From owner-freebsd-stable@FreeBSD.ORG  Wed Jan 18 13:59:07 2012
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 630A7106564A
	for <freebsd-stable@freebsd.org>; Wed, 18 Jan 2012 13:59:07 +0000 (UTC)
	(envelope-from linuxmail@4lin.net)
Received: from mail.4lin.net (mail.4lin.net [IPv6:2a01:4f8:130:6021::50])
	by mx1.freebsd.org (Postfix) with ESMTP id B66648FC0C
	for <freebsd-stable@freebsd.org>; Wed, 18 Jan 2012 13:59:06 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.4lin.net (Postfix) with ESMTP id 8B448665D
	for <freebsd-stable@freebsd.org>; Wed, 18 Jan 2012 15:00:56 +0100 (CET)
X-Virus-Scanned: amavisd-new at mail.4lin.net
Received: from mail.4lin.net ([127.0.0.1])
	by localhost (mail.4lin.net [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id X71R7DjjrbxD for <freebsd-stable@freebsd.org>;
	Wed, 18 Jan 2012 15:00:51 +0100 (CET)
Received: from pcdenny.rbg.informatik.tu-darmstadt.de
	(pcdenny.rbg.informatik.tu-darmstadt.de [130.83.160.152])
	(using TLSv1 with cipher AES128-SHA (128/128 bits))
	(No client certificate requested)
	by mail.4lin.net (Postfix) with ESMTPSA id 2FBA56573
	for <freebsd-stable@freebsd.org>; Wed, 18 Jan 2012 15:00:51 +0100 (CET)
From: Denny Schierz <linuxmail@4lin.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Date: Wed, 18 Jan 2012 14:59:00 +0100
Message-Id: <C51D1B19-1616-4165-BC5E-A681241C8ED2@4lin.net>
To: freebsd-stable@freebsd.org
Mime-Version: 1.0 (Apple Message framework v1251.1)
X-Mailer: Apple Mail (2.1251.1)
Subject: Fighting with vnet / jails epair and so on
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jan 2012 13:59:07 -0000

hi,

after most parts works with my bridge setups works, I want to get vnet =
for my jails working. In the morning I started a jail and got only the =
local interface back, but no epair0b. Now I did something so that I can =
see _all_ interfaces from outside (bridge0 / bge* / epair0* ... ) but =
without any IPs.
However, I'm not able to give epair0b inside the jail an ip address. I =
get "permission denied".

Also  it looks a bit strange:

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
host# jexec 2 ifconfig

bge0: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> =
metric 0 mtu 1500
	=
options=3D80099<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LINKSTATE>
	ether CHANGED
ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
bge1: flags=3D8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
	=
options=3D8009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LINKSTAT=
E>
	ether CHANGED
ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported
	media: Ethernet autoselect (none)
	status: no carrier
bge2: flags=3D8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
	=
options=3D8009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LINKSTAT=
E>
	ether CHANGED
ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported
	media: Ethernet autoselect (none)
	status: no carrier
bge3: flags=3D8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
	=
options=3D8009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LINKSTAT=
E>
	ether CHANGED
ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
pflog0: flags=3D0<> metric 0 mtu 33152
ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported
ipfw0: flags=3D8801<UP,SIMPLEX,MULTICAST> metric 0 mtu 65536
ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported
lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=3D3<RXCSUM,TXCSUM>
ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported
bridge0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 =
mtu 1500
	ether CHANGED
ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported
	id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
	maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
	root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
	member: epair0a flags=3D143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
	        ifmaxaddr 0 port 12 priority 128 path cost 2000
	member: bge0 flags=3D143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
	        ifmaxaddr 0 port 4 priority 128 path cost 55
epair0a: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> =
metric 0 mtu 1500
	options=3D8<VLAN_MTU>
	ether CHANGED
ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported
	media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
	status: active
epair0b: flags=3D8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu =
1500
	options=3D8<VLAN_MTU>
	ether CHANGED
ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported
	media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
	status: active
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

# host:=20
jexec 2 ifconfig epair0b 192.168.1.2 netmask 255.255.255.0 up
ifconfig: up: permission denied



# sysctl:

security.jail.enforce_statfs: 2
security.jail.mount_allowed: 0
security.jail.chflags_allowed: 0
security.jail.allow_raw_sockets: 1
security.jail.sysvipc_allowed: 1
security.jail.socket_unixiproute_only: 1
security.jail.set_hostname_allowed: 1
security.jail.jail_max_af_ips: 255
security.jail.jailed: 0

/etc/rc.conf:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D
jail_enable=3D"YES"
jail_v2_enable=3D"YES"
jail_list=3D""
jail_sysvipc_allow=3D"YES"


#JAIL template
jail_list=3D"$jail_list template"
jail_template_name=3D"template"
jail_template_hostname=3D"template.CHANGED"
jail_template_devfs_enable=3D"YES"
jail_template_rootdir=3D"/jails/template"
jail_template_mount_enable=3D"YES"
jail_template_fstab=3D"/etc/jails/fstabs/template"
jail_template_vnet_enable=3D"YES"
jail_template_devfs_ruleset=3D"devfsrules_jail"
=20
#network
jail_template_exec_prestart0=3D"ifconfig epair0 create"
jail_template_exec_prestart1=3D"ifconfig bridge0 addm epair0a"
jail_template_exec_prestart2=3D"ifconfig epair0a up"
jail_template_exec_earlypoststart0=3D"ifconfig epair0b vnet template"
jail_template_exec_afterstart0=3D"ifconfig lo0 127.0.0.1"
jail_template_exec_afterstart1=3D"ifconfig epair0b 192.168.1.2 netmask =
255.255.255.0 up"
jail_template_exec_afterstart2=3D"route add default 130.83.160.62"
jail_template_exec_afterstart3=3D"/bin/sh /etc/rc"
jail_template_exec_poststop0=3D"ifconfig bridge0 deletem epair0a"
jail_template_exec_poststop1=3D"ifconfig epair0a destroy"

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D

Starting jail:

#/etc/rc.d/jail onestart

Configuring jails:.
Starting jails:epair0a
ifconfig: up: permission denied
route: writing to routing socket: Operation not permitted
Setting hostname: example.mydomain.com.

uname -a:

9.0-STABLE FreeBSD 9.0-STABLE #0: Tue Jan 17 09:05:42 CET 2012=20

Also, some people say, I have to patch /etc/rc.d/jail (freeBSD 9-rc2) to =
get know the new "vnet2", other say, I don't need ... so ....

Can anybody bring some light into the darkness of jails and vnet + rc?

cu denny