From owner-freebsd-jail@FreeBSD.ORG  Sun May  8 01:49:32 2011
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E8F921065672
	for <freebsd-jail@freebsd.org>; Sun,  8 May 2011 01:49:32 +0000 (UTC)
	(envelope-from espartano.mail@gmail.com)
Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com
	[209.85.210.182])
	by mx1.freebsd.org (Postfix) with ESMTP id B1F598FC08
	for <freebsd-jail@freebsd.org>; Sun,  8 May 2011 01:49:32 +0000 (UTC)
Received: by iyj12 with SMTP id 12so5050512iyj.13
	for <freebsd-jail@freebsd.org>; Sat, 07 May 2011 18:49:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:in-reply-to:references:date
	:message-id:subject:from:to:cc:content-type;
	bh=hzTk2sfI9NhP4h17Tw9+/JRjz6UytO2olLezpsklHHo=;
	b=Ghv6OaioPV4E29TpOW396kMRByn29MbBKZzddU+OJ6Z2/Zt01GLpvWaW1wy2roVRVk
	+A/twOZ4awCsjLYzlwvjiN8lZSW0JWxGtgRtsttQIV35hIF9VPxUivOgTJ7o9qGJK7i9
	+nYBs5jt8gI9E4KdsciBn4eI18q1DV6WAaRPk=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type;
	b=iTyffekUbajQHuytQZnfQiW0aS1v4nr4BuWHO5sIQbSRF/mKxVnT3AEtftgQbQEPcJ
	sGtd6DaiUow9OU1gAPN8x/C05SQfT/yDTkAn9NNkzJNOsSao3jQM+9tFcPaugC15t3YD
	jXhy2+RZUlxVGgzbtkSrckIyPO3IE34aR4KR4=
MIME-Version: 1.0
Received: by 10.42.152.5 with SMTP id g5mr1748457icw.231.1304817984477; Sat,
	07 May 2011 18:26:24 -0700 (PDT)
Received: by 10.42.2.141 with HTTP; Sat, 7 May 2011 18:26:24 -0700 (PDT)
In-Reply-To: <368245A4-1F9F-4D52-A64E-32993BB35E17@lists.zabbadoz.net>
References: <BANLkTimR1in=RZ02O=abxrBu8fP8v_hmBg@mail.gmail.com>
	<368245A4-1F9F-4D52-A64E-32993BB35E17@lists.zabbadoz.net>
Date: Sat, 7 May 2011 20:26:24 -0500
Message-ID: <BANLkTi=Da-1TD+25jCufovXtXMyYHonM8A@mail.gmail.com>
From: Espartano <espartano.mail@gmail.com>
To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
Content-Type: text/plain; charset=ISO-8859-1
Cc: freebsd-jail@freebsd.org
Subject: Re: pf or ipfw within a jail?
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 08 May 2011 01:49:33 -0000

On Fri, May 6, 2011 at 4:31 PM, Bjoern A. Zeeb
<bzeeb-lists@lists.zabbadoz.net> wrote:
>
> On May 6, 2011, at 8:28 PM, Mickey Harvey wrote:
>
>> Is it possible to run pf or ipfw within a jail? I am running 8.2 and have
>> vimage compiled in the kernel.
>
> ipfw might work then; pf not yet. ipfilter in a far distant future.
>

But ... Not VIMAGE project was developed exactly to allow has an
virtual stack and allow to work firewalls like pf into a jail ?

From owner-freebsd-jail@FreeBSD.ORG  Mon May  9 11:07:09 2011
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 20822106564A
	for <freebsd-jail@FreeBSD.org>; Mon,  9 May 2011 11:07:09 +0000 (UTC)
	(envelope-from owner-bugmaster@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 0F9768FC14
	for <freebsd-jail@FreeBSD.org>; Mon,  9 May 2011 11:07:09 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p49B78sn070665
	for <freebsd-jail@FreeBSD.org>; Mon, 9 May 2011 11:07:08 GMT
	(envelope-from owner-bugmaster@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p49B78SX070661
	for freebsd-jail@FreeBSD.org; Mon, 9 May 2011 11:07:08 GMT
	(envelope-from owner-bugmaster@FreeBSD.org)
Date: Mon, 9 May 2011 11:07:08 GMT
Message-Id: <201105091107.p49B78SX070661@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: gnats set sender to
	owner-bugmaster@FreeBSD.org using -f
From: FreeBSD bugmaster <bugmaster@FreeBSD.org>
To: freebsd-jail@FreeBSD.org
Cc: 
Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 09 May 2011 11:07:09 -0000

Note: to view an individual PR, use:
  http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).

