MUA/Third Party Client Interface) with ESMTPSA id 12006E004E45 for ; Thu, 3 Jun 2010 15:15:24 -0400 (EDT) Message-ID: <4C07FF49.3070606@netscape.net> Date: Thu, 03 Jun 2010 22:15:21 +0300 From: Kaya Saman User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.1.8) Gecko/20100227 Lightning/1.0b1 Thunderbird/3.0.3 MIME-Version: 1.0 To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit x-aol-global-disposition: G X-AOL-SCOLL-SCORE: 0:2:468085984:93952408 X-AOL-SCOLL-URL_COUNT: 0 x-aol-sid: 3039ac1d33824c07ff4c68e0 X-AOL-IP: 212.156.209.87 Subject: Strange things happening with jails?? Not starting up on boot or services not running inside! X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jun 2010 19:15:40 -0000 Hi guys, many thanks to Andrew Hotlab et al.... in accordance with helping me get started with BSD Jails!! I have managed to create 4 and migrate many services in them already. The only issue is that one Jail containing the Postfix MTA which I use as an SMTP mail relay agent for my mail servers is not starting up when the OS has been rebooted or booted for that matter?? I can't give any error logs as there are none but I can post the config which is here: JID IP Address Hostname Path 1 192.168.1.100 ns1.optiplex-networks.com /var/jail/named_1 2 192.168.1.101 ns2.optiplex-networks.com /var/jail/named_2 3 192.168.1.110 proxy.optiplex-networks.com /var/jail/squid 4 192.168.1.115 relay.optiplex-networks.com /var/jail/postfix jail_enable="YES" jail_list="named_1 named_2 squid" jail_named_1_rootdir="/var/jail/named_1" jail_named_1_hostname="ns1.optiplex-networks.com" jail_interface="em0" jail_named_1_ip="192.168.1.100" #jail_named_1_exec_start="/usr/local/bin/named" jail_named_1_devfs_enable="YES" jail_named_2_rootdir="/var/jail/named_2" jail_named_2_hostname="ns2.optiplex-networks.com" jail_interface="em0" jail_named_2_ip="192.168.1.101" jail_named_2_devfs_enable="YES" jail_squid_rootdir="/var/jail/squid" jail_squid_hostname="proxy.optiplex-networks.com" jail_interface="em0" jail_squid_ip="192.168.1.110" jail_squid_devfs_enable="YES" jail_postfix_rootdir="/var/jail/postfix" jail_postfix_hostname="relay.optiplex-networks.com" jail_interface="em0" jail_postfix_ip="192.168.1.115" jail_postfix_devfs_enable="YES" Which actually looking at the above have just noticed that it's not mentioned in the jail_list line!!! Well I've added it so now it should be ok so let this just be a backup in case someone else stumbles across this posting with a similar issue. Now another few issues related to the services inside is that I'm trying to start Squid for my reverse proxy inside a Jail. However, the service won't start on it's own as I'm needing port 80 and there seems to be a block against normal users using ports <1024. I tested this by getting Squid to run on it's default port 3128 and it works..... However the logs or screen readout just tells me that the service cannot connect to port 80?? May 31 17:47:11 proxy squid[4360]: Cannot open HTTP Port May 31 17:47:11 proxy squid[4358]: Squid Parent: child process 4360 exited due to signal 6 May 31 17:47:14 proxy squid[4358]: Squid Parent: child process 4364 started May 31 17:47:15 proxy squid[4364]: Cannot open HTTP Port May 31 17:47:15 proxy squid[4358]: Squid Parent: child process 4364 exited due to signal 6 May 31 17:47:18 proxy squid[4358]: Squid Parent: child process 4367 started May 31 17:47:18 proxy squid[4367]: Cannot open HTTP Port May 31 17:47:18 proxy squid[4358]: Squid Parent: child process 4367 exited due to signal 6 May 31 17:47:21 proxy squid[4358]: Squid Parent: child process 4370 started May 