From owner-freebsd-jail@FreeBSD.ORG Sun Nov 25 09:46:34 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C2FCCC2F for ; Sun, 25 Nov 2012 09:46:34 +0000 (UTC) (envelope-from zaphod@berentweb.com) Received: from sam.nabble.com (sam.nabble.com [216.139.236.26]) by mx1.freebsd.org (Postfix) with ESMTP id 94BE58FC0C for ; Sun, 25 Nov 2012 09:46:34 +0000 (UTC) Received: from [192.168.236.26] (helo=sam.nabble.com) by sam.nabble.com with esmtp (Exim 4.72) (envelope-from ) id 1TcYnJ-0003Ti-M3 for freebsd-jail@freebsd.org; Sun, 25 Nov 2012 01:46:33 -0800 Date: Sun, 25 Nov 2012 01:46:33 -0800 (PST) From: Beeblebrox To: freebsd-jail@freebsd.org Message-ID: <1353836793676-5763946.post@n5.nabble.com> In-Reply-To: <1353228642821-5761961.post@n5.nabble.com> References: <1352457514352-5759501.post@n5.nabble.com> <50A51022.5000801@FreeBSD.org> <1353228642821-5761961.post@n5.nabble.com> Subject: Re: Recent jail problems [was: ICMP RAW socket error] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Nov 2012 09:46:34 -0000 I'm probably overlooking certain things with this question, but there seems to be a number of places to make jail-specific adjustments / settings. The options available are: host /etc/rc.conf host /etc/sysctl.conf host /etc/devfs.rules host /etc/jail.conf Q1: With regards to getting around this problem (jail_xyz_parameters="allow.raw_sockets"), I tried placing this in /etc/rc.conf but I also had in /etc/sysctl.conf: security.jail.allow_raw_sockets=1 security.jail.socket_unixiproute_only=1 Maybe the 2 settings are in conflict? Q2: As far as I understand, jail related things in rc.conf, sysctl.conf and devfs.rules should now be migrated to jail.conf - Is that correct? Thanks. -- View this message in context: http://freebsd.1045724.n5.nabble.com/ICMP-RAW-socket-error-tp5759501p5763946.html Sent from the freebsd-jail mailing list archive at Nabble.com. From owner-freebsd-jail@FreeBSD.ORG Sun Nov 25 15:10:07 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C645A9A8 for ; Sun, 25 Nov 2012 15:10:07 +0000 (UTC) (envelope-from zaphod@berentweb.com) Received: from sam.nabble.com (sam.nabble.com [216.139.236.26]) by mx1.freebsd.org (Postfix) with ESMTP id A18C18FC17 for ; Sun, 25 Nov 2012 15:10:07 +0000 (UTC) Received: from [192.168.236.26] (helo=sam.nabble.com) by sam.nabble.com with esmtp (Exim 4.72) (envelope-from ) id 1TcdqR-0002O9-3Y for freebsd-jail@freebsd.org; Sun, 25 Nov 2012 07:10:07 -0800 Date: Sun, 25 Nov 2012 07:10:07 -0800 (PST) From: Beeblebrox To: freebsd-jail@freebsd.org Message-ID: <1353856207101-5764027.post@n5.nabble.com> In-Reply-To: <1353836793676-5763946.post@n5.nabble.com> References: <1352457514352-5759501.post@n5.nabble.com> <50A51022.5000801@FreeBSD.org> <1353228642821-5761961.post@n5.nabble.com> <1353836793676-5763946.post@n5.nabble.com> Subject: Re: Recent jail problems [was: ICMP RAW socket error] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Nov 2012 15:10:07 -0000 I migrated my settings to /etc/jail.conf, removed the entries in /etc/rc.conf and tried to start the jail: service jail onestart pxe Configuring jails:. Starting jails:/etc/rc.d/jail: ERROR: jail: No hostname has been defined for pxe I re-enabled jail_list="pxe" in rc.conf but still same error. --------/etc/jail.conf-------------------- mount.devfs; mount.procfs; devfs_ruleset = devfsrules_jail; exec.start = "/bin/sh /etc/rc"; exec.stop = "/bin/sh /etc/rc.shutdown"; pxe { name = pxe; host.hostname = example.org; interface = re0; ip4.addr = 192.168.2.1/32; path = /data/amd64; allow.raw_sockets; enforce_statfs = 1; mount.fstab = /etc/fstab.pxe; } -- View this message in context: http://freebsd.1045724.n5.nabble.com/ICMP-RAW-socket-error-tp5759501p5764027.html Sent from the freebsd-jail mailing list archive at Nabble.com. From owner-freebsd-jail@FreeBSD.ORG Sun Nov 25 20:28:52 2012 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2288EE07 for ; Sun, 25 Nov 2012 20:28:52 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from m2.gritton.org (gritton.org [199.192.164.235]) by mx1.freebsd.org (Postfix) with