From owner-freebsd-doc@freebsd.org Mon Apr 25 03:50:44 2016 Return-Path: Delivered-To: freebsd-doc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1CD4EB1BECC for ; Mon, 25 Apr 2016 03:50:44 +0000 (UTC) (envelope-from wblock@wonkity.com) Received: from wonkity.com (wonkity.com [67.158.26.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "wonkity.com", Issuer "wonkity.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id E28131EFC for ; Mon, 25 Apr 2016 03:50:43 +0000 (UTC) (envelope-from wblock@wonkity.com) Received: from wonkity.com (localhost [127.0.0.1]) by wonkity.com (8.15.2/8.15.2) with ESMTPS id u3P3ognD095896 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 24 Apr 2016 21:50:42 -0600 (MDT) (envelope-from wblock@wonkity.com) Received: from localhost (wblock@localhost) by wonkity.com (8.15.2/8.15.2/Submit) with ESMTP id u3P3ogc3095889; Sun, 24 Apr 2016 21:50:42 -0600 (MDT) (envelope-from wblock@wonkity.com) Date: Sun, 24 Apr 2016 21:50:42 -0600 (MDT) From: Warren Block To: Pietro Sammarco cc: freebsd-doc@FreeBSD.org Subject: Re: ezjail allow.raw_socket handbook wrong confing In-Reply-To: <571D81A1.30606@googlemail.com> Message-ID: References: <571D81A1.30606@googlemail.com> User-Agent: Alpine 2.20 (BSF 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (wonkity.com [127.0.0.1]); Sun, 24 Apr 2016 21:50:42 -0600 (MDT) X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Apr 2016 03:50:44 -0000 On Sun, 24 Apr 2016, Pietro Sammarco via freebsd-doc wrote: > Hello, > > I have been hammering my head for the past 3 hours trying to get ping to work > on a jail managed through ezjail. > > As per the handbook indication, I set *export > jail_jailname_parameters="allow.raw_sockets=1" > *to*/usr/local/etc/ezjail/jailname *but it wouldn't allow pinging no matter > what. I don't understand what you are saying here. > Anyways I am not sure if that variable was working before, however it > certainly doesn't anymore. > > The solution was to add *export > jail_**jailname**_parameters="allow.raw_sockets" > *to*/usr/local/etc/ezjail/jailname*. > > Yep easy as that, but it seriously gave me a headache to the point that I am > about to throw up :). I believe the handbook should be edited and the > corrected. > > https://www.freebsd.org/doc/handbook/jails-ezjail.html Sorry, I just don't understand. That part says: When raw network sockets are actually needed in a jail, they can be enabled by editing the ezjail configuration file for the individual jail, /usr/local/etc/ezjail/jailname. Modify the parameters entry: export jail_jailname_parameters="allow.raw_sockets=1" "jailname" in both the paragraph and the configuration line are shown in italic because they are strings that the user is supposed to replace with the actual jail name. Would it help to break up that paragraph into shorter sentences? When raw network sockets are actually needed in a jail, they can be enabled. Edit the ezjail configuration file for the individual jail, /usr/local/etc/ezjail/jailname. Modify the parameters entry: