From owner-freebsd-questions@freebsd.org Thu Feb 1 18:05:23 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BEDA0EE2263 for ; Thu, 1 Feb 2018 18:05:23 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from inet08.hamilton.harte-lyne.ca (inet08.hamilton.harte-lyne.ca [216.185.71.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "inet08.hamilton.harte-lyne.ca", Issuer "CA_HLL_ISSUER_2016" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 660A57B002 for ; Thu, 1 Feb 2018 18:05:23 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from localhost (localhost [127.0.0.1]) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTP id 9812A6254A for ; Thu, 1 Feb 2018 13:05:22 -0500 (EST) X-Virus-Scanned: amavisd-new at harte-lyne.ca Received: from inet08.hamilton.harte-lyne.ca ([127.0.0.1]) by localhost (inet08.hamilton.harte-lyne.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nrITNm4rBWSk for ; Thu, 1 Feb 2018 13:05:20 -0500 (EST) Received: from webmail.harte-lyne.ca (inet04.hamilton.harte-lyne.ca [216.185.71.24]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTPSA id F4149624B5 for ; Thu, 1 Feb 2018 13:05:19 -0500 (EST) Received: from 216.185.71.44 (SquirrelMail authenticated user byrnejb_hll) by webmail.harte-lyne.ca with HTTP; Thu, 1 Feb 2018 13:05:20 -0500 Message-ID: In-Reply-To: <35d8e9b01acbb929ba4cb9b98241df54.squirrel@webmail.harte-lyne.ca> References: <35d8e9b01acbb929ba4cb9b98241df54.squirrel@webmail.harte-lyne.ca> Date: Thu, 1 Feb 2018 13:05:20 -0500 Subject: Re: FreeBSD, jail, ping From: "James B. Byrne" To: freebsd-questions@freebsd.org Reply-To: byrnejb@harte-lyne.ca User-Agent: SquirrelMail/1.4.22-5.el6 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Feb 2018 18:05:23 -0000 On Thu, February 1, 2018 12:55, James B. Byrne wrote: > On the jail I see this behaviour: > > root@hll124:~ # sysctl security.jail.allow_raw_sockets > security.jail.allow_raw_sockets: 0 > > root@hll124:~ # sysctl security.jail.allow_raw_sockets=1 > security.jail.allow_raw_sockets: 0 > sysctl: security.jail.allow_raw_sockets=1: Operation not permitted > > So, how is this fixed? > On host: # jls JID IP Address Hostname Path 6 127.0.124.1 hll124.hamilton.harte-lyne.ca /usr/jails/hll124 # jail -m jid=6 allow.raw_sockets=1 On jail: # sysctl security.jail.allow_raw_sockets security.jail.allow_raw_sockets: 1 root@hll124:~ # ping 192.168.71.1 PING 192.168.71.1 (192.168.71.1): 56 data bytes 64 bytes from 192.168.71.1: icmp_seq=0 ttl=64 time=0.253 ms So, how does one get the jail to automatically configure this setting? -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3