Date: Fri, 15 Feb 2019 09:57:38 -0800 From: David Christensen <dpchrist@holgerdanske.com> To: freebsd-questions@freebsd.org Subject: Re: FreeBSD 11.2-RELEASE-p9 jail ping: ssend socket: Operation not permitted Message-ID: <1738b413-f4de-bb0e-6df1-f37e030fc380@holgerdanske.com> In-Reply-To: <7950becf-03af-8fa3-f143-dece2f250440@qeng-ho.org> References: <c6ae2a22-0538-2a35-2651-af9be8f6c4aa@holgerdanske.com> <7950becf-03af-8fa3-f143-dece2f250440@qeng-ho.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2/15/19 12:16 AM, Arthur Chance wrote:
<snip>
> Read the manual entry for jail(8). Specifically this bit
>
> allow.raw_sockets
<snip>
On 2/15/19 6:21 AM, Ernie Luzar wrote:
<snip>
> The allow_raw_sockets option has to be inside of the samba jail
> definition in jail.conf.
>
> defaultrouter="192.168.5.1" is not needed in the jails rc.conf file.
Thank you both for the help.
I removed "security.jail.allow_raw_sockets" from both the host and the
jailed sysctl.conf.
I added "allow.raw_sockets" in the host jail.conf:
root@beastie:~ # cat /etc/jail.conf
samba {
allow.raw_sockets=1;
exec.clean;
exec.start="sh /etc/rc";
exec.stop="sh /etc/rc.shutdown";
host.hostname="samba.tracy.holgerdanske.com";
ip4.addr="192.168.5.8";
mount.devfs;
path="/jail/samba";
}
And I removed "defaultrouter" from the jailed rc.conf.
After rebooting, ping now works inside the jail.
David
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1738b413-f4de-bb0e-6df1-f37e030fc380>