ESMTP id DDA4D8FC12 for ; Sun, 25 Nov 2012 20:28:51 +0000 (UTC) Received: from glorfindel.gritton.org (c-174-52-130-157.hsd1.ut.comcast.net [174.52.130.157]) (authenticated bits=0) by m2.gritton.org (8.14.5/8.14.5) with ESMTP id qAPK1SIa006809; Sun, 25 Nov 2012 13:01:28 -0700 (MST) (envelope-from jamie@FreeBSD.org) Message-ID: <50B27916.9010002@FreeBSD.org> Date: Sun, 25 Nov 2012 13:01:26 -0700 From: Jamie Gritton User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.2.24) Gecko/20120129 Thunderbird/3.1.16 MIME-Version: 1.0 To: Beeblebrox Subject: Re: Recent jail problems [was: ICMP RAW socket error] References: <1352457514352-5759501.post@n5.nabble.com> <50A51022.5000801@FreeBSD.org> <1353228642821-5761961.post@n5.nabble.com> <1353836793676-5763946.post@n5.nabble.com> In-Reply-To: <1353836793676-5763946.post@n5.nabble.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Nov 2012 20:28:52 -0000 On 11/25/12 02:46, Beeblebrox wrote: > I'm probably overlooking certain things with this question, but there seems > to be a number of places to make jail-specific adjustments / settings. The > options available are: > > host /etc/rc.conf > host /etc/sysctl.conf > host /etc/devfs.rules > host /etc/jail.conf > > Q1: With regards to getting around this problem > (jail_xyz_parameters="allow.raw_sockets"), I tried placing this in > /etc/rc.conf but I also had in /etc/sysctl.conf: > security.jail.allow_raw_sockets=1 > security.jail.socket_unixiproute_only=1 > Maybe the 2 settings are in conflict? > > Q2: As far as I understand, jail related things in rc.conf, sysctl.conf and > devfs.rules should now be migrated to jail.conf - Is that correct? > Thanks. Jail.conf will replace the jail settings in rc.conf and sysctl.conf, but it doesn't yet. The rc system still uses the jail program in its old command-line mode, and not with the conf files. devfs.rules will keep its jail-related rules though. - Jamie From owner-freebsd-jail@FreeBSD.ORG Mon Nov 26 11:06:46 2012 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5EE2C541 for ; Mon, 26 Nov 2012 11:06:46 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 441CE8FC15 for ; Mon, 26 Nov 2012 11:06:46 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id qAQB6kxk019427 for ; Mon, 26 Nov 2012 11:06:46 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id qAQB6jgk019425 for freebsd-jail@FreeBSD.org; Mon, 26 Nov 2012 11:06:45 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 26 Nov 2012 11:06:45 GMT Message-Id: <201211261106.qAQB6jgk019425@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Nov 2012 11:06:46 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o bin/173469 jail [jail] regression: security.jail.sysvipc_allowed=1 no o kern/169751 jail [jail] reading routing information does not work in ja o bin/167911 jail new jail(8) problem with removal, ifconfg -alias and k o kern/159918 jail [jail] inter-jail communication failure o kern/156111 jail [jail] procstat -b not supported in jail o misc/155765 jail [patch] `buildworld' does not honors WITHOUT_JAIL o conf/154246 jail [jail] [patch] Bad symlink created if devfs mount poin o conf/149050 jail [jail] rcorder ``nojail'' too coarse for Jail+VNET s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail o kern/133265 jail [jail] is there a solution how to run nfs client in ja o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid 13 problems total. From owner-freebsd-jail@FreeBSD.ORG Mon Nov 26 17:28:38 2012 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BBA542F3; Mon, 26 Nov 2012 17:28:38 +0000 (UTC) (envelope-from mike.jakubik@intertainservices.com) Received: from mail.intertainservices.com (mail.intertainservices.com [69.77.177.114]) by mx1.freebsd.org (Postfix) with ESMTP id 4E9B08FC13; Mon, 26 Nov 2012 17:28:38 +0000 (UTC) Received: from [172.16.10.200] (unknown [172.16.10.200]) by mail.intertainservices.com (Postfix) with ESMTPSA id 4CFE656E23; Mon, 26 Nov 2012 12:28:31 -0500 (EST) Message-ID: <1353950911.1893.1.camel@mjakubik.localdomain> Subject: Re: jail: unknown parameter: ip6.addr