Date: Wed, 18 Jan 2012 08:13:03 -0700 From: Shawn Webb <lattera@gmail.com> To: Denny Schierz <linuxmail@4lin.net> Cc: freebsd-stable@freebsd.org Subject: Re: Fighting with vnet / jails epair and so on Message-ID: <CADt0fhycAhpN5ikruDZAQpOYRgEmpADx9Krzvz_=4P3CriQ4mA@mail.gmail.com> In-Reply-To: <C51D1B19-1616-4165-BC5E-A681241C8ED2@4lin.net> References: <C51D1B19-1616-4165-BC5E-A681241C8ED2@4lin.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I've done a bit of research about vnet jails: http://archive.0xfeedface.org/blog/2011-11-21/lattera/freebsd-vnet-jail-adm= in-project On Wed, Jan 18, 2012 at 6:59 AM, Denny Schierz <linuxmail@4lin.net> wrote: > hi, > > after most parts works with my bridge setups works, I want to get vnet fo= r my jails working. In the morning I started a jail and got only the local = interface back, but no epair0b. Now I did something so that I can see _all_= interfaces from outside (bridge0 / bge* / epair0* ... ) but without any IP= s. > However, I'm not able to give epair0b inside the jail an ip address. I ge= t "permission denied". > > Also =A0it looks a bit strange: > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > host# jexec 2 ifconfig > > bge0: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric= 0 mtu 1500 > =A0 =A0 =A0 =A0options=3D80099<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM= ,LINKSTATE> > =A0 =A0 =A0 =A0ether CHANGED > ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported > =A0 =A0 =A0 =A0media: Ethernet autoselect (1000baseT <full-duplex>) > =A0 =A0 =A0 =A0status: active > bge1: flags=3D8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500 > =A0 =A0 =A0 =A0options=3D8009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN= _HWCSUM,LINKSTATE> > =A0 =A0 =A0 =A0ether CHANGED > ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported > =A0 =A0 =A0 =A0media: Ethernet autoselect (none) > =A0 =A0 =A0 =A0status: no carrier > bge2: flags=3D8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500 > =A0 =A0 =A0 =A0options=3D8009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN= _HWCSUM,LINKSTATE> > =A0 =A0 =A0 =A0ether CHANGED > ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported > =A0 =A0 =A0 =A0media: Ethernet autoselect (none) > =A0 =A0 =A0 =A0status: no carrier > bge3: flags=3D8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500 > =A0 =A0 =A0 =A0options=3D8009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN= _HWCSUM,LINKSTATE> > =A0 =A0 =A0 =A0ether CHANGED > ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported > =A0 =A0 =A0 =A0media: Ethernet autoselect (1000baseT <full-duplex>) > =A0 =A0 =A0 =A0status: active > pflog0: flags=3D0<> metric 0 mtu 33152 > ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported > ipfw0: flags=3D8801<UP,SIMPLEX,MULTICAST> metric 0 mtu 65536 > ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported > lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > =A0 =A0 =A0 =A0options=3D3<RXCSUM,TXCSUM> > ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported > bridge0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mt= u 1500 > =A0 =A0 =A0 =A0ether CHANGED > ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported > =A0 =A0 =A0 =A0id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 1= 5 > =A0 =A0 =A0 =A0maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 > =A0 =A0 =A0 =A0root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 > =A0 =A0 =A0 =A0member: epair0a flags=3D143<LEARNING,DISCOVER,AUTOEDGE,AUT= OPTP> > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0ifmaxaddr 0 port 12 priority 128 path cost= 2000 > =A0 =A0 =A0 =A0member: bge0 flags=3D143<LEARNING,DISCOVER,AUTOEDGE,AUTOPT= P> > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0ifmaxaddr 0 port 4 priority 128 path cost = 55 > epair0a: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> met= ric 0 mtu 1500 > =A0 =A0 =A0 =A0options=3D8<VLAN_MTU> > =A0 =A0 =A0 =A0ether CHANGED > ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported > =A0 =A0 =A0 =A0media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>) > =A0 =A0 =A0 =A0status: active > epair0b: flags=3D8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1= 500 > =A0 =A0 =A0 =A0options=3D8<VLAN_MTU> > =A0 =A0 =A0 =A0ether CHANGED > ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported > =A0 =A0 =A0 =A0media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>) > =A0 =A0 =A0 =A0status: active > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > # host: > jexec 2 ifconfig epair0b 192.168.1.2 netmask 255.255.255.0 up > ifconfig: up: permission denied > > > > # sysctl: > > security.jail.enforce_statfs: 2 > security.jail.mount_allowed: 0 > security.jail.chflags_allowed: 0 > security.jail.allow_raw_sockets: 1 > security.jail.sysvipc_allowed: 1 > security.jail.socket_unixiproute_only: 1 > security.jail.set_hostname_allowed: 1 > security.jail.jail_max_af_ips: 255 > security.jail.jailed: 0 > > /etc/rc.conf: > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D > jail_enable=3D"YES" > jail_v2_enable=3D"YES" > jail_list=3D"" > jail_sysvipc_allow=3D"YES" > > > #JAIL template > jail_list=3D"$jail_list template" > jail_template_name=3D"template" > jail_template_hostname=3D"template.CHANGED" > jail_template_devfs_enable=3D"YES" > jail_template_rootdir=3D"/jails/template" > jail_template_mount_enable=3D"YES" > jail_template_fstab=3D"/etc/jails/fstabs/template" > jail_template_vnet_enable=3D"YES" > jail_template_devfs_ruleset=3D"devfsrules_jail" > > #network > jail_template_exec_prestart0=3D"ifconfig epair0 create" > jail_template_exec_prestart1=3D"ifconfig bridge0 addm epair0a" > jail_template_exec_prestart2=3D"ifconfig epair0a up" > jail_template_exec_earlypoststart0=3D"ifconfig epair0b vnet template" > jail_template_exec_afterstart0=3D"ifconfig lo0 127.0.0.1" > jail_template_exec_afterstart1=3D"ifconfig epair0b 192.168.1.2 netmask 25= 5.255.255.0 up" > jail_template_exec_afterstart2=3D"route add default 130.83.160.62" > jail_template_exec_afterstart3=3D"/bin/sh /etc/rc" > jail_template_exec_poststop0=3D"ifconfig bridge0 deletem epair0a" > jail_template_exec_poststop1=3D"ifconfig epair0a destroy" > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > > Starting jail: > > #/etc/rc.d/jail onestart > > Configuring jails:. > Starting jails:epair0a > ifconfig: up: permission denied > route: writing to routing socket: Operation not permitted > Setting hostname: example.mydomain.com. > > uname -a: > > 9.0-STABLE FreeBSD 9.0-STABLE #0: Tue Jan 17 09:05:42 CET 2012 > > Also, some people say, I have to patch /etc/rc.d/jail (freeBSD 9-rc2) to = get know the new "vnet2", other say, I don't need ... so .... > > Can anybody bring some light into the darkness of jails and vnet + rc? > > cu denny > > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADt0fhycAhpN5ikruDZAQpOYRgEmpADx9Krzvz_=4P3CriQ4mA>