From owner-freebsd-jail@FreeBSD.ORG Wed Oct 23 07:16:35 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 497DD35E for ; Wed, 23 Oct 2013 07:16:35 +0000 (UTC) (envelope-from spry@anarchy.in.the.ph) Received: from mail-pa0-f52.google.com (mail-pa0-f52.google.com [209.85.220.52]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 23E52287A for ; Wed, 23 Oct 2013 07:16:34 +0000 (UTC) Received: by mail-pa0-f52.google.com with SMTP id kl14so705610pab.25 for ; Wed, 23 Oct 2013 00:16:34 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:content-type:content-transfer-encoding; bh=kByxITh/sx5kHE1xgTcpDHFbaLzhxS1QZQlQkQKyFIU=; b=i18T1Y9lo5qJWFRJi05UPtR3HUN/isyUYLH5lcbVFbTp/DcoADGs1vawxzCcYyguIG AcD+9PBG8OoUqLYHpICGRKNL6uKWlsBmXnIqGXNqNtjG5VAjrEnOGrAfsaNVDotZmZhW mvNsaTU6MiRl5vtknrS4HKMIvx3aynaB7M4UcTNWdNkjB5GoSmModtSbzK00iR9h5Kmc lzM20CFTjRkHJ8Ra8ugClehECg0yDqq+v8B0vgSSii+5dph9ShyP8jiRhqGAea105efU aDLmMkuGatEYbgy9xTDK290bQa/OUgjzD6HUiINw1uxjh0FhmUMMN5h4I4sttZA9hT/c GVwQ== X-Gm-Message-State: ALoCoQm1Z8Tu1JqQXYZ8viT60+Dxmjgal7RlOTfA8k2zYZx82ECWjWdAdh3SHxrsfjOEuU4tTefQ X-Received: by 10.66.148.97 with SMTP id tr1mr1707004pab.163.1382512594291; Wed, 23 Oct 2013 00:16:34 -0700 (PDT) Received: from blackbox.spry.lan ([112.198.64.48]) by mx.google.com with ESMTPSA id qw8sm2399089pbb.27.2013.10.23.00.16.31 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 23 Oct 2013 00:16:33 -0700 (PDT) Message-ID: <526777CE.8010600@anarchy.in.the.ph> Date: Wed, 23 Oct 2013 15:16:30 +0800 From: "Mars G. Miro" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:17.0) Gecko/17.0 Thunderbird/17.0 MIME-Version: 1.0 To: freebsd-jail@freebsd.org Subject: raw sockets on 8.4 jails Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Oct 2013 07:16:35 -0000 Hi list, On a jail on FreeBSD 8.4R-p4 root@waspb1:~# ping -a 4.2.2.2 ping: socket: Operation not permitted root@waspb1:~# nc -uv 4.2.2.2 53 Connection to 4.2.2.2 53 port [udp/domain] succeeded! ^C root@waspb1:~# sysctl security.jail.jailed security.jail.jailed: 1 root@waspb1:~# But I have set it properly on the host: mars@wasp:~% sysctl -a | grep jail security.jail.param.cpuset.id: 0 security.jail.param.host.hostid: 0 security.jail.param.host.hostuuid: 64 security.jail.param.host.domainname: 256 security.jail.param.host.hostname: 256 security.jail.param.children.max: 0 security.jail.param.children.cur: 0 security.jail.param.enforce_statfs: 0 security.jail.param.securelevel: 0 security.jail.param.path: 1024 security.jail.param.name: 256 security.jail.param.parent: 0 security.jail.param.jid: 0 security.jail.enforce_statfs: 2 security.jail.mount_allowed: 0 security.jail.chflags_allowed: 1 security.jail.allow_raw_sockets: 1 security.jail.sysvipc_allowed: 1 security.jail.socket_unixiproute_only: 1 security.jail.set_hostname_allowed: 1 security.jail.jail_max_af_ips: 255 security.jail.jailed: 0 mars@wasp:~% uname -a FreeBSD wasp.spry.lan 8.4-RELEASE-p4 FreeBSD 8.4-RELEASE-p4 #0: Sun Oct 20 16:37:42 PHT 2013 root@XXX:/usr/obj/usr/src/sys/WASP amd64 mars@wasp:~% On an 8.3R-p11 machine it works fine. Problem ? -- When you were born, a big chance was taken for you.