From owner-freebsd-jail@freebsd.org Sun Jun 28 06:36:43 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EDAA13417B2 for ; Sun, 28 Jun 2020 06:36:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 49vgrW67Nzz40pZ for ; Sun, 28 Jun 2020 06:36:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id D092234147E; Sun, 28 Jun 2020 06:36:43 +0000 (UTC) Delivered-To: jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CF3F5341842 for ; Sun, 28 Jun 2020 06:36:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49vgrW4yXDz40Xw for ; Sun, 28 Jun 2020 06:36:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A5BBA11EF6 for ; Sun, 28 Jun 2020 06:36:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 05S6ahrt082999 for ; Sun, 28 Jun 2020 06:36:43 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 05S6ahsf082998 for jail@FreeBSD.org; Sun, 28 Jun 2020 06:36:43 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 238326] Kernel crash on jail stop (VIMAGE/VNET) Date: Sun, 28 Jun 2020 06:36:40 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: ms-freebsd-bugzilla@stoffnet.at X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Jun 2020 06:36:44 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D238326 Markus Stoff changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ms-freebsd-bugzilla@stoffne | |t.at --- Comment #14 from Markus Stoff --- I can also reliably reproduce this on a physical machine using the vnet_epair_test.sh script at bug #234985. Server: CPU: AMD Ryzen 5 3600 6-Core Processor (3593.32-MHz K8-class = CPU) FreeBSD/SMP: Multiprocessor System Detected: 12 CPUs FreeBSD/SMP: 1 package(s) x 2 cache groups x 3 core(s) x 2 hardware threads Running 'ifconfig ${epair}b -vnet ${jid}' before removing the jail avoids t= he kernel panic. However, I would prefer to shut my jails down in a clean way rather than just pulling the (network) plug. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-jail@freebsd.org Sun Jun 28 19:32:07 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 675CE353981 for ; Sun, 28 Jun 2020 19:32:07 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-qv1-xf42.google.com (mail-qv1-xf42.google.com [IPv6:2607:f8b0:4864:20::f42]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49w13B5txhz3Vth for ; Sun, 28 Jun 2020 19:32:06 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-qv1-xf42.google.com with SMTP id t7so6750757qvl.8 for ; Sun, 28 Jun 2020 12:32:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=aTK4aqWpTlpAsw58t23F3jiZZsVm6oEG4h85SY/i6yY=; b=DMf8UqjFXdosL3JvBcI9/by6Ikx72eNIl8QfobliaK9u+p7p71n1Pwi+eo/W2icjfA OREGv2YGeoAVCYQyp7FZulZgl2meGULkOLhajdo7dqgmR+wl6qcNIkt9XPvjRxKkDjaG LsoZB8V4RKnGghAu7fwDe2OF9BueMXHdgoCEsqzHod/hNW4MQ1c2NeOH65/ChdGT6gPN KiTm5k3ziVzCbjfAayznQr/q+xksTBVxG0CHvVUqseM0AWUYRWEFr5EZolqmzVnduQjq rf8BoTDu687sA5T/rwdK7gkjcjg3f2h2hvvwmnn/dsbZJQkRiRE+5BMpJ1qCYNJS3MS0 V+yA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=aTK4aqWpTlpAsw58t23F3jiZZsVm6oEG4h85SY/i6yY=; b=UHSIrVsCBwVNogGrMge61yvvc7efdPsWBdnXkJdFEAxSBF8uq21Vs++qi4adwRFnoP HKAOMvLSmSVcxJE6rIL2it1LUtcBwt3VS52wVxv+2VdDly/U4rpfn3muFsOTH6JJlLOm vAam5d5iHjOvjWt1zewC/cQT0iaOVgY7tMEGkuPVj/ZTXPcBvCu16H860Tx5gxO2xhRY JlpJSgbqOoP/BJuYAhC8A58ymDKcS0lPvCzg070jULA+udGZCw/e4RmtYVseEmP6BEHu VY3JWQLzMbmqpL8EcRHiU04rm5mDuiX0wFru1WHPAMudg9wPRs/JEKg8dP76aGU+UtSL PQyw== X-Gm-Message-State: AOAM5301f8Yh1ufKRoY+63YSjU8luwZim5mkeTwKgQJXMOLq2XfEsvUh 0aTnbHpxnsGt0OZCfI6LzoA= X-Google-Smtp-Source: ABdhPJxQACJDj0+pgD1go6pIlBMvozsu7rM6GAiUpGoDq/YGsNSqev6JkNkOni8xDCVcVXy5P99wiA== X-Received: by 2002:a0c:b61d:: with SMTP id f29mr5405690qve.249.1593372725947; Sun, 28 Jun 2020 12:32:05 -0700 (PDT) Received: from [10.0.10.8] (cpe-65-25-48-225.neo.res.rr.com. [65.25.48.225]) by smtp.googlemail.com with ESMTPSA id s46sm16740825qts.85.2020.06.28.12.32.05 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 28 Jun 2020 12:32:05 -0700 (PDT) Message-ID: <5EF8F034.4040705@gmail.com> Date: Sun, 28 Jun 2020 15:32:04 -0400 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: =?ISO-8859-1?Q?J=C1K=D3_Andr=E1s?= CC: David Mehler , freebsd-jail Subject: Re: FreeBSD 12.1, vnet jail, and internet access References: <20200627204831.GC77414@eik.bme.hu> <20200627213730.GE77414@eik.bme.hu> In-Reply-To: <20200627213730.GE77414@eik.bme.hu> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 49w13B5txhz3Vth X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=DMf8UqjF; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of luzar722@gmail.com designates 2607:f8b0:4864:20::f42 as permitted sender) smtp.mailfrom=luzar722@gmail.com X-Spamd-Result: default: False [-4.02 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-1.08)[-1.081]; RECEIVED_SPAMHAUS_PBL(0.00)[65.25.48.225:received]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; MID_RHS_MATCH_FROM(0.