From owner-freebsd-jail@FreeBSD.ORG  Mon Feb 25 17:02:21 2013
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id B3F9229E
 for <freebsd-jail@freebsd.org>; Mon, 25 Feb 2013 17:02:21 +0000 (UTC)
 (envelope-from andrnils@gmail.com)
Received: from mail-oa0-f50.google.com (mail-oa0-f50.google.com
 [209.85.219.50]) by mx1.freebsd.org (Postfix) with ESMTP id 83DF794B
 for <freebsd-jail@freebsd.org>; Mon, 25 Feb 2013 17:02:21 +0000 (UTC)
Received: by mail-oa0-f50.google.com with SMTP id l20so3225722oag.9
 for <freebsd-jail@freebsd.org>; Mon, 25 Feb 2013 09:02:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:x-received:date:message-id:subject:from:to
 :content-type; bh=pXXnyl3e+04eX8dIWC/SG7fpQTRQzFXS9qRqIphtltc=;
 b=TiNbcUXebQwsGpTzx/KoqAvtl5dJeIsAIbQawuVFAUbQsxpHO4wJPmV/MMqE03VOXJ
 XoiRwrA0dWpIRxM6vIAUIwhfBu2sPWEStgc0R14nqejSB9rZRDoURRT1ilxShKMAnsDG
 kOsVjqSJsvEHMwkd94WOt/AqD+AaYOfjqNSXNW+LOewOXA5PsIFJrZh6aIZCKrNjeAm0
 m2yRD1digoxtJBvSoCBgRo1rhqx7SubvODPxH398dTdfEMjqRtWTLfSJPkGCU0/1E8g9
 3MGqMdVhtNNg9vM7LUif0EcVtM8ZLVz/jB1PPp7P2/l7bhnRec9XZ4oBzKgGa45niqef
 7blg==
MIME-Version: 1.0
X-Received: by 10.182.113.40 with SMTP id iv8mr8159094obb.12.1361811306156;
 Mon, 25 Feb 2013 08:55:06 -0800 (PST)
Received: by 10.76.94.12 with HTTP; Mon, 25 Feb 2013 08:55:05 -0800 (PST)
Date: Mon, 25 Feb 2013 17:55:05 +0100
Message-ID: <CAPS9+Su7HtMjgTJTZr5fwaDUbQVHPBjBini2g+60AbJHkUe9MA@mail.gmail.com>
Subject: vnet jails and rc-scripts
From: Andreas Nilsson <andrnils@gmail.com>
To: Mailinglists FreeBSD <freebsd-jail@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1
X-Content-Filtered-By: Mailman/MimeDel 2.1.14
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Feb 2013 17:02:21 -0000

Hello,

while trying to set up a couple of vnet jails I ran into some problems:

1. The networking scripts are not run.

2. The firewall script ( ipfw ) is not run.

Both are skipped since they have the nojail keyword. Is the only solution
to remove that keyword to get them running from rc in a jail?

With vnet jails it seems that a lot network related scripts should be
allowed to run. Is there any work being done address this?

Also, what is the sysctl security.jail.param.vnet supposed to tell me?
Running it on the host gives 0
Running it in vnet jail gives 0
Running it in normal jail gives 0
which to me seems counter intuitive, as I would have expected it to be 1 in
the vnet jail.

Best regards
Andreas