From owner-freebsd-jail@freebsd.org  Tue Aug 16 21:17:12 2016
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id AB138BBBBFD;
 Tue, 16 Aug 2016 21:17:12 +0000 (UTC)
 (envelope-from cyberleo@cyberleo.net)
Received: from mail.cyberleo.net (paka.cyberleo.net [216.226.128.180])
 by mx1.freebsd.org (Postfix) with ESMTP id 8DA7014ED;
 Tue, 16 Aug 2016 21:17:12 +0000 (UTC)
 (envelope-from cyberleo@cyberleo.net)
Received: from [172.16.44.4] (vitani.den.cyberleo.net [216.80.73.130])
 by mail.cyberleo.net (Postfix) with ESMTPSA id D362443097;
 Tue, 16 Aug 2016 17:08:42 -0400 (EDT)
Subject: Re: testing 11.0-RC1 vnet jails with ipfilter
To: Ernie Luzar <luzar722@gmail.com>,
 "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
References: <57B1E1BC.4090205@gmail.com>
 <078403E1-D8A3-4E52-B218-7A8B4400749A@lists.zabbadoz.net>
 <CALfReyeR_4pM6FsrFZxTbHNoC1_yd3SZW72Ze9Bo354itzEgWQ@mail.gmail.com>
 <F610E6D1-6622-4E15-98B4-F7AD58EEA9CF@lists.zabbadoz.net>
 <57B375C6.9030500@gmail.com>
Cc: "freebsd-jail@freebsd.org" <freebsd-jail@freebsd.org>,
 Freebsd Questions <FreeBSD-questions@freebsd.org>, krad <kraduk@gmail.com>
From: CyberLeo Kitsana <cyberleo@cyberleo.net>
Message-ID: <b640b4fa-ba88-9fde-41a0-339d9d4a897b@cyberleo.net>
Date: Tue, 16 Aug 2016 16:08:42 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <57B375C6.9030500@gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Aug 2016 21:17:12 -0000

On 08/16/2016 03:21 PM, Ernie Luzar wrote:
<snip>
> Issuing "ipf -FS -Fa" command from within the vnet jail gives this
> message, "open device:no such file or directory. User kernel version
> check failed.

According to ipf(8), the ipfilter utilities touch /dev/ipauth , /dev/ipl
, and /dev/ipstate . Have you checked that the devfs ruleset applied to
your jail has those unhidden?

> Issuing "ipfstat -hnio command from within the vnet jail gives this
> message, open(IPSTATE_NAME):no such file or directory.

ipfstat(8) also lists /dev/kmem ; I suspect that including this may be a
bad idea.

-- 
Fuzzy love,
-CyberLeo
Technical Administrator
CyberLeo.Net Webhosting
http://www.CyberLeo.Net
<CyberLeo@CyberLeo.Net>

Furry Peace! - http://www.fur.com/peace/