Date: Thu, 1 Feb 2018 12:22:44 -0600 From: Grouchy Sysadmin <sysadmin@grouchysysadmin.com> To: freebsd-questions@freebsd.org Subject: Re: FreeBSD, jail, ping Message-ID: <ba28ee1c-7224-1dd4-723d-f78af6a23dc9@grouchysysadmin.com> In-Reply-To: <c9d6a2a0-7734-b445-1bdb-84ab793059c7@kicp.uchicago.edu> References: <35d8e9b01acbb929ba4cb9b98241df54.squirrel@webmail.harte-lyne.ca> <b6671fa375965a267ac11a245b9dc321.squirrel@webmail.harte-lyne.ca> <c9d6a2a0-7734-b445-1bdb-84ab793059c7@kicp.uchicago.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On 02/01/2018 12:15 PM, Valeri Galtsev wrote: > > > On 02/01/18 12:05, James B. Byrne via freebsd-questions wrote: >> >> On Thu, February 1, 2018 12:55, James B. Byrne wrote: >>> On the jail I see this behaviour: >>> >>> root@hll124:~ # sysctl security.jail.allow_raw_sockets >>> security.jail.allow_raw_sockets: 0 >>> >>> root@hll124:~ # sysctl security.jail.allow_raw_sockets=1 >>> security.jail.allow_raw_sockets: 0 >>> sysctl: security.jail.allow_raw_sockets=1: Operation not permitted >>> >>> So, how is this fixed? >>> >> >> On host: >> >> # jls >> JID IP Address Hostname Path >> 6 127.0.124.1 hll124.hamilton.harte-lyne.ca /usr/jails/hll124 >> >> # jail -m jid=6 allow.raw_sockets=1 >> >> On jail: >> >> # sysctl security.jail.allow_raw_sockets >> security.jail.allow_raw_sockets: 1 >> >> root@hll124:~ # ping 192.168.71.1 >> PING 192.168.71.1 (192.168.71.1): 56 data bytes >> 64 bytes from 192.168.71.1: icmp_seq=0 ttl=64 time=0.253 ms >> >> >> So, how does one get the jail to automatically configure this setting? >> > > I do not know how to do it using ezjail, but after ezjail does its > magic, the following line > > allow.raw_sockets = 1; > > will be in /etc/jail.conf inside particular jail configuration. > > ( after that setting is modified, particular jail has to be restarted > as someone already mentioned) > > I hope, someone who uses ezjail will chime in. > > Thanks. > Valeri > >> > For ezjail, see https://lists.freebsd.org/pipermail/freebsd-questions/2018-February/280740.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ba28ee1c-7224-1dd4-723d-f78af6a23dc9>