Date: Thu, 1 Feb 2018 13:05:20 -0500 From: "James B. Byrne" <byrnejb@harte-lyne.ca> To: freebsd-questions@freebsd.org Subject: Re: FreeBSD, jail, ping Message-ID: <b6671fa375965a267ac11a245b9dc321.squirrel@webmail.harte-lyne.ca> In-Reply-To: <35d8e9b01acbb929ba4cb9b98241df54.squirrel@webmail.harte-lyne.ca> References: <35d8e9b01acbb929ba4cb9b98241df54.squirrel@webmail.harte-lyne.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, February 1, 2018 12:55, James B. Byrne wrote:
> On the jail I see this behaviour:
>
> root@hll124:~ # sysctl security.jail.allow_raw_sockets
> security.jail.allow_raw_sockets: 0
>
> root@hll124:~ # sysctl security.jail.allow_raw_sockets=1
> security.jail.allow_raw_sockets: 0
> sysctl: security.jail.allow_raw_sockets=1: Operation not permitted
>
> So, how is this fixed?
>
On host:
# jls
JID IP Address Hostname Path
6 127.0.124.1 hll124.hamilton.harte-lyne.ca /usr/jails/hll124
# jail -m jid=6 allow.raw_sockets=1
On jail:
# sysctl security.jail.allow_raw_sockets
security.jail.allow_raw_sockets: 1
root@hll124:~ # ping 192.168.71.1
PING 192.168.71.1 (192.168.71.1): 56 data bytes
64 bytes from 192.168.71.1: icmp_seq=0 ttl=64 time=0.253 ms
So, how does one get the jail to automatically configure this setting?
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b6671fa375965a267ac11a245b9dc321.squirrel>