Date: Tue, 11 Jul 2017 19:19:51 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> To: Software Information <softwareinforjam@gmail.com>, freebsd-stable@freebsd.org Subject: Re: Little issue with Jails Message-ID: <596508B7.2030703@quip.cz> In-Reply-To: <CAFM8923drCDvO=miRx-L7sJAcoj%2Baz=A7dZKqeWrR%2BiOYzma=g@mail.gmail.com> References: <CAFM8923drCDvO=miRx-L7sJAcoj%2Baz=A7dZKqeWrR%2BiOYzma=g@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Software Information wrote on 2017/07/11 19:01: > Hi All > I am using FreeBSD 11 and have created a new jail using the following steps > > 1. make buildworld DESTDIR=/here/is/the/jail > 2. make installworld DESTDIR=/here/is/the/jail > 3. make distribution DESTDIR=/here/is/the/jail > 4. mount -t devfs devfs /here/is/the/jail/dev > > I have the following in my host rc.conf > > jail_enable="YES" # Set to NO to disable starting of any jails > > jail_list="www" # Space separated list of names of jails > > Note: Jail names in jail_list should contain alphanumeric characters only. > > For each jail listed in jail_list, a group of rc.conf(5) settings, which > describe the particular jail, should be added: > > > > jail_www_rootdir="/usr/jail/www" # jail's root directory > > jail_www_hostname="jailname.org" # jail's hostname > > jail_www_ip="IP_Address" # jail's IP address > > jail_www_devfs_enable="YES" # mount devfs in the jail > > > On the host, I did sysctl security.jail.allow_raw_sockets=1 > > In /etc/jail.conf, in the config section for that jail, I entered the > line *allow.raw.sockets > = 1 * > > > and I also did an *echo 'security.jail.allow_raw_sockets=1' >> > /etc/sysctl.conf *inside the jail. > > >>From what I can tell, I should be able to ping inside the jail now but it > still doesn't work. Does anyone see anything I may have left out? I recommend you to use jail.conf only and do not set jail variables in rc.conf. It is not good to mix these two. Put jail_enable="YES" in to rc.conf and then this in to jail.conf: ## Typical static defaults: ## Use the rc scripts to start and stop jails. Mount jail's /dev. exec.start = "/bin/sh /etc/rc"; exec.stop = "/bin/sh /etc/rc.shutdown"; exec.clean; exec.system_user = "root"; exec.jail_user = "root"; mount.devfs; devfs_ruleset = 4; enforce_statfs = 1; allow.set_hostname = 0; allow.sysvipc = 0; allow.raw_sockets = 0; ## Dynamic wildcard parameter: ## Base the path off the jail name. path = "/usr/jail/$name"; exec.consolelog = "/var/log/jail/$name.console"; mount.fstab = "/etc/fstab.$name"; ## Jail www www { host.hostname = "jailname.example.com"; ip4.addr = 10.10.10.10; allow.raw_sockets = 1; } Then you can run this jail by command: # service jail start www Miroslav Lachman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?596508B7.2030703>