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.99)[-0.993]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; NEURAL_HAM_LONG(-0.95)[-0.945]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-jail@freebsd.org]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::f42:from]; FREEMAIL_CC(0.00)[gmail.com,freebsd.org]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Jun 2020 19:32:07 -0000 JÁKÓ András wrote: >> I was under the impression that the two stacks were separate? > > They are. But I don't think your ISP knows anything about your private > subnet, so they won't send IP packets with your private destination > address to you. And most probably they won't accept IP packets with your > private source address from you. So you have to translate these private > addresses if you want your ISP (and others) to forward them. > >> Should I nat on the bridge or epair? > > On the bridge, I guess. > Have 2 questions. If there were no ip addresses on the bridge and the epair0b in the vnet jail would packets pass out the bridge member external interface? How would I setup a public domain name to target the vnet jail? From owner-freebsd-jail@freebsd.org Mon Jun 29 08:41:56 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 493BD342CF2 for ; Mon, 29 Jun 2020 08:41:56 +0000 (UTC) (envelope-from goya@eik.bme.hu) Received: from zero.eik.bme.hu (zero.eik.bme.hu [IPv6:2001:738:2001:2001::2001]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 49wLZW15NDz4XCQ for ; Mon, 29 Jun 2020 08:41:54 +0000 (UTC) (envelope-from goya@eik.bme.hu) Received: from zero.eik.bme.hu (blah.eik.bme.hu [152.66.115.182]) by localhost (Postfix) with SMTP id 43E98746335; Mon, 29 Jun 2020 10:41:50 +0200 (CEST) Received: by zero.eik.bme.hu (Postfix, from userid 884) id 25642746333; Mon, 29 Jun 2020 10:41:50 +0200 (CEST) Date: Mon, 29 Jun 2020 10:41:50 +0200 From: =?utf-8?B?SsOBS8OTIEFuZHLDoXM=?= To: Ernie Luzar Cc: David Mehler , freebsd-jail Subject: Re: FreeBSD 12.1, vnet jail, and internet access Message-ID: <20200629084150.GC65151@eik.bme.hu> References: <20200627204831.GC77414@eik.bme.hu> <20200627213730.GE77414@eik.bme.hu> <5EF8F034.4040705@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <5EF8F034.4040705@gmail.com> Organization: Budapest University of Technology and Economics (BME) X-Spam-Checker-Version: Sophos PMX: 6.4.8.2820816, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2020.6.29.83317, AntiVirus-Engine: 5.74.0, AntiVirus-Data: 2020.6.28.5740003 X-Spam-Flag: NO X-Spam-Probability: 8% X-Spam-Level: X-Spam-Status: No, score=8% required=50% X-Rspamd-Queue-Id: 49wLZW15NDz4XCQ X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of goya@eik.bme.hu designates 2001:738:2001:2001::2001 as permitted sender) smtp.mailfrom=goya@eik.bme.hu X-Spamd-Result: default: False [-0.04 / 15.00]; RCVD_TLS_ALL(0.00)[]; ARC_NA(0.00)[]; FREEMAIL_CC(0.00)[gmail.com,freebsd.org]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+a:nic.bme.hu]; NEURAL_HAM_LONG(-0.87)[-0.868]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[bme.hu]; NEURAL_SPAM_SHORT(0.25)[0.248]; HAS_ORG_HEADER(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2001:738:2001:2001::2001:from]; NEURAL_HAM_MEDIUM(-0.92)[-0.922]; FREEMAIL_TO(0.00)[gmail.com]; FORGED_SENDER(0.30)[jako.andras@eik.bme.hu,goya@eik.bme.hu]; R_DKIM_NA(0.00)[]; R_MIXED_CHARSET(1.50)[subject]; RCVD_COUNT_TWO(0.00)[2]; MIME_TRACE(0.00)[0:+]; FROM_NEQ_ENVFROM(0.00)[jako.andras@eik.bme.hu,goya@eik.bme.hu]; ASN(0.00)[asn:1955, ipnet:2001:738::/32, country:HU] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Jun 2020 08:41:56 -0000 > > > I was under the impression that the two stacks were separate? > > > > They are. But I don't think your ISP knows anything about your private > > subnet, so they won't send IP packets with your private destination > > address to you. And most probably they won't accept IP packets with your > > private source address from you. So you have to translate these private > > addresses if you want your ISP (and others) to forward them. > > > > > Should I nat on the bridge or epair? > > > > On the bridge, I guess. > > > > Have 2 questions. > > If there were no ip addresses on the bridge and the epair0b in the vnet jail > would packets pass out the bridge member external interface? It's a 802.1 bridge, it can pass frames to the external interface (according to its MAC address table). > How would I setup a public domain name to target the vnet jail? A public domain name should point to a public IP address. If your jail's IP address is a private one, and you do NAT, then use your public IP address (the one that is translated to the jail's private address). If you have a public address in the jail and you don't use address translation, then use the jail's public IP address in the DNS. András From owner-freebsd-jail@freebsd.org Wed Jul 1 00:30:12 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BA6533595FC for ; Wed, 1 Jul 2020 00:30:12 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-qt1-x843.google.com (mail-qt1-x843.google.com [IPv6:2607:f8b0:4864:20::843]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49xMZC58Yjz485r for ; Wed, 1 Jul 2020 00:30:11 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-qt1-x843.google.com with SMTP id x62so17159097qtd.3 for ; Tue, 30 Jun 2020 