From owner-freebsd-questions@freebsd.org Fri Feb 15 17:57:44 2019 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0BE5614E2A5B for ; Fri, 15 Feb 2019 17:57:44 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) Received: from holgerdanske.com (holgerdanske.com [184.105.128.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "www.holgerdanske.com", Issuer "www.holgerdanske.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id B21C0748BD for ; Fri, 15 Feb 2019 17:57:42 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) Received: from 99.100.19.101 ([99.100.19.101]) by holgerdanske.com with ESMTPSA (ECDHE-RSA-AES128-GCM-SHA256:TLSv1.2:Kx=ECDH:Au=RSA:Enc=AESGCM(128):Mac=AEAD) (SMTP-AUTH username dpchrist@holgerdanske.com, mechanism PLAIN) for ; Fri, 15 Feb 2019 09:57:39 -0800 Subject: Re: FreeBSD 11.2-RELEASE-p9 jail ping: ssend socket: Operation not permitted To: freebsd-questions@freebsd.org References: <7950becf-03af-8fa3-f143-dece2f250440@qeng-ho.org> From: David Christensen Message-ID: <1738b413-f4de-bb0e-6df1-f37e030fc380@holgerdanske.com> Date: Fri, 15 Feb 2019 09:57:38 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 MIME-Version: 1.0 In-Reply-To: <7950becf-03af-8fa3-f143-dece2f250440@qeng-ho.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: B21C0748BD X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [0.88 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; IP_SCORE(-0.21)[ipnet: 184.104.0.0/15(2.33), asn: 6939(-3.29), country: US(-0.07)]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.83)[-0.832,0]; NEURAL_SPAM_MEDIUM(0.14)[0.140,0]; DMARC_NA(0.00)[holgerdanske.com]; NEURAL_SPAM_SHORT(0.89)[0.888,0]; MX_GOOD(-0.01)[holgerdanske.com]; RCVD_IN_DNSWL_NONE(0.00)[27.128.105.184.list.dnswl.org : 127.0.10.0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6939, ipnet:184.104.0.0/15, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Feb 2019 17:57:44 -0000 On 2/15/19 12:16 AM, Arthur Chance wrote: > Read the manual entry for jail(8). Specifically this bit > > allow.raw_sockets On 2/15/19 6:21 AM, Ernie Luzar wrote: > The allow_raw_sockets option has to be inside of the samba jail > definition in jail.conf. > > defaultrouter="192.168.5.1" is not needed in the jails rc.conf file. Thank you both for the help. I removed "security.jail.allow_raw_sockets" from both the host and the jailed sysctl.conf. I added "allow.raw_sockets" in the host jail.conf: root@beastie:~ # cat /etc/jail.conf samba { allow.raw_sockets=1; exec.clean; exec.start="sh /etc/rc"; exec.stop="sh /etc/rc.shutdown"; host.hostname="samba.tracy.holgerdanske.com"; ip4.addr="192.168.5.8"; mount.devfs; path="/jail/samba"; } And I removed "defaultrouter" from the jailed rc.conf. After rebooting, ping now works inside the jail. David