31 17:47:21 proxy squid[4370]: Cannot open HTTP Port May 31 17:47:21 proxy squid[4358]: Squid Parent: child process 4370 exited due to signal 6 I tried adding the user's Proxy and Squid to the group Wheel however again no such luck :-( This is the current line that is having issues: http_port 192.168.1.110:80 accel defaultsite=domain.com vhost I then once had done much Google'ing and not finding out anything got fed up of using the rc scripts and attempted running the service using /usr/local/sbin/squid -NCd1 which gave me verbose diagnostic output saying that all was ok; as manual debug method which I guess I should have done before even attempting the rc scripts: proxy# /usr/local/sbin/squid -NCd1 2010/05/31 17:55:54| Starting Squid Cache version 2.7.STABLE7 for amd64-portbld-freebsd8.0... 2010/05/31 17:55:54| Process ID 4484 2010/05/31 17:55:54| With 11095 file descriptors available 2010/05/31 17:55:54| Using kqueue for the IO loop 2010/05/31 17:55:54| Performing DNS Tests... 2010/05/31 17:55:54| Successful DNS name lookup tests... 2010/05/31 17:55:54| DNS Socket created at 0.0.0.0, port 39116, FD 6 2010/05/31 17:55:54| Adding nameserver 192.168.1.100 from /etc/resolv.conf 2010/05/31 17:55:54| Adding nameserver 192.168.1.101 from /etc/resolv.conf 2010/05/31 17:55:54| logfileOpen: opening log /var/log/squid/access.log 2010/05/31 17:55:54| Unlinkd pipe opened on FD 11 2010/05/31 17:55:54| Swap maxSize 102400 + 8192 KB, estimated 8507 objects 2010/05/31 17:55:54| Target number of buckets: 425 2010/05/31 17:55:54| Using 8192 Store buckets 2010/05/31 17:55:54| Max Mem size: 8192 KB 2010/05/31 17:55:54| Max Swap size: 102400 KB 2010/05/31 17:55:54| logfileOpen: opening log /var/log/squid/store.log 2010/05/31 17:55:54| Rebuilding storage in /usr/local/squid/cache (DIRTY) 2010/05/31 17:55:54| Using Least Load store dir selection 2010/05/31 17:55:54| Set Current Directory to /var/spool/squid 2010/05/31 17:55:54| Loaded Icons. 2010/05/31 17:55:54| Accepting accelerated HTTP connections at 192.168.1.110, port 80, FD 13. 2010/05/31 17:55:54| Accepting ICP messages at 0.0.0.0, port 3130, FD 14. 2010/05/31 17:55:54| Accepting SNMP messages on port 3401, FD 15. 2010/05/31 17:55:54| WCCP Disabled. 2010/05/31 17:55:54| Configuring x-ray Parent x-ray/80/0 2010/05/31 17:55:54| Configuring zeta-ray Parent zeta-ray/80/0 2010/05/31 17:55:54| Configuring delta-ray Parent delta-ray/80/0 2010/05/31 17:55:54| Configuring g-stat-1 Parent g-stat-1/80/0 2010/05/31 17:55:54| Ready to serve requests. 2010/05/31 17:55:54| Done reading /usr/local/squid/cache swaplog (0 entries) 2010/05/31 17:55:54| Finished rebuilding storage from disk. 2010/05/31 17:55:54| 0 Entries scanned 2010/05/31 17:55:54| 0 Invalid entries. 2010/05/31 17:55:54| 0 With invalid flags. 2010/05/31 17:55:54| 0 Objects loaded. 2010/05/31 17:55:54| 0 Objects expired. 2010/05/31 17:55:54| 0 Objects cancelled. 2010/05/31 17:55:54| 0 Duplicate URLs purged. 2010/05/31 17:55:54| 0 Swapfile clashes avoided. 2010/05/31 17:55:54| Took 0.4 seconds ( 0.0 objects/sec). 2010/05/31 17:55:54| Beginning Validation Procedure 2010/05/31 17:55:54| Completed Validation Procedure 2010/05/31 17:55:54| Validated 0 Entries 2010/05/31 17:55:54| store_swap_size = 0k 2010/05/31 17:55:55| storeLateRelease: released 0 objects Since this I needed to alter a few lines within the reverse proxy config as IP addresses and machine names had changed but still Squid comes online and works fine without any problem when starting this way. Since this was started as user:root I figured that I could put in a crontab telling the system to auto boot the