17:30:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=mKQE4y/T87OZHj3Afcl1kD/6t4DVaCZdR3mTPOUgT3Q=; b=XwoM7rcr14rhRic8zaATKEduP8QlaMZeMw/B2Yljp9CQd2r8Pk0t1hXxBsmda48dJI hCuJCImUW8cL05QQYMn+QXAiC85AsYZ0TA669TngrIqTgkkzjV5U/26RbgBq6saJbhwr 2Rn1NNwh4186gj1XlRDNJbwvRBVo3MF6ge8YpHbC9IO8RIRORODKUaQ58znTWpxeWSlU ejiEYWYSPks5snD0t8TNXVc6CQhjs1M0iiliHFYXwgHygyB1LuJeT4eDiJ/2wu/yVj4C dpwUWXXHl7Bf5kDOrrN4Cr/lihWCXsnC2WeRI4Cxk9FGZkw3wL5/RhBYM5IyYQittNNe Eb5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=mKQE4y/T87OZHj3Afcl1kD/6t4DVaCZdR3mTPOUgT3Q=; b=bRLomnUXzy2I9KUcaceMCoAkmo5dt7Q+Kfx2zoRiPGt6OmwYKAREWnvgndddXyRkBx jA7c/Oo4X+bI3gjquBd6e46nmUe1mrBi0Z32xdJIwJ0hcotbefJMwQLWeTDsl+1VHuk5 OHINGEpU9JK8mrvhy6jMO14yljRugjkEAVrAH8pTv4Z1G600tkWxbfAeA6GgG7o5Sp51 UIF21UuJepnSsARdoBBYYTDg60sX3KMNQXcm2ygV/8/LrYVAk7mB6iehYQ9+WfFuP2y4 3KTMlVTkuqywsheD8+JOfFGfEN/kWAwJFTTYVrdAOcxhbrTP9jTINFExs4Y8IkguZKvW BxTQ== X-Gm-Message-State: AOAM530zxjV/ooiygGAYZaNKocY6YQwiTgTMsKbU2eTueVHl04Yxh1my ot/w940BzP4KYREV+w0XQP0= X-Google-Smtp-Source: ABdhPJyN1BYdhJeh+AwFCWhugfx49OA19ieeNHCeEYtj2ZLv5PLmqDqd7QNRmW+9V7ypqoG++r6TtQ== X-Received: by 2002:aed:2ba1:: with SMTP id e30mr24736225qtd.357.1593563410320; Tue, 30 Jun 2020 17:30:10 -0700 (PDT) Received: from [10.0.10.8] (cpe-65-25-48-225.neo.res.rr.com. [65.25.48.225]) by smtp.googlemail.com with ESMTPSA id g1sm4812241qkl.86.2020.06.30.17.30.09 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 30 Jun 2020 17:30:09 -0700 (PDT) Message-ID: <5EFBD910.7040909@gmail.com> Date: Tue, 30 Jun 2020 20:30:08 -0400 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: =?ISO-8859-1?Q?J=C1K=D3_Andr=E1s?= CC: David Mehler , freebsd-jail Subject: Re: FreeBSD 12.1, vnet jail, and internet access References: <20200627204831.GC77414@eik.bme.hu> <20200627213730.GE77414@eik.bme.hu> <5EF8F034.4040705@gmail.com> <20200629084150.GC65151@eik.bme.hu> In-Reply-To: <20200629084150.GC65151@eik.bme.hu> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 49xMZC58Yjz485r X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=XwoM7rcr; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of luzar722@gmail.com designates 2607:f8b0:4864:20::843 as permitted sender) smtp.mailfrom=luzar722@gmail.com X-Spamd-Result: default: False [-3.22 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-0.26)[-0.255]; RECEIVED_SPAMHAUS_PBL(0.00)[65.25.48.225:received]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; MID_RHS_MATCH_FROM(0.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.97)[-0.969]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; NEURAL_HAM_LONG(-1.00)[-0.998]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-jail@freebsd.org]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::843:from]; FREEMAIL_CC(0.00)[gmail.com,freebsd.org]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jul 2020 00:30:12 -0000 JÁKÓ András wrote: >>>> I was under the impression that the two stacks were separate? >>> They are. But I don't think your ISP knows anything about your private >>> subnet, so they won't send IP packets with your private destination >>> address to you. And most probably they won't accept IP packets with your >>> private source address from you. So you have to translate these private >>> addresses if you want your ISP (and others) to forward them. >>> >>>> Should I nat on the bridge or epair? >>> On the bridge, I guess. >>> >> Have 2 questions. >> >> If there were no ip addresses on the bridge and the epair0b in the vnet jail >> would packets pass out the bridge member external interface? > > It's a 802.1 bridge, it can pass frames to the external interface > (according to its MAC address table). > >> How would I setup a public domain name to target the vnet jail? > > A public domain name should point to a public IP address. If your jail's > IP address is a private one, and you do NAT, then use your public IP > address (the one that is translated to the jail's private address). If > you have a public address in the jail and you don't use address > translation, then use the jail's public IP address in the DNS. > > András > I think I have determined what your talking about. All the vnet literature talks about a vnet jail having it's own separate ip stack. I interpreted this to mean that the vnet jail's stack was connected directly to the epair0b / bridge0 / host external interface WITHOUT the host's firewall knowing anything about that vnet traffic. Now for the first time I hear you saying that this is not correct. That all external interface traffic passes through the hosts firewall including vnet traffic before its handed off to the vnet stack. I am running FBSD 12.1-p6 on real hardware. em0 is the host interface connected to the public network with a dynamic ip address by DHCP. To populate my working vnet jail directory tree I did this. # download the base.txz file to the host cd /usr fetch -avrA http://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/12.1-RELEASE/base.txz # unpack base.txz to directory tree mkdir -p /usr/jails/jailname cd /usr/jails xzdec base.txz | tar --unlink -xpJf - -C /usr/jails/jailname # prep jail directory