The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.


S Tracker      Resp.      Description
--------------------------------------------------------------------------------
o kern/156584  jail       [jail] ipv4 packet is not forward to v4-mapped binding
o kern/156111  jail       [jail] procstat -b not supported in jail
o misc/155765  jail       [patch] `buildworld' does not honors WITHOUT_JAIL
o conf/154246  jail       [jail] [patch] Bad symlink created if devfs mount poin
o conf/149050  jail       [jail] rcorder ``nojail'' too coarse for Jail+VNET
s conf/142972  jail       [jail] [patch] Support JAILv2 and vnet in rc.d/jail
o conf/141317  jail       [patch] uncorrect jail stop in /etc/rc.d/jail
o kern/133265  jail       [jail] is there a solution how to run nfs client in ja
o kern/119842  jail       [smbfs] [jail] "Bad address" with smbfs inside a jail
o bin/99566    jail       [jail] [patch] fstat(1) according to specified jid
o bin/32828    jail       [jail] w(1) incorrectly handles stale utmp slots with 

11 problems total.


From owner-freebsd-jail@FreeBSD.ORG  Thu May 12 18:16:31 2011
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 49425106566C
	for <freebsd-jail@freebsd.org>; Thu, 12 May 2011 18:16:31 +0000 (UTC)
	(envelope-from Devin.Teske@fisglobal.com)
Received: from mx1.fisglobal.com (mx1.fisglobal.com [199.200.24.190])
	by mx1.freebsd.org (Postfix) with ESMTP id CE6BF8FC0A
	for <freebsd-jail@freebsd.org>; Thu, 12 May 2011 18:16:30 +0000 (UTC)
Received: from SBHFISLREXT03 ([10.132.254.62])
	by SCSFISLTC02 (8.14.3/8.14.3) with ESMTP id p4CIGUl1019403;
	Thu, 12 May 2011 13:16:30 -0500
Received: from SBHFISLTCGW07.FNFIS.COM (Not Verified[10.132.248.135]) by
	SBHFISLREXT03 with MailMarshal (v6, 5, 4, 7535)
	id <B4dcc240e0001>; Thu, 12 May 2011 13:16:46 -0500
Received: from sbhfisltcgw02.FNFIS.COM ([10.132.248.122]) by
	SBHFISLTCGW07.FNFIS.COM with Microsoft SMTPSVC(6.0.3790.4675); 
	Thu, 12 May 2011 13:16:30 -0500
Received: from dtwin ([10.132.254.135]) by sbhfisltcgw02.FNFIS.COM over TLS
	secured channel with Microsoft SMTPSVC(6.0.3790.4675); 
	Thu, 12 May 2011 13:16:29 -0500
From: "Devin Teske" <dteske@vicor.com>
To: "'Teske, Devin'" <Devin.Teske@fisglobal.com>,
	"'Paul Schenkeveld'" <freebsd@psconsult.nl>, <freebsd-jail@freebsd.org>
References: <BANLkTi=NmzigTQ+DDDUZsPZ8F6sajyBe3Q@mail.gmail.com>
	<20110505104048.GA34113@psconsult.nl>
	<010901cc0b46$a93c4f60$fbb4ee20$@vicor.com>
In-Reply-To: <010901cc0b46$a93c4f60$fbb4ee20$@vicor.com>
Date: Thu, 12 May 2011 11:15:30 -0700
Organization: Vicor, Inc.
Message-ID: <004701cc10d0$947f6280$bd7e2780$@vicor.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
thread-index: AQHx3j4xECpyxSCl8FIo3F4Vn84C3AGbeJ6tAfH6oFCUIXjrkA==
Content-Language: en-us
X-OriginalArrivalTime: 12 May 2011 18:16:29.0414 (UTC)
	FILETIME=[B6DDE860:01CC10D0]
Cc: 
Subject: RE: Jail starts but doesn't start
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 12 May 2011 18:16:31 -0000

