From owner-freebsd-stable@FreeBSD.ORG Wed Jan 18 15:13:04 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AD9C7106566C for ; Wed, 18 Jan 2012 15:13:04 +0000 (UTC) (envelope-from lattera@gmail.com) Received: from mail-tul01m020-f182.google.com (mail-tul01m020-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id 7853A8FC0C for ; Wed, 18 Jan 2012 15:13:04 +0000 (UTC) Received: by obcwo16 with SMTP id wo16so5495149obc.13 for ; Wed, 18 Jan 2012 07:13:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=WR3+ZJFTO0+r24XrheiTre6/buO4upQUMX1ozYAi3ds=; b=FddQaIMLoEQ2btGFKA9qJcspw8RXMumzcEG7tfnynm+SD63y6hptNnUwqpkB2Xd2wu jba/tFwP+SrDdF3W4eB+/BnlHcTfM9SvaEGcUSEAW0Ei6Zo3ebtC4WKyTuCspy4eH7Mp 2hxHKNcY7Lrppzz5Qx013HJSfLZdJ/M4Ro7ws= MIME-Version: 1.0 Received: by 10.182.111.10 with SMTP id ie10mr4651280obb.77.1326899583750; Wed, 18 Jan 2012 07:13:03 -0800 (PST) Received: by 10.182.33.233 with HTTP; Wed, 18 Jan 2012 07:13:03 -0800 (PST) In-Reply-To: References: Date: Wed, 18 Jan 2012 08:13:03 -0700 Message-ID: From: Shawn Webb To: Denny Schierz Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-stable@freebsd.org Subject: Re: Fighting with vnet / jails epair and so on X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jan 2012 15:13:04 -0000 I've done a bit of research about vnet jails: http://archive.0xfeedface.org/blog/2011-11-21/lattera/freebsd-vnet-jail-adm= in-project On Wed, Jan 18, 2012 at 6:59 AM, Denny Schierz wrote: > hi, > > after most parts works with my bridge setups works, I want to get vnet fo= r my jails working. In the morning I started a jail and got only the local = interface back, but no epair0b. Now I did something so that I can see _all_= interfaces from outside (bridge0 / bge* / epair0* ... ) but without any IP= s. > However, I'm not able to give epair0b inside the jail an ip address. I ge= t "permission denied". > > Also =A0it looks a bit strange: > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > host# jexec 2 ifconfig > > bge0: flags=3D8943 metric= 0 mtu 1500 > =A0 =A0 =A0 =A0options=3D80099 > =A0 =A0 =A0 =A0ether CHANGED > ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported > =A0 =A0 =A0 =A0media: Ethernet autoselect (1000baseT ) > =A0 =A0 =A0 =A0status: active > bge1: flags=3D8802 metric 0 mtu 1500 > =A0 =A0 =A0 =A0options=3D8009b > =A0 =A0 =A0 =A0ether CHANGED > ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported > =A0 =A0 =A0 =A0media: Ethernet autoselect (none) > =A0 =A0 =A0 =A0status: no carrier > bge2: flags=3D8802 metric 0 mtu 1500 > =A0 =A0 =A0 =A0options=3D8009b > =A0 =A0 =A0 =A0ether CHANGED > ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported > =A0 =A0 =A0 =A0media: Ethernet autoselect (none) > =A0 =A0 =A0 =A0status: no carrier > bge3: flags=3D8802 metric 0 mtu 1500 > =A0 =A0 =A0 =A0options=3D8009b > =A0 =A0 =A0 =A0ether CHANGED > ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported > =A0 =A0 =A0 =A0media: Ethernet autoselect (1000baseT ) > =A0 =A0 =A0 =A0status: active > pflog0: flags=3D0<> metric 0 mtu 33152 > ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported > ipfw0: flags=3D8801 metric 0 mtu 65536 > ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported > lo0: flags=3D8049 metric 0 mtu 16384 > =A0 =A0 =A0 =A0options=3D3 > ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported > bridge0: flags=3D8843 metric 0 mt= u 1500 > =A0 =A0 =A0 =A0ether CHANGED > ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported > =A0 =A0 =A0 =A0id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 1= 5 > =A0 =A0 =A0 =A0maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 > =A0 =A0 =A0 =A0root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 > =A0 =A0 =A0 =A0member: epair0a flags=3D143 > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0ifmaxaddr 0 port 12 priority 128 path cost= 2000 > =A0 =A0 =A0 =A0member: bge0 flags=3D143 > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0ifmaxaddr 0 port 4 priority 128 path cost = 55 > epair0a: flags=3D8943 met= ric 0 mtu 1500 > =A0 =A0 =A0 =A0options=3D8 > =A0 =A0 =A0 =A0ether CHANGED > ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported > =A0 =A0 =A0 =A0media: Ethernet 10Gbase-T (10Gbase-T ) > =A0 =A0 =A0 =A0status: active > epair0b: flags=3D8842 metric 0 mtu 1= 500 > =A0 =A0 =A0 =A0options=3D8 > =A0 =A0 =A0 =A0ether CHANGED > ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported > =A0 =A0 =A0 =A0media: Ethernet 10Gbase-T (10Gbase-T ) > =A0 =A0 =A0 =A0status: active > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > # host: > jexec 2 ifconfig epair0b 192.168.1.2 netmask 255.255.255.0 up > ifconfig: up: permission denied > > > > # sysctl: > > security.jail.enforce_statfs: 2 > security.jail.mount_allowed: 0 > security.jail.chflags_allowed: 0 > security.jail.allow_raw_sockets: 1 > security.jail.sysvipc_allowed: 1 > security.jail.socket_unixiproute_only: 1 > security.jail.set_hostname_allowed: 1 > security.jail.jail_max_af_ips: 255 > security.jail.jailed: 0 > > /etc/rc.conf: > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D > jail_enable=3D"YES" > jail_v2_enable=3D"YES" > jail_list=3D"" > jail_sysvipc_allow=3D"YES" > > > #JAIL template > jail_list=3D"$jail_list template" > jail_template_name=3D"template" > jail_template_hostname=3D"template.CHANGED" > jail_template_devfs_enable=3D"YES" > jail_template_rootdir=3D"/jails/template" > jail_template_mount_enable=3D"YES" > jail_template_fstab=3D"/etc/jails/fstabs/template" > jail_template_vnet_enable=3D"YES" > jail_template_devfs_ruleset=3D"devfsrules_jail" > > #network > jail_template_exec_prestart0=3D"ifconfig epair0 create" > jail_template_exec_prestart1=3D"ifconfig bridge0 addm epair0a" > jail_template_exec_prestart2=3D"ifconfig epair0a up" > jail_template_exec_earlypoststart0=3D"ifconfig epair0b vnet template" > jail_template_exec_afterstart0=3D"ifconfig lo0 127.0.0.1" > jail_template_exec_afterstart1=3D"ifconfig epair0b 192.168.1.2 netmask 25= 5.255.255.0 up" > jail_template_exec_afterstart2=3D"route add default 130.83.160.62" > jail_template_exec_afterstart3=3D"/bin/sh /etc/rc" > jail_template_exec_poststop0=3D"ifconfig bridge0 deletem epair0a" > jail_template_exec_poststop1=3D"ifconfig epair0a destroy" > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > > Starting jail: > > #/etc/rc.d/jail onestart > > Configuring jails:. > Starting jails:epair0a > ifconfig: up: permission denied > route: writing to routing socket: Operation not permitted > Setting hostname: example.mydomain.com. > > uname -a: > > 9.0-STABLE FreeBSD 9.0-STABLE #0: Tue Jan 17 09:05:42 CET 2012 > > Also, some people say, I have to patch /etc/rc.d/jail (freeBSD 9-rc2) to = get know the new "vnet2", other say, I don't need ... so .... > > Can anybody bring some light into the darkness of jails and vnet + rc? > > cu denny > > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"