From nobody Sun Jun 6 13:35:29 2021 X-Original-To: freebsd-jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id C07E994E2A4 for ; Sun, 6 Jun 2021 13:35:38 +0000 (UTC) (envelope-from freebsd-jail@dino.sk) Received: from mailhost.netlabit.sk (mailhost.netlabit.sk [84.245.65.72]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4FycvY59wcz4nC0 for ; Sun, 6 Jun 2021 13:35:37 +0000 (UTC) (envelope-from freebsd-jail@dino.sk) Received: from zeta.dino.sk (fw3.dino.sk [84.245.95.254]) (AUTH: LOGIN milan) by mailhost.netlabit.sk with ESMTPA; Sun, 06 Jun 2021 15:35:29 +0200 id 00F3A9DB.60BCCF21.00014884 Date: Sun, 6 Jun 2021 15:35:29 +0200 From: Milan Obuch To: freebsd-jail@freebsd.org Subject: jail.conf question (vnet.interface) Message-ID: <20210606153529.526c1675@zeta.dino.sk> X-Mailer: Claws Mail 3.17.8git86 (GTK+ 2.24.33; i386-portbld-freebsd11.4) List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4FycvY59wcz4nC0 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of freebsd-jail@dino.sk designates 84.245.65.72 as permitted sender) smtp.mailfrom=freebsd-jail@dino.sk X-Spamd-Result: default: False [-3.30 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[84.245.65.72:from]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[dino.sk]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[84.245.65.72:from:127.0.2.255]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.996]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:5578, ipnet:84.245.64.0/18, country:SK]; MIME_TRACE(0.00)[0:+]; MAILMAN_DEST(0.00)[freebsd-jail]; RCVD_COUNT_TWO(0.00)[2] X-ThisMailContainsUnwantedMimeParts: N Hi, for vnet jails, one needs to move some interface into created virtual stack. In jail.conf, this could be achieved using jail0 {vnet; vnet.interface = re2; } and initialize moved interface using standard /etc/rc.conf configuration file in jail jail0. Adding small paragraph about this in jail.conf man page would be useful. I know it is in jail man page in some form, but it deserves mentioning this in example section in jail.conf man page. At least, this makes it easier to find for first comers :) (Well, that's not me, I am using vnet jails aka VIMAGE from the start as an experimental feature in FreeBSD 4 or 5, almost 20 years ago.) I need more interfaces moved this way. It is no problem issue manually ifconfig re3 vnet jail0 but trying to write jail0 {vnet; vnet.interface = re2; vnet.interface = re3; } in jail.conf means only re3 is moved and can be configured with standard rc.conf config file. First instance (re2) is kind of overwritten and forgotten. Is it possible to move more interfaces this way at all? I'd like to avoid any hacks if possible, and any workaround for this is ugly... Regards, Milan From nobody Sun Jun 6 16:23:58 2021 X-Original-To: freebsd-jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 873569570FC for ; Sun, 6 Jun 2021 16:24:09 +0000 (UTC) (envelope-from jamie@gritton.org) Received: from gritton.org (gritton.org [199.192.165.131]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Fyhf12h6lz3Hk3 for ; Sun, 6 Jun 2021 16:24:09 +0000 (UTC) (envelope-from jamie@gritton.org) Received: from gritton.org ([127.0.0.131]) (authenticated bits=0) by gritton.org (8.15.2/8.15.2) with ESMTPA id 156GNwcE071625; Sun, 6 Jun 2021 09:23:58 -0700 (PDT) (envelope-from jamie@gritton.org) List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Sun, 06 Jun 2021 09:23:58 -0700 From: James Gritton To: freebsd-jail@freebsd.org Cc: Milan Obuch Subject: Re: jail.conf question (vnet.interface) In-Reply-To: <20210606153529.526c1675@zeta.dino.sk> References: <20210606153529.526c1675@zeta.dino.sk> User-Agent: Roundcube Webmail/1.4.1 Message-ID: X-Sender: jamie@gritton.org X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 (gritton.org [127.0.0.131]); Sun, 06 Jun 2021 09:23:59 -0700 (PDT) X-Rspamd-Queue-Id: 4Fyhf12h6lz3Hk3 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-ThisMailContainsUnwantedMimeParts: N On 2021-06-06 06:35, Milan Obuch wrote: > Hi, > > for vnet jails, one needs to move some interface into created virtual > stack. In jail.conf, this could be achieved using > > jail0 > {vnet; > vnet.interface = re2; > } > > and initialize moved interface using standard /etc/rc.conf > configuration > file in jail jail0. > > Adding small paragraph about this in jail.conf man page would be > useful. I know it is in jail man page in some form, but it deserves > mentioning this in example section in jail.conf man page. At least, > this makes it easier to find for first comers :) (Well, that's not me, > I am using vnet jails aka VIMAGE from the start as an experimental > feature in FreeBSD 4 or 5, almost 20 years ago.) True, it would make sense to add a vnet example, since it's now included in the default kernel. > I need more interfaces moved this way. It is no problem issue manually > > ifconfig re3 vnet jail0 > > but trying to write > > jail0 > {vnet; > vnet.interface = re2; > vnet.interface = re3; > } > > in jail.conf means only re3 is moved and can be configured with > standard rc.conf config file. First instance (re2) is kind of > overwritten and forgotten. > > Is it possible to move more interfaces this way at all? I'd like to > avoid any hacks if possible, and any workaround for this is ugly... It's not possible to add more than one interface that way. It would make sense for vnet.interface to be an array, so you could say have a comma-separated list or say "vnet.interface += re3". Currently, anything more than one interface would need to be an ifconfig command added to "exec.created". - Jamie