service the manual way..... This is my rc.conf file: proxy# cat /etc/rc.conf defaultrouter="192.168.1.1" hostname="proxy.domain.com" #ifconfig_em0="inet 192.168.1.103 netmask 255.255.255.0" #squid_enable="YES" sshd_enable="YES" With the crontab being as so: proxy# crontab -l @reboot /usr/local/sbin/squid However, the service just refuses to automatically start and am left having to start it manually each time!! :-( /var/log/messages tells me that the service cannot connect to the http port when done via cron job? I compiled it from the ports collection: Zeta-Ray# uname -a FreeBSD Zeta-Ray.domain.com 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:02:08 UTC 2009 root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 Many thanks for any help! Regards, Kaya From owner-freebsd-jail@FreeBSD.ORG Thu Jun 3 22:04:46 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CCAAA1065677 for ; Thu, 3 Jun 2010 22:04:46 +0000 (UTC) (envelope-from andrew.hotlab@hotmail.com) Received: from blu0-omc2-s15.blu0.hotmail.com (blu0-omc2-s15.blu0.hotmail.com [65.55.111.90]) by mx1.freebsd.org (Postfix) with ESMTP id 991548FC1D for ; Thu, 3 Jun 2010 22:04:46 +0000 (UTC) Received: from BLU138-W35 ([65.55.111.71]) by blu0-omc2-s15.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Thu, 3 Jun 2010 15:04:45 -0700 Message-ID: X-Originating-IP: [217.133.1.92] From: Andrew Hotlab To: , Date: Thu, 3 Jun 2010 22:04:44 +0000 Importance: Normal Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginalArrivalTime: 03 Jun 2010 22:04:45.0787 (UTC) FILETIME=[C6DA52B0:01CB0368] Cc: Subject: RE: Strange things happening with jails?? Not starting up on boot or services not running inside! X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jun 2010 22:04:46 -0000 ---------------------------------------- > Date: Thu=2C 3 Jun 2010 22:15:21 +0300 > From: SamanKaya@netscape.net > To: freebsd-jail@freebsd.org > Subject: Strange things happening with jails?? Not starting up on boot or= services not running inside! > > I have managed to create 4 and migrate many services in them already. > The only issue is that one Jail containing the Postfix MTA which I use > as an SMTP mail relay agent for my mail servers is not starting up when > the OS has been rebooted or booted for that matter?? > > I can't give any error logs as there are none but I can post the config > which is here: > > JID IP Address Hostname Path > 1 192.168.1.100 ns1.optiplex-networks.com /var/jail/named_1 > 2 192.168.1.101 ns2.optiplex-networks.com /var/jail/named_2 > 3 192.168.1.110 proxy.optiplex-networks.com /var/jail/squid > 4 192.168.1.115 relay.optiplex-networks.com /var/jail/postfix > > > jail_enable=3D"YES" > jail_list=3D"named_1 named_2 squid" > jail_named_1_rootdir=3D"/var/jail/named_1" > jail_named_1_hostname=3D"ns1.optiplex-networks.com" > jail_interface=3D"em0" > jail_named_1_ip=3D"192.168.1.100" > #jail_named_1_exec_start=3D"/usr/local/bin/named" > jail_named_1_devfs_enable=3D"YES" > jail_named_2_rootdir=3D"/var/jail/named_2" > jail_named_2_hostname=3D"ns2.optiplex-networks.com" > jail_interface=3D"em0" > jail_named_2_ip=3D"192.168.1.101" > jail_named_2_devfs_enable=3D"YES" > jail_squid_rootdir=3D"/var/jail/squid" > jail_squid_hostname=3D"proxy.optiplex-networks.com" > jail_interface=3D"em0" > jail_squid_ip=3D"192.168.1.110" > jail_squid_devfs_enable=3D"YES" > jail_postfix_rootdir=3D"/var/jail/postfix" > jail_postfix_hostname=3D"relay.optiplex-networks.com" > jail_interface=3D"em0" > jail_postfix_ip=3D"192.168.1.115" > jail_postfix_devfs_enable=3D"YES" > > These lines are in the file /etc/rc.conf on the jail host? If