cp /etc/localtime jailname/etc cp /etc/resolv.conf jailname/etc echo "sendmail_enable="none"" > jailname/etc/rc.conf echo "sendmail_submit_enable="none"" >> jailname/etc/rc.conf echo "sendmail_outbound_enable="none"" >> jailname/etc/rc.conf echo "sendmail_msp_queue_enable="none"" >> jailname/etc/rc.conf /etc/jail.conf # # Using manual command method FBSD 12.1 # with assigned ip address for epairb and bridge. # start and stop vnet jail works without crashing the host because # of the embedded sleep commands that work around the teardown bug that # is now fixed in soon to be released FBSD 13. # From within the vnet jail can ping the bridge private ip, # host public ip and the public internet. ping -c 2 1.1.1.1 0% packet loss # # Very important detail; host firewall must NAT the private # ip addresses used. # # Issue the following console commands to prep the bridge instead of # cloned_interfaces="bridge0" # ifconfig_bridge0="inet 10.0.100.1/24 addm em0 up" # in rc.conf # # ifconfig bridge0 create up # ifconfig bridge0 inet 10.0.100.1/24 addm em0 # # using native jail command for start and stop of vnet jail # -v = verbose outputs log of what start process is really doing # jail -vc jailname to start jail -vr jailname to stop # service jail [start stop] jailname works also. # # jexec jailname login -f root to login to the vnet jail from host # testjail { host.hostname = "vnet_testjail"; path = "/usr/jails/testjail"; exec.consolelog = "/var/log/vnet_testjail.console.log"; mount.devfs = "true"; devfs_ruleset = "4"; vnet = "new"; vnet.interface = "epair1b"; exec.prestart = "ifconfig epair1 create up"; exec.prestart += "ifconfig bridge0 addm epair1a"; exec.start = "/bin/sh /etc/rc"; exec.start += "ifconfig epair1b inet 10.0.100.55 netmask 255.255.255.0"; exec.start += "route add default 10.0.100.1"; exec.stop = "/bin/sh /etc/rc.shutdown"; exec.poststop = "sleep 2"; exec.poststop += "ifconfig bridge0 deletem epair1a"; exec.poststop += "sleep 2"; exec.poststop += "ifconfig epair1a destroy"; } Now to get back to your post statement that a 802.1 bridge can pass frames to the external interface according to MAC address table. I interpreted this to mean that ip addresses are not needed in the jail.conf jail definitions to accomplish this. I think that what you are talking about is the jib method shown in /usr/share/examples/jails. I have tried getting this jib method to work many times without any success. There is no bridge to begin with because the jib will create it on the first vnet jail being started. This is the jail.conf I tried. testjail2 { host.hostname = "vnet_testjail2"; path = "/usr/jails/testjail2"; exec.consolelog = "/var/log/vnet_testjail2.console.log"; mount.devfs = "true"; devfs_ruleset = "4"; vnet = "new"; vnet.interface = "e0b_testjail2"; exec.prestart = "jib addm testjail2 em0"; exec.start = "/bin/sh /etc/rc"; exec.stop = "/bin/sh /etc/rc.shutdown"; exec.poststop = "jib destroy testjail2"; } I can start and stop this jib jail but when I login to the this vnet jail and issue ping -c2 1.1.1.1 I get this message ping: sendto: Network is unreachable. What changes to the above jib vnet jail config are needed to make it an MAC address driven vnet jail? Thanks for the info you have already provided and for your continued help. From owner-freebsd-jail@freebsd.org Wed Jul 1 01:02:47 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 96F8D35A19F for ; Wed, 1 Jul 2020 01:02:47 +0000 (UTC) (envelope-from dan@langille.org) Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 49xNHp1p5Yz49S5 for ; Wed, 1 Jul 2020 01:02:45 +0000 (UTC) (envelope-from dan@langille.org) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 3444E5C0192 for ; Tue, 30 Jun 2020 21:02:45 -0400 (EDT) Received: from imap36 ([10.202.2.86]) by compute2.internal (MEProxy); Tue, 30 Jun 2020 21:02:45 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=langille.org; h= mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm1; bh=DxXhIREcKHt4Q/mrK4cMKj6ajEwKDEQ 8vfUwzZPryMU=; b=q8dROiyOgBsi52ThB+y4VzaQhHgH6ftil8HvnhrI5AOAlzX Nt9p/lc0NePmy3P79AOr6MdNIURB2zkcOvFhi5wK6BgCIL1rYXoUDysYCuqpD26W jPkx6QpZ24n7UqRyqnCbelOD7td/N25mTdyhPP1vnpa71f8N5H+XkdqLrh5axluM 3GYbL6D5vKUn10MWfr1UNQ8C84Q7+M3Mq1i7HLqGCzXc/M2jY4fsAI0Pv+snb0Ow cnLjdt7hLBSATDEW1TdpEOCGf/N3G1Iv/Rk1FwhK5LSn7n5HlSgrSmyFIvSECceY +0RaiGJ9fe3s0gIUEwbVtWSYJRPezoV/m7SmKfA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=DxXhIR EcKHt4Q/mrK4cMKj6ajEwKDEQ8vfUwzZPryMU=; b=NcvaNZGPUqhPP1V+2hwU71 FsA79VWTxvyJalA0k0/YGF4fpcj7KQLACIuri4WA/Kd9XuGBZUtCN5r6GGlcSzUk ihu3mMMwJp96tRnZLqpbj7yeHsfDRosk7NrTt/OrKUtxP3xUlf4LpYLbYLQdp39M dgUtLm5THz2VZO8IboiUdnL6J5g2xzotAVnCMhzukNlGlh+rEyk12Egydq5gM36P KQTONbJXYgDY/t0wORrj2/9rE4a06SUuvAkJu+o2lN7DJYHpcksTbdvD2ZZ9YEcC RzVRb70K/caMU9SFuewLR5PlnlfANEPpdDMYQocwsQiwns/43K7q4kV0DfxEU8Xg == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedrtddugdegvdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefofgggkfgjfhffhffvufgtsehttdertderredtnecuhfhrohhmpedfffgrnhcu nfgrnhhgihhllhgvfdcuoegurghnsehlrghnghhilhhlvgdrohhrgheqnecuggftrfgrth htvghrnhepleejgfegueehueeiveelvdejvefgudetueekgffgffeiveehudfgffevheej veffnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepug grnheslhgrnhhgihhllhgvrdhorhhg X-ME-Proxy: Received: by mailuser.nyi.internal (Postfix, from userid 501) id D1E851880083; Tue, 30 Jun 2020 21:02:44 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.3.0-dev0-576-gfe2cd66-fm-20200629.001-gfe2cd668 Mime-Version: 1.0 Message-Id: In-Reply-To: <5EFBD910.7040909@gmail.com> References: <20200627204831.GC77414@eik.bme.hu> <20200627213730.GE77414@eik.bme.hu> <5EF8F034.4040705@gmail.com> <20200629084150.GC65151@eik.bme.hu> <5EFBD910.7040909@gmail.com> Date: Tue, 30 Jun 2020 21:02:24 -0400 From: "Dan Langille" To: "Alexander Leidinger via freebsd-jail" Subject: Re: FreeBSD 12.1, vnet jail, and internet access Content-Type: text/plain X-Rspamd-Queue-Id: 49xNHp1p5Yz49S5 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=langille.org header.s=fm1 header.b=q8dROiyO; dkim=pass header.d=messagingengine.com header.s=fm3 header.b=NcvaNZGP; dmarc=pass (policy=none) header.from=langille.org; spf=pass (mx1.freebsd.org: domain of dan@langille.org designates 66.111.4.29 as permitted sender) smtp.mailfrom=dan@langille.org X-Spamd-Result: default: False [-2.32 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.06)[-1.064]; R_DKIM_ALLOW(-0.20)[langille.org:s=fm1,messagingengine.com:s=fm3]; XM_UA_NO_VERSION(0.01)[]; FROM_HAS_DN(0.00)[]; RWL_MAILSPIKE_GOOD(0.00)[66.111.4.29:from]; MV_CASE(0.50)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-jail@freebsd.org]; NEURAL_HAM_LONG(-0.99)[-0.988]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_THREE(0.00)[4]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[langille.org:+,messagingengine.com:+]; DMARC_POLICY_ALLOW(-0.50)[langille.org,none]; NEURAL_HAM_SHORT(-0.18)[-0.182]; R_SPF_ALLOW(-0.20)[+ip4:66.111.4.29]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:11403, ipnet:66.111.4.0/24, country:US]; MID_RHS_WWW(0.50)[]; RCVD_IN_DNSWL_LOW(-0.10)[66.111.4.29:from] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jul 2020 01:02:47 -0000 On Tue, Jun 30, 2020, at 8:30 PM, Ernie Luzar wrote: > I think I have determined what your talking about. All the vnet > literature talks about a vnet jail having it's own separate ip stack. I > interpreted this to mean that the vnet jail's stack was connected > directly to the epair0b / bridge0 / host external interface WITHOUT the > host's firewall knowing anything about that vnet traffic. FYI, you are not alone. I have tried to get this working. A colleague too. We are not novices. When we get this figured out, it will get documented with a simple working example. I promise that. -- Dan Langille dan@langille.org From owner-freebsd-jail@freebsd.org Wed Jul 1 07:03:03 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 46473364FCF for ; Wed, 1 Jul 2020 07:03:03 +0000 (UTC) (envelope-from Alexander@leidinger.net) Received: from mailgate.Leidinger.net (mailgate.leidinger.net [IPv6:2a00:1828:2000:313::1:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 49xXHV3CJ0z42L7 for ; Wed, 1 Jul 2020 07:03:02 +0000 (UTC) (envelope-from Alexander@leidinger.net) Received: from outgoing.leidinger.net (p508d5d88.dip0.t-ipconnect.de [80.141.93.136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (Client did not present a certificate) by mailgate.Leidinger.net (Postfix) with ESMTPSA id 82493218CF; Wed, 1 Jul 2020 09:02:56 +0200 (CEST) Received: from webmail.leidinger.net (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (Client did not present a certificate) by outgoing.leidinger.net (Postfix) with ESMTPS id 95D891782; Wed, 1 Jul 2020 09:02:53 +0200 (CEST) Date: Wed, 01 Jul 2020 09:02:52 +0200 Message-ID: <20200701090252.Horde.mi_2CHy8fPTbshXGR4iLyBE@webmail.leidinger.net> From: Alexander Leidinger To: Dan Langille , luzar722@gmail.com Cc: Alexander Leidinger via freebsd-jail Subject: Re: FreeBSD 12.1, vnet jail, and internet access References: <20200627204831.GC77414@eik.bme.hu> <20200627213730.GE77414@eik.bme.hu> <5EF8F034.4040705@gmail.com> <20200629084150.GC65151@eik.bme.hu> <5EFBD910.7040909@gmail.com> In-Reply-To: Accept-Language: de,en Content-Type: multipart/signed; boundary="=_Ev3jO_wzWYW_SbNTXhf_vFS"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 X-Rspamd-Queue-Id: 49xXHV3CJ0z42L7 X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.29 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[leidinger.net:s=outgoing-alex]; NEURAL_HAM_MEDIUM(-0.99)[-0.991]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; NEURAL_HAM_LONG(-1.03)[-1.025]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[leidinger.net:+]; DMARC_POLICY_ALLOW(-0.50)[leidinger.net,quarantine]; NEURAL_HAM_SHORT(-0.17)[-0.171]; FREEMAIL_TO(0.00)[langille.org,gmail.com]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:34240, ipnet:2a00:1828::/32, country:DE]; RCVD_TLS_ALL(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[80.141.93.136:received] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jul 2020 07:03:03 -0000 This message is in MIME format and has been PGP