From: Mike Jakubik To: Chris Rees Date: Mon, 26 Nov 2012 12:28:31 -0500 In-Reply-To: <1352756987.7967.10.camel@mjakubik.localdomain> References: <1352756987.7967.10.camel@mjakubik.localdomain> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.4.4 (3.4.4-2.fc17) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-intertainservices-MailScanner-Information: Please contact the ISP for more information X-intertainservices-MailScanner-ID: 4CFE656E23.AF6D8 X-intertainservices-MailScanner: Found to be clean X-intertainservices-MailScanner-From: mike.jakubik@intertainservices.com X-Spam-Status: No Cc: jail@freebsd.org, "freebsd-rc@freebsd.org" , Eitan Adler X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Nov 2012 17:28:38 -0000 On Mon, 2012-11-12 at 16:49 -0500, Mike Jakubik wrote: > On Sun, 2012-11-11 at 12:30 +0000, Chris Rees wrote: > > > > > Patch as promised-- please would you test and confirm? > > > > Chris, > > This patch also works for me, i am able to stop and start jails. > > Thanks. > Hello, Any chance that this can get committed before 9.1 is released? As is, 9.1 will break any system using jails that have INET6 disabled. Thanks. From owner-freebsd-jail@FreeBSD.ORG Mon Nov 26 17:53:10 2012 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 50992BDD for ; Mon, 26 Nov 2012 17:53:10 +0000 (UTC) (envelope-from lists@eitanadler.com) Received: from mail-la0-f54.google.com (mail-la0-f54.google.com [209.85.215.54]) by mx1.freebsd.org (Postfix) with ESMTP id 9DC878FC13 for ; Mon, 26 Nov 2012 17:53:09 +0000 (UTC) Received: by mail-la0-f54.google.com with SMTP id j13so10945916lah.13 for ; Mon, 26 Nov 2012 09:53:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eitanadler.com; s=0xdeadbeef; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type; bh=jOBxGd/J04QGsN7zdhIbuR1DzbNOnQ4LUQV74lUgk/E=; b=lx/BzVlRIYrKaVgxjd2JUxO99MPb4X534j+MrdXeZi7TmcPRRnm9u+xn4hXSefTKeP Wva/lD0ICJulyrIB39axqRRFb6DVzJ/pcJsVuHOfLpI5mLjRYAxclqv6vCSN2sg6wMp8 PEhzdRMPcLbHlYF2b56FQG+ATGoXkHbajCWPc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :x-gm-message-state; bh=jOBxGd/J04QGsN7zdhIbuR1DzbNOnQ4LUQV74lUgk/E=; b=mK6jtAfgMsYZPOJeGCR6iYe4kVfmS2vCgXdn+wK9N2Ita6KDMM7FqokjFZQPFw0QNg V7oUVl4lqcp77iFoCqaEPbNzh8x+hlQDX2tYm8sL0Hmj+wZ/zsMAeOHgbGUR+aAhX1yC WaHbw3704j31okKTZWPwkpBd0nI6Cf0xhx281pKhcFtlpA4OCZwCrHbZ5QJi+xomkDBW EIizg2TORrKePvvKVTo+LOE/S1A3K68lZLswmqpQrgxvI2M4k0uAGXEJVkwGHrHJhPji ZFCTReClVDRCm4UKd5jQX1JW7l1czAcEyN7b9B/oJtrnvpP5p8WmWB6UPpVyXo41PBIF ZXiw== Received: by 10.152.103.100 with SMTP id fv4mr11688877lab.39.1353952387983; Mon, 26 Nov 2012 09:53:07 -0800 (PST) MIME-Version: 1.0 Sender: lists@eitanadler.com Received: by 10.112.154.168 with HTTP; Mon, 26 Nov 2012 09:52:36 -0800 (PST) In-Reply-To: <1353950911.1893.1.camel@mjakubik.localdomain> References: <1352756987.7967.10.camel@mjakubik.localdomain> <1353950911.1893.1.camel@mjakubik.localdomain> From: Eitan Adler Date: Mon, 26 Nov 2012 12:52:36 -0500 X-Google-Sender-Auth: NX7CR1mOAqSwtZ2G6-hJUsaNPz8 Message-ID: Subject: Re: jail: unknown parameter: ip6.addr To: Mike Jakubik Content-Type: text/plain; charset=UTF-8 X-Gm-Message-State: ALoCoQlGpnYnVAD5vu+3Q7U7RZB4vc7xNuBacnq8IG6GZAaBDOgxACX6m1EcqEvSt848RNorZpgI Cc: jail@freebsd.org, "freebsd-rc@freebsd.org" , Chris Rees X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Nov 2012 17:53:10 -0000 On 26 November 2012 12:28, Mike Jakubik wrote: > On Mon, 2012-11-12 at 16:49 -0500, Mike Jakubik wrote: >> On Sun, 2012-11-11 at 12:30 +0000, Chris Rees wrote: >> >> > >> > Patch as promised-- please would you test and confirm? >> > >> >> Chris, >> >> This patch also works for me, i am able to stop and start jails. >> >> Thanks. >> > > Hello, > > Any chance that this can get committed before 9.1 is released? As is, > 9.1 will break any system using jails that have INET6 disabled. It has been committed. I don't think I MFCed it (but may have forgotten if I did). In any case there is zero chance of getting it in to 9.1-RELEASE. It will be in 9.2. -- Eitan Adler Source, Ports, Doc committer Bugmeister, Ports Security teams