From owner-freebsd-questions@freebsd.org Thu Feb 1 18:22:51 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C935EEE350C for ; Thu, 1 Feb 2018 18:22:51 +0000 (UTC) (envelope-from sysadmin@grouchysysadmin.com) Received: from outbound00.knthost.com (outbound00.knthost.com [209.195.10.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4BA537BFE4 for ; Thu, 1 Feb 2018 18:22:50 +0000 (UTC) (envelope-from sysadmin@grouchysysadmin.com) Reply-To: sysadmin@i.grouchysysadmin.com DKIM-Filter: OpenDKIM Filter v2.10.3 outbound00.knthost.com D82F9519D0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=grouchysysadmin.com; s=default; t=1517509367; bh=VDW0Iefp1JnBtieepcg1DQsrsFW3tD+2q64MbljjKo4=; h=Reply-To:Subject:To:References:From:Date:In-Reply-To; b=TtIRiYJNrvP6/zWlnDsD5TDVG0XPz/+3b1T0px7thCXeEnZ4JDlvok5vlsH13ntIe 2TfLgEmKwQroZGKGH8BLvCsdafvwVE/c9WupMQtP+beVwqFZhDF9mnH7xYQ03PIwy6 CwfYTxo39CcYdlA+X6l7L3v3afLYI0RKO3IyK1L/23wIsEixwxWjB2uegjie+h02pp rsAh7O+8+SfMej0GD8BjStFe5P+Qzd0Z3DzxjBkqS1S/BF6ixTFxLk4MwergtIyKi0 eKGbDQNXcci05z5YLgc2w7jn5kRs8i499XhraHB+g2IXZF26RYnnPLfUO+tE6Sc1d4 D7oevsbYhv7ng== Subject: Re: FreeBSD, jail, ping To: freebsd-questions@freebsd.org References: <35d8e9b01acbb929ba4cb9b98241df54.squirrel@webmail.harte-lyne.ca> From: Grouchy Sysadmin Message-ID: Date: Thu, 1 Feb 2018 