signed. --=_Ev3jO_wzWYW_SbNTXhf_vFS Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Quoting Dan Langille (from Tue, 30 Jun 2020=20=20 21:02:24=20-0400): > On Tue, Jun 30, 2020, at 8:30 PM, Ernie Luzar wrote: > >> I think I have determined what your talking about. All the vnet >> literature talks about a vnet jail having it's own separate ip stack. I >> interpreted this to mean that the vnet jail's stack was connected >> directly to the epair0b / bridge0 / host external interface WITHOUT the >> host's firewall knowing anything about that vnet traffic. > > FYI, you are not alone. I have tried to get this working. > > A colleague too. We are not novices. > > When we get this figured out, it will get documented with a simple > working example. I promise that. Think about the host as your hypervisor on steroids. And with this in mind: - Your host has a network stack "N0". - Your vnet jail has a seperate network stack "N1". - The kernel of the "hypervisor" has a firewall and automatically=20=20 makes=20it see all physical hardware (remember, it depends upon the=20=20 rules=20if it does something there or not). - Without doing anything, they are not connected (=3D separate), and=20= =20 N1=20not even to hardware. - On the host you create a virtual network device "bridge0". By=20=20 creating=20it, it is created in the "namespace of the hypervisor" =3D=20=20 inside=20N0. This means the firewall of the host is able to do something=20= =20 there,=20if the rules are setup accordingly. - When you create the epair, it is also created in N0, like the=20=20 bridge.=20On the host all commands you do are operating in the namespace=20= =20 of=20the "hypervisor". The firewall sees both ends of the epair and can=20= =20 react=20to it. - When you then give epairXb to N1, you remove it from the N0, which mean= s: * you have a P2P connection between N0 and N1 * the host firewall can not inspect packets on epairXb but still on epa= irXa * you could give an IP to epairXa and have only the host=20=20 communicate=20with the jail, or do some other things like giving epairXa=20= =20 to=20another jail and have a P2P connection between jails (host firewall=20= =20 doesn't=20see both epair ends anymore) or e.g. the next point - Then you connect epairXa to the bridge. If there are other jails=20=20 connected=20you can have them communicate between each other in this=20=20 virtual=20network, with the host being able to intercept packets which=20= =20 show=20up on the bridge (it is still in the N0 namespace). - If you want to communicate with the outside, you can: * connect a network interface (which is inside the namespace of=20=20 the=20host) to the bridge and the packets leaving the physical device=20=20 have=20the IP from the jail. * give the bridge an IP address and have the host route between=20=20 the=20bridge and the outside (or have it route between bridge A and=20=20 bridge=20B but not to the outside). - In all the above cases, the bridge(s) and the physical interface=20=20 live=20in the namespace of N0. As such the firewall of N0 can inspect=20=20 packets=20there, and you can do NAT (the jail doesn't know what is=20=20 outside,=20so it makes sense to do the NAT on the host). Bye, Alexander. --=20 http://www.Leidinger.net=20Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF --=_Ev3jO_wzWYW_SbNTXhf_vFS Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJe/DUcAAoJEBINsJsD+NiGCkMP/RYey9uvb0KHEuzATwgnw/if +stltGnVH/J+9SdHMjIGjk+P6NmMscj9uaZfj6LySnBRIfCY1nd7j+haABTxoaXQ /N8izf4xOpi8fxwgXNSvPQ5V4H9tdvgzq33yWp/x9C+EQv5MlCdpdyhNr397rHVy vqsAIwxfUjSZqSo8XSgFLUhi6bCCgriC1SvLaZeSTZTekrJE1lGgp1DUcLlDOdN7 8NX03Vpae1EJhhTRq4rmH7GvMIG/F5j2N4kyaIqlxBRnSYix/M42OFWqUswAn92Z V3WvRxZzJciaSmi5gKXetesdMv2f0iJ+hWEUde31LTJV8QoqWbPThmvJhPzwYHZ8 c8cS9N9S+zd6qO/XKpQ68U8CvylyCDEBOFpatTO6QsNLPTqnVMqTCO5fxMlgvPfE mxLfw1RgzNqT9cLE0QwNyyM+PJcjuET2MIh67qFmVlLpR80rCFk2N6WEYZw4N3aa 5CRBz1k/xr+McJAo8XmxpP9MnRcZfQl1437FN40caWkzg+TLw+3DltScH7e3HiAF EnlwwYhqpxmK4YaFOm9HgAejyHyXxx50HAUjpwekMoJOLH+qm0rKMh3H97dyWsWR sjpjvttZ8MTkhe43sWz2rkZ2hkiE4C3K5D3arw/Uo6uHc4oL+lsnCin31/3d3sG6 KijGS/hV1PM5PB7QQ3JF =J+rs -----END PGP SIGNATURE----- --=_Ev3jO_wzWYW_SbNTXhf_vFS-- From owner-freebsd-jail@freebsd.org Wed Jul 1 12:14:49 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 18D6534EA04 for ; Wed, 1 Jul 2020 12:14:49 +0000 (UTC) (envelope-from notification@facebookmail.com) Received: from 66-220-155-140.mail-mail.facebook.com (66-220-155-140.mail-mail.facebook.com [66.220.155.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 49xgCD04n3z4NtW for ; Wed, 1 Jul 2020 12:14:47 +0000 (UTC) (envelope-from notification@facebookmail.com) X-Facebook: from 2401:db00:3120:7095:face:0:157:0 ([MTI3LjAuMC4x]) by www.facebook.com with HTTPS (ZuckMail); Date: Wed, 1 Jul 2020 05:14:32 -0700 To: Zhang Elisa Subject: =?UTF-8?B?VHJpY2lhIFNhbmFrZXkg?= =?UTF-8?B?5oOz5Yqg5L2g5Li6IEZhY2Vib29rIOWlvQ==?= =?UTF-8?B?5Y+L?