you created = all jails with ezjail=2C there should be nothing like that: all jail_ vars = would have been written in files stored in /usr/local/etc/ezjail/ (by defau= lt). If you are managing all jails with ezjail you can safely delete all t= hese entries in the host's rc.conf (only remember to leave ezjail_enable=3D= "YES" if you want automatic startup of all jails at boot time) > > Now another few issues related to the services inside is that I'm trying > to start Squid for my reverse proxy inside a Jail. However=2C the service > won't start on it's own as I'm needing port 80 and there seems to be a > block against normal users using ports <1024. I tested this by getting > Squid to run on it's default port 3128 and it works..... > > However the logs or screen readout just tells me that the service cannot > connect to port 80?? > > May 31 17:47:11 proxy squid[4360]: Cannot open HTTP Port > May 31 17:47:11 proxy squid[4358]: Squid Parent: child process 4360 > exited due to signal 6 > May 31 17:47:14 proxy squid[4358]: Squid Parent: child process 4364 start= ed > May 31 17:47:15 proxy squid[4364]: Cannot open HTTP Port > May 31 17:47:15 proxy squid[4358]: Squid Parent: child process 4364 > exited due to signal 6 > May 31 17:47:18 proxy squid[4358]: Squid Parent: child process 4367 start= ed > May 31 17:47:18 proxy squid[4367]: Cannot open HTTP Port > May 31 17:47:18 proxy squid[4358]: Squid Parent: child process 4367 > exited due to signal 6 > May 31 17:47:21 proxy squid[4358]: Squid Parent: child process 4370 start= ed > May 31 17:47:21 proxy squid[4370]: Cannot open HTTP Port > May 31 17:47:21 proxy squid[4358]: Squid Parent: child process 4370 > exited due to signal 6 > > I tried adding the user's Proxy and Squid to the group Wheel however > again no such luck :-( > I've never had to make Squid listening on port 80=2C but referring its star= tup script in /usr/local/etc/rc.d/: # squid_user: The user id that should be used to run the Squid master # process. Default: squid. # Note that you probably need to define "squid_user=3Droot" i= f # you want to run Squid in reverse proxy setups or if you wan= t # Squid to listen on a "privileged" port < 1024. So you only need to write the following line in /etc/rc.conf to have Squid = listening on this privileged port: squid_user=3D"root" I've just tried that with Squid 3.0 and it works (check the output of the c= ommand "sockstat -4l"). This is obviously a Squid-related issue=2C the fact that it's running in a = jail is not relevant here. Andrew =20 _________________________________________________________________ Hotmail: Powerful Free email with security by Microsoft. https://signup.live.com/signup.aspx?id=3D60969= From owner-freebsd-jail@FreeBSD.ORG Fri Jun 4 07:15:20 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 98FAD106566C for ; Fri, 4 Jun 2010 07:15:20 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from mail.ebusiness-leidinger.de (mail.ebusiness-leidinger.de [217.11.53.44]) by mx1.freebsd.org (Postfix) with ESMTP id 41D338FC14 for ; Fri, 4 Jun 2010 07:15:20 +0000 (UTC) Received: from outgoing.leidinger.net (pD9E2F940.dip.t-dialin.net [217.226.249.64]) by mail.ebusiness-leidinger.de (Postfix) with ESMTPSA id D292984405B; Fri, 4 Jun 2010 09:15:14 +0200 (CEST) Received: from webmail.leidinger.net (webmail.leidinger.net [192.168.1.102]) by outgoing.leidinger.net (Postfix) with ESMTP id 035905173; Fri, 4 Jun 2010 09:15:11 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=Leidinger.net; s=outgoing-alex; t=1275635712; bh=Anngvi2m9SsnfaOBB6vXmowMwjndkb5M+2vQIitg/Bw=; h=Message-ID:Date:From:To:Cc:Subject:References:In-Reply-To: MIME-Version:Content-Type:Content-Transfer-Encoding; b=R8oIpHAjuWk82vmHdI+Ylpw0TJHtZREFo75XNO4066jGua4a7Ontm3rgQ2Or+KG4R qXwANOygD//S8cfqpfCOfk2so5r+rqLULOBhBMhWw2Z0DM9/TD3CXfdPGlqhuArXof 8Ru/ThDmTnOJCw9Eguwcptnaw2mw4/aSdASVMlNxbxw4rV3t/HiYErv/T6Phk+H7RI i87HvqGHLNOcV2WEgisCOGTecHUs1UFSYgRb/4D98fngY+EQAUd/6js5SsiEeLKKN+ xqaL5HQ0Tu7cND/k1iDvPJqawfImMoboLYhjLMa106l93wo/VSs2GPNPi/ChoKOA4d zIeueCcMPlD6Q== Received: (from www@localhost) by webmail.leidinger.net (8.14.4/8.13.8/Submit) id o547FB4f068344; Fri, 4 Jun 2010 09:15:11 +0200 (CEST) (envelope-from Alexander@Leidinger.net) Received: from pslux.ec.europa.eu (pslux.ec.europa.eu [158.169.9.14]) by webmail.leidinger.net (Horde Framework) with HTTP; Fri, 04 Jun 2010 09:15:11 +0200 Message-ID: <20100604091511.123441fooipqt0ys@webmail.leidinger.net> Date: Fri, 04 Jun 2010 09:15:11 +0200 From: Alexander Leidinger To: Andrew Hotlab References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Dynamic Internet Messaging Program (DIMP) H3 (1.1.4) X-EBL-MailScanner-Information: Please contact the ISP for more information X-EBL-MailScanner-ID: D292984405B.A6907 X-EBL-MailScanner: Found to be clean X-EBL-MailScanner-SpamCheck: not spam, spamhaus-ZEN, SpamAssassin (not cached, score=-0.821, required 6, autolearn=disabled, ALL_TRUSTED -1.00, DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, PLING_QUERY 0.28) X-EBL-MailScanner-From: alexander@leidinger.net X-EBL-MailScanner-Watermark: 1276240518.36685@+n0hcwE+UPE++Gi0eNAjoQ X-EBL-Spam-Status: No Cc: freebsd-jail@freebsd.org, samankaya@netscape.net Subject: RE: Strange things happening with jails?? Not starting up on boot or services not running inside! X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jun 2010 07:15:20 -0000 Quoting Andrew Hotlab (from Thu, 3 Jun 2010 22:04:44 +0000): > I've never had to make Squid listening on port 80, but referring its > startup script in /usr/local/etc/rc.d/: > > # squid_user: The user id that should be used to run the Squid master > # process. Default: squid. > # Note that you probably need to define "squid_user=root" if > # you want to run Squid in reverse proxy setups or if you want > # Squid to listen on a "privileged" port < 1024. > > So you only need to write the following line in /etc/rc.conf to have > Squid listening on this privileged port: > squid_user="root" An alternative is to change the sysctl net.inet.ip.portrange.reservedhigh. By lowering it, other users than root are allowed to bind to ports <1023 (the system prevents non-root binds to the port X in the range reservedlow <= X <= reservedhigh). Bye, Alexander. -- The District of Columbia has a law forbidding you to exert pressure on a balloon and thereby cause a whistling sound on the streets. http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 From owner-freebsd-jail@FreeBSD.ORG Fri Jun 4 08:05:21 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8DC691065672 for ; Fri, 4 Jun 2010 08:05:21 +0000 (UTC) (envelope-from SamanKaya@netscape.net) Received: from imr-db01.mx.aol.com (imr-db01.mx.aol.com [205.188.91.95]) by mx1.freebsd.org (Postfix) with ESMTP id 4BF558FC24 for ; Fri, 4 Jun 2010 08:05:20 +0000 (UTC) Received: from mtaout-mb01.r1000.mx.aol.com (mtaout-mb01.r1000.mx.aol.com [172.29.41.65]) by imr-db01.mx.aol.com (8.14.1/8.14.1) with ESMTP id o54853eP030521; Fri, 4 Jun 2010 04:05:04 -0400 Received: from [192.168.0.49] (unknown [85.105.64.2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mtaout-mb01.r1000.mx.aol.com (MUA/Third Party Client Interface) with ESMTPSA id BA6D2E0000BC; Fri, 4 Jun 2010 04:05:02 -0400 (EDT) Message-ID: <4C08B2F7.4050904@netscape.net> Date: Fri, 04 Jun 2010 11:01:59 +0300 From: Kaya Saman User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4 MIME-Version: 1.0 To: Alexander Leidinger References: <20100604091511.123441fooipqt0ys@webmail.leidinger.net> In-Reply-To: <20100604091511.123441fooipqt0ys@webmail.leidinger.net> x-aol-global-disposition: G X-AOL-SCOLL-SCORE: 0:2:433861696:93952408 X-AOL-SCOLL-URL_COUNT: 0 x-aol-sid: 3039ac1d29414c08b3ae4efd X-AOL-IP: 85.105.64.2 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-jail@freebsd.org Subject: Re: Strange things happening with jails?? Not starting up on boot or services not running inside! X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jun 2010 08:05:21 -0000 On 04/06/2010 10:15, Alexander Leidinger wrote: > Quoting Andrew Hotlab (from Thu, 3 Jun > 2010 22:04:44 +0000): > >> I've never had to make Squid listening on port 80, but referring its >> startup script in /usr/local/etc/rc.d/: >> >> # squid_user: The user id that should be used to run the Squid master >> # process. Default: squid. >> # Note that you probably need to define >> "squid_user=root" if >> # you want to run Squid in reverse proxy setups or if >> you want >> # Squid to listen on a "privileged" port < 1024. >> >> So you only need to write the following line in /etc/rc.conf to have >> Squid listening on this privileged port: >> squid_user="root" > > An alternative is to change the sysctl > net.inet.ip.portrange.reservedhigh. By lowering it, other users than > root are allowed to bind to ports <1023 (the system prevents non-root > binds to the port X in the range reservedlow <= X <= reservedhigh). > > Bye, > Alexander. > Many thanks guys for the responses!! I will see which method best fits me... I guess I will take Andrew's suggestion as I don't really want to open up the port range to *all* users however I guess it doesn't really matter as by default Solaris 9 which Squid was originally on I don't think blocked or disallowed anything and I certainly know that Linux doesn't really care either! > jail_enable="YES" > jail_list="named_1 named_2 squid" > jail_named_1_rootdir="/var/jail/named_1" > jail_named_1_hostname="ns1.optiplex-networks.com" > jail_interface="em0" > jail_named_1_ip="192.168.1.100" > #jail_named_1_exec_start="/usr/local/bin/named" > jail_named_1_devfs_enable="YES" > jail_named_2_rootdir="/var/jail/named_2" > jail_named_2_hostname="ns2.optiplex-networks.com" > jail_interface="em0" > jail_named_2_ip="192.168.1.101" > jail_named_2_devfs_enable="YES" > jail_squid_rootdir="/var/jail/squid" > jail_squid_hostname="proxy.optiplex-networks.com" > jail_interface="em0" > jail_squid_ip="192.168.1.110" > jail_squid_devfs_enable="YES" > jail_postfix_rootdir="/var/jail/postfix" > jail_postfix_hostname="relay.optiplex-networks.com" > jail_interface="em0" > jail_postfix_ip="192.168.1.115" > jail_postfix_devfs_enable="YES" > > > These lines are in the file/etc/rc.conf on the jail host? Yes. > If you created all jails with ezjail,> there should be nothing like that: all jail_ vars would > have been written in files stored in > /usr/local/etc/ezjail/ (by default). If you are managing all jails with ezjail you can safely > delete all these entries in the host's rc.conf (only remember to leave ezjail_enable="YES" if you> want automatic startup of all jails at boot time) I didn't use ezjail... I was recommended to take the plunge in to the deep end and try to learn Jails by doing things manually. This is what I ended up with!! - although they do seem to work pretty well as far as I can tell. Regards, Kaya