Date: Wed, 15 Aug 2007 11:27:07 -0400 (EDT) From: Randy Schultz <schulra@earlham.edu> To: freebsd-jail@freebsd.org Subject: security bug or operator "misunderstanding", and a query Message-ID: <Pine.BSF.4.64.0708151105090.77665@tdream.lly.earlham.edu>
next in thread | raw e-mail | index | archive | help
Hey all,
I've been messing around with, and liking, jails. I had a weird thing happen
tho' that I cannot explain, and seems to violate the concept of jail.
I have the AMD64 version of fbsd 6.2 set up, default install(plus a few minor
ports like sudo). The jail setup is AFAIK standard, e.g. rc.conf has:
jail_list="ntpjail"
jail_ntpjail_rootdir=/usr/local/jails/jail1
jail_ntpjail_hostname=ntpjail.earlham.edu
jail_ntpjail_ip=192.168.1.59
jail_ntpjail_interface=bge1
jail_ntpjail_devfs_enable="YES"
The /dev dir is whatever is defined for jails in /etc/defaults/devfs.rules,
and no tweaks are in sysctl.conf.
When I have the parent/jail up and running, ntpd not running on the parent, if
I kick off ntpd in the jail, it actually kicks off ntpd in the parent then
barks with "address already in use". Now, I understand the "address already
in use" part, but how can starting something in the jail affect anything on
the parent? I thought the 2 were more separated than that.
I'm trying to get to a setup where ntp on the parent sets the system time but
doesn't answer any queries, and ntp in the jail answers the time queries. If
anybody has any thoughts on whether or not this is even possible(short of
recoding part of ntp ;) or possible avenues of investigation, pls let me know.
Tnx.
--
Randy (schulra@earlham.edu) 765.983.1283 <*>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.64.0708151105090.77665>