= X-Priority: 3 X-Mailer: ZuckMail [version 1.00] From: "Facebook" Reply-to: noreply Errors-To: notification@facebookmail.com X-Facebook-Notify: friend; mailid=5a95ff24952aeG45c0dbe8G5a9603bf3df39G2 Feedback-ID: 4124:friend:Facebook X-FACEBOOK-PRIORITY: 0 X-Auto-Response-Suppress: All Message-ID: <9583b0bea7f350fd653f485de95b0005@3e723b591bdb95ce8f5c9b7032dc572ca97351d0da5efc73459c1fbaf438e43b> MIME-Version: 1.0 X-Rspamd-Queue-Id: 49xgCD04n3z4NtW X-Spamd-Bar: ----- X-Spamd-Result: default: False [-5.58 / 15.00]; HAS_REPLYTO(0.00)[noreply@facebookmail.com]; RWL_MAILSPIKE_GOOD(0.00)[66.220.155.140:from]; R_SPF_ALLOW(-0.20)[+ip4:66.220.155.0/24]; URI_COUNT_ODD(1.00)[15]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[facebookmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[facebookmail.com,reject]; HAS_X_PRIO_THREE(0.00)[3]; NEURAL_HAM_SHORT(-0.16)[-0.164]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; AUTOGEN_PHP_SPAMMY(1.00)[]; ASN(0.00)[asn:32934, ipnet:66.220.152.0/21, country:US]; DWL_DNSWL_NONE(0.00)[facebookmail.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.97)[-0.971]; R_DKIM_ALLOW(-0.20)[facebookmail.com:s=s1024-2013-q3]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; HTML_SHORT_LINK_IMG_1(2.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; REPLYTO_DOM_EQ_FROM_DOM(0.00)[]; HAS_PHPMAILER_SIG(0.00)[]; HAS_LIST_UNSUB(-0.01)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.98)[-0.983]; MANY_INVISIBLE_PARTS(0.05)[1]; WHITELIST_DMARC(-7.00)[facebookmail.com:D:+]; RCVD_IN_DNSWL_NONE(0.00)[66.220.155.140:from]; MID_RHS_NOT_FQDN(0.50)[] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.33 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jul 2020 12:14:49 -0000 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =E6=9F=A5=E7=9C=8B=E5=85=A8=E9=83=A8=E8=AF=B7=E6=B1=82 https://www.facebook.com/nd/?friends%2Fcenter%2F&fc_tab=3Drequests&aref=3D= 1593605671345977&medium=3Demail&mid=3D5a95ff24952aeG45c0dbe8G5a9603bf3df39= G2&bcode=3D2.1593605672.AbzRxT4lEbrOTxMpAOQ&n_m=3Dfreebsd-jail%40freebsd.o= rg&lloc=3D2nd_cta =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Zhang Elisa=EF=BC=8C=E4=BD=A0=E5=A5=BD=EF=BC=9A Tricia Sanakey =E6=83=B3=E6=88=90=E4=B8=BA=E4=BD=A0=E7=9A=84 Facebook = =E5=A5=BD=E5=8F=8B=E3=80=82 [https://www.facebook.com/nd/?tricia.sanakey.5&aref=3D1593605671345977&med= ium=3Demail&mid=3D5a95ff24952aeG45c0dbe8G5a9603bf3df39G2&bcode=3D2.1593605= 672.AbzRxT4lEbrOTxMpAOQ&n_m=3Dfreebsd-jail%40freebsd.org&lloc=3Dprofile_pi= c]=20 =E6=8E=A5=E5=8F=97=E8=AF=B7=E6=B1=82 https://www.facebook.com/nd/?friends%2Fcenter%2F&fc_tab=3Drequests&fcode= =3DAY8-wcDDihe39Bqs&f=3D100052688231031&r=3D1170267112&mfl_act=3D1&howfoun= d=3Demail&refparam=3Demail_ac&friend_loc=3Demail&aref=3D1593605671345977&m= edium=3Demail&mid=3D5a95ff24952aeG45c0dbe8G5a9603bf3df39G2&bcode=3D2.15936= 05672.AbzRxT4lEbrOTxMpAOQ&n_m=3Dfreebsd-jail%40freebsd.org&lloc=3D1st_cta =E8=B0=A2=E8=B0=A2=EF=BC=81 Facebook =E5=9B=A2=E9=98=9F =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =E6=AD=A4=E9=82=AE=E4=BB=B6=E5=8F=91=E7=BB=99 freebsd-jail@freebsd.org = =E3=80=82 = =E5=A6=82=E6=9E=9C=E4=B8=8D=E5=B8=8C=E6=9C=9B=E5=86=8D=E6=94=B6=E5=88=B0 = Facebook =E7=9A=84=E6=AD=A4=E7=B1=BB=E9=82=AE=E4=BB=B6=EF=BC=8C=E8=AF=B7= =E7=82=B9=E5=87=BB=E4=B8=8B=E6=96=B9=E9=93=BE=E6=8E=A5=E5=8D=B3=E5=8F=AF= =E9=80=80=E8=AE=A2=E3=80=82 https://www.facebook.com/o.php?k=3DAS186JcVss9Ieg4o&u=3D1170267112&mid=3D5= a95ff24952aeG45c0dbe8G5a9603bf3df39G2 Facebook, Inc., Attention: Community Support, 1 Facebook Way, Menlo Park, = CA 94025 =E4=B8=BA=E4=BF=9D=E6=8A=A4=E4=BD=A0=E7=9A=84=E5=B8=90=E6=88=B7=E5=AE=89= =E5=85=A8=EF=BC=8C=E8=AF=B7=E5=8B=BF=E8=BD=AC=E5=8F=91=E8=BF=99=E5=B0=81= =E9=82=AE=E4=BB=B6=E3=80=82 =E7=82=B9=E5=87=BB=E4=B8=8B=E6=96=B9=E9=93=BE= =E6=8E=A5=EF=BC=8C=E4=BA=86=E8=A7=A3=E8=AF=A6=E6=83=85=E3=80=82 https://www.facebook.com/email_forward_notice/?mid=3D5a95ff24952aeG45c0dbe= 8G5a9603bf3df39G2 From owner-freebsd-jail@freebsd.org Thu Jul 2 15:04:35 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 84A10358CF9 for ; Thu, 2 Jul 2020 15:04:35 +0000 (UTC) (envelope-from shamim.shahriar@gmail.com) Received: from mail-qv1-xf2b.google.com (mail-qv1-xf2b.google.com [IPv6:2607:f8b0:4864:20::f2b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49yLwf631Pz3gl9 for ; Thu, 2 Jul 2020 15:04:34 +0000 (UTC) (envelope-from shamim.shahriar@gmail.com) Received: by mail-qv1-xf2b.google.com with SMTP id h18so12799125qvl.3 for ; Thu, 02 Jul 2020 08:04:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=7ewfWc0PJrJ5VFZUSg1iNuHmXoD1sWkfWDTH2CGk0ZM=; b=uQ3SM5DWXlw8wDs5tgq2rDpJDETzUA/+aG6bN3mwtP38tgaSvQ+/GN2VSNKG6+8ajl zQQcLEK2W/ZXV0eXlrSyXjiV8OCAsl8bQgbwibzPGf9hlL8JuVsQdIGGRH8zCWdDqOK9 C/fOAiQTiUnnFghiyjNGmC7vqshg3z1O8zhXmyGXL3Sa9vXGHutQ7yrZ5oMfW/YkhmH3 f17P7yXdXwLbTnU3UgvN4hNXjf0A0o4eQClf28RZaOgZNJTtVc9ditZARnUZcXqPHLgY SlBe/wasNQmKd6Bw8ZGBSHYSWq928DYKlUMLR3gJ/BTf//Ra5KWFBlb3gQKENnEdaLNV d8HA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=7ewfWc0PJrJ5VFZUSg1iNuHmXoD1sWkfWDTH2CGk0ZM=; b=gwsmuG0wBk0vdeY2hoSbmtL5KduKZUa7MtHNgk6AvYuU+5bITzzrckKjMrlZ+JkvRu PZO1ZK8/LRthKANNiIbfxwuNX4Z3xpLGY6l6GXWPoVgvCaqHlMvyFYmaquPtw8OzaDhR 7fwxYizABTpHq2r7OW6+uHIEIDwfW9UxJ4JEjMTrMM8+ZSZgD3L24Xpt3JDHS6zBFQ9Z