> -----Original Message-----
> From: owner-freebsd-jail@freebsd.org [mailto:owner-freebsd-jail@freebsd.o=
rg]
> On Behalf Of Paul Schenkeveld
> Sent: Thursday, May 05, 2011 3:41 AM
> To: freebsd-jail@freebsd.org
> Subject: Re: Jail starts but doesn't start
>
> On Wed, May 04, 2011 at 04:24:11PM -0700, Mickey Harvey wrote:
> > Hosts /etc/rc.conf
> >
> >=A0=A0=A0 1. ifconfig_bge0=3D"inet 192.168.224.11 netmask 255.255.255.0"
> >=A0=A0=A0 2. defaultrouter=3D"192.168.224.1"
> >=A0=A0=A0 3. sshd_enable=3D"YES"
> >=A0=A0=A0 4.
> >=A0=A0=A0 5. linux_enable=3D"YES"
> >=A0=A0=A0 6. zfs_enable=3D"YES"
> >=A0=A0=A0 7. jail_enable=3D"YES"
> >=A0=A0=A0 8. jail_list=3D"www0 dns0 smarty0 centos"
> >=A0=A0=A0 9.
> >=A0=A0=A0 10. ifconfig_bge0_alias0=3D"inet 192.168.224.12 netmask 255.25=
5.255.255"
> >=A0=A0=A0 11. jail_www0_rootdir=3D"/tank/jails/www0"
> >=A0=A0=A0 12. jail_www0_hostname=3D"www0"
> >=A0=A0=A0 13. jail_www0_ip=3D"192.168.224.12"
> >=A0=A0=A0 14. jail_www0_devfs_enable=3D"YES"
> >=A0=A0=A0 15. jail_www0_exec_stop=3D"/etc/rc.shutdown"
> >=A0=A0=A0 16.
> >=A0=A0=A0 17. #JAIL READY TO USE, JUST NEEDS APPROPRIATE FSTAB ENTRIES
> >=A0=A0=A0 18. #ENTRIES ARE IN LOADER.CONF
> >=A0=A0=A0 19. #TRIED TO BOOT WITH REQUIRED FSTAB BUT IT BROKE SO I REVER=
TED
> >=A0=A0=A0 20. #5/3/11 MH
> >=A0=A0=A0 21. #ifconfig_bge0_alias1=3D"inet 192.168.224.13 netmask 255.2=
55.255.255"
> >=A0=A0=A0 22. #jail_deb0_rootdir=3D"/tank/jails/deb0"
> >=A0=A0=A0 23. #jail_deb0_hostname=3D"deb0"
> >=A0=A0=A0 24. #jail_deb0_ip=3D"192.168.224.13"
> >=A0=A0=A0 25. #jail_deb0_devfs_enable=3D"YES"
> >=A0=A0=A0 26. #jail_deb0_exec_start=3D"/etc/init.d/rc 3"
> >=A0=A0=A0 27. #jail_deb0_exec_stop=3D"/etc/init.d/rc 0"
> >=A0=A0=A0 28. #jail_deb0_flags=3D"-l -u root"
> >=A0=A0=A0 29.
> >=A0=A0=A0 30. ifconfig_bge0_alias1=3D"inet 192.168.224.14 netmask 255.25=
5.255.255"
> >=A0=A0=A0 31. jail_dns0_rootdir=3D"/tank/jails/dns0"
> >=A0=A0=A0 32. jail_dns0_hostname=3D"dns0"
> >=A0=A0=A0 33. jail_dns0_ip=3D"192.168.224.14"
> >=A0=A0=A0 34. jail_dns0_devfs_enable=3D"YES"
> >=A0=A0=A0 35. jail_dns0_exec_stop=3D"/etc/rc.shutdown"
> >=A0=A0=A0 36.
> >=A0=A0=A0 37. ifconfig_bge0_alias2=3D"inet 192.168.224.15 netmask 255.25=
5.255.255"
> >=A0=A0=A0 38. jail_smarty0_rootdir=3D"/tank/jails/smarty0"
> >=A0=A0=A0 39. jail_smarty0_hostname=3D"smarty0"
> >=A0=A0=A0 40. jail_smarty0_ip=3D"192.168.224.15"
> >=A0=A0=A0 41. jail_smarty0_devfs_enable=3D"YES"
> >=A0=A0=A0 42. jail_smarty0_exec_stop=3D"/etc/rc.shutdown"
> >=A0=A0=A0 43.
> >=A0=A0=A0 44. ifconfig_bge0_alias3=3D"inet 192.168.224.16 netmask 255.25=
5.255.255"
> >=A0=A0=A0 45. jail_centos_rootdir=3D"/tank/jails/centos"
> >=A0=A0=A0 46. jail_centos_hostname=3D"centos"
> >=A0=A0=A0 47. jail_centos_ip=3D"192.168.224.16"
> >=A0=A0=A0 48. jail_centos_devfs_enable=3D"YES"
> >
> >
> > Result of jls after /etc/rc.d/jail start centos (notice there's no
> > entry for
> > centos)
> >
> >=A0=A0=A0 JID=A0 IP Address=A0=A0=A0=A0=A0 Hostname=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 Path
> >=A0=A0=A0=A0=A0 1=A0 192.168.224.12=A0 www0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 /tank/jails/www0
> >=A0=A0=A0=A0=A0 2=A0 192.168.224.14=A0 dns0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 /tank/jails/dns0
> >=A0=A0=A0=A0=A0 3=A0 192.168.224.15=A0 smarty0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 /tank/jails/smarty0
> >
> >
> > No error messages when starting or stopping centos jail.
> > /var/run contains jail_centos.id
> > Alias exists on bge0.
> >
> > So I tried "jexec 4 /bin/bash" figuring jls just isn't showing the
> > centos jail for some reason but:
> > jexec: jail_attach(4): Invalid argument
> >
> > Anybody have any idea about what might be happening here?
>
> This usually happens when there are no processes running in the jail to k=
eep
it
> up.=A0 By default, jails started thru rc.d/jail are not persistent.
> Try adding something like cron_enable=3D"YES" to rc.conf inside the jail.


The /etc/rc.d/jail script will (by default) run "/bin/sh /etc/rc" as the ja=
iled
process. On FreeBSD, /etc/rc is responsible for booting the system. By defa=
ult,
a vanilla FreeBSD jail will run syslogd, sendmail, and cron, all of which f=
ork
and daemonize, triply allowing the jail to persist.

CentOS -- which also has /etc/rc (as a symbolic link to /etc/rc.d/rc) --
meanwhile may not have any services that are enabled by default. I would ei=
ther

a. chroot(8) into the jail and use chkconfig(8) to enable something like cr=
on in
runlevel 5 (e.g. chkconfig --level 5 crond on)
or simply...
b. ln -sf ../init.d/crond /tank/jails/centos/etc/rc5.d/S90crond

On a side note: this is the first that I've ever heard that you could run C=
entOS
Linux in a FreeBSD jail. It should work -- afterall, my CentOS 4.7 box appe=
ars
to have /etc/rc as a symlink to /etc/rc.d/rc, so in-theory there should be =
no
problems with the /etc/rc.d/jail FreeBSD script from firing up a CentOS jail
(*cough* in-theory *cough*).

Do let me know how you fair.
--
Devin


_____________

The information contained in this message is proprietary and/or confidentia=
l. If you are not the intended recipient, please: (i) delete the message an=
d all copies; (ii) do not disclose, distribute or use the message in any ma=
nner; and (iii) notify the sender immediately. In addition, please be aware=
 that any message addressed to our domain is subject to archiving and revie=
w by persons other than the intended recipient. Thank you.
_____________