taLsPDqrRQ1kaqHHgtEAZ2yYnxtQ8Jx3BjxVhpHRJPaOkJSTJO+PVWrbX7UpNHwS2sJR Lv2Q13ww46xONZntH7tkgsBkoIX0dbF94ojD1+Ux8q/b6F3Zz6JeajbkK4rdlVqRZAbC Rx3g== X-Gm-Message-State: AOAM5328IdXPzukq1mGmw4pYY4JNStGbRKvlALBFD1xolwtxB7T3D6Tq jR4dxcxW4VwCnwlPGN1WflrTBcCrW7r0WpL6s3Y6p+o= X-Google-Smtp-Source: ABdhPJz9pkeu+W45Vzt3N0e7XOeP9K6dM3sLr9BFKLheFJk5BpvvPvwL41eltR3U0ar2fSbidC7OhJKF70py2dDptg0= X-Received: by 2002:a0c:aed6:: with SMTP id n22mr30842089qvd.70.1593702273234; Thu, 02 Jul 2020 08:04:33 -0700 (PDT) MIME-Version: 1.0 From: Shamim Shahriar Date: Thu, 2 Jul 2020 16:04:22 +0100 Message-ID: Subject: mounting fdescfs inside poudriere jail To: freebsd-jail@freebsd.org X-Rspamd-Queue-Id: 49yLwf631Pz3gl9 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=uQ3SM5DW; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of shamimshahriar@gmail.com designates 2607:f8b0:4864:20::f2b as permitted sender) smtp.mailfrom=shamimshahriar@gmail.com X-Spamd-Result: default: False [-3.27 / 15.00]; RCVD_TLS_ALL(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; NEURAL_HAM_MEDIUM(-0.91)[-0.909]; FROM_HAS_DN(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-jail@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.99)[-0.989]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::f2b:from]; NEURAL_HAM_SHORT(-0.38)[-0.377]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; RCVD_COUNT_TWO(0.00)[2]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.33 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Jul 2020 15:04:35 -0000 Good afternoon everyone I am having an issue in my poudriere where a particular package is unable to build as it needs bash as dependency, and I expect it to make use of fdescfs. On the host machine I have fdescfs mounted, no problem on that. However, the poudriere jails are unable to do that. Here are a few details Host and OS: FreeBSD poudriere 12.1-RELEASE-p5 FreeBSD 12.1-RELEASE-p5 GENERIC amd64 Kernel and Userland: # freebsd-version -uk 12.1-RELEASE-p6 12.1-RELEASE-p6 current /etc/sysctl.conf contains (it was empty to start with, but I have added things based on suggestions from different mails on various FreeBSD lists) security.jail.param.securelevel=1 (tried with 0 and also nothing (i.e., sysctl not put in place)) security.jail.mount_allowed=1 security.jail.param.allow.mount.linprocfs=1 security.jail.param.allow.mount.procfs=1 security.jail.mount_linprocfs_allowed=1 security.jail.mount_procfs_allowed=1 security.jail.param.allow.mount.fdescfs=1 security.jail.param.allow.mount.tmpfs=1 security.jail.param.allow.mount.nullfs=1 security.jail.param.allow.mount.devfs=1 security.jail.mount_fdescfs_allowed=1 The primary challenge, as I see it, is that no matter what I do, I cannot get security.jail.param.allow.mount.fdescfs to 1. It constantly insists on remaining zero, and I think that is one of the problems # sysctl security.jail.param.allow.mount.fdescfs=1 security.jail.param.allow.mount.fdescfs: 0 -> 0 Any suggestions on how I can get this sorted to build the required packages in poudriere would be greatly appreciated. Best regards From owner-freebsd-jail@freebsd.org Fri Jul 3 07:04:10 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2B56C36C0BE for ; Fri, 3 Jul 2020 07:04:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 49ymCt095qz3bCV for ; Fri, 3 Jul 2020 07:04:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 057E336C136; Fri, 3 Jul 2020 07:04:10 +0000 (UTC) Delivered-To: jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 053B836BFEC for ; Fri, 3 Jul 2020 07:04:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49ymCs5Wynz3bP5 for ; Fri, 3 Jul 2020 07:04:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A1CC627D0E for ; Fri, 3 Jul 2020 07:04:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 063749aK035129 for ; Fri, 3 Jul 2020 07:04:09 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 063749F8035127 for jail@FreeBSD.org; Fri, 3 Jul 2020 07:04:09 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 238326] Kernel crash on jail stop (VIMAGE/VNET) Date: Fri, 03 Jul 2020 07:04:06 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: ohartmann@walstatt.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Jul 2020 07:04:10 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D238326 --- Comment #15 from O. Hartmann --- This problem is still present in 12-STABLE, CURRENT and 12.1-RELENG. (In reply to pprocacci from comment #7) On 12.1-RELENG (most recent), 12-STABLE and CURRENT (r362906), using the workaround as suggested in comment #7 (see above), using exec.prestop=3D "ifconfig ${if_vnet}a -vnet ${name}";=20 where ${if_vnet} is expanded to my epair interface and its subinterface is = "a" instead of "b" (a is the interafce owned by the jail in the inner), I recei= ve variable if_net not known error It seems that only the command exec.poststop is affected, all other command= s, either stop/start targetting the running jail and those targetting the non-running jail (psotstop/prestart etc.) do not show the error. --=20 You are receiving this mail because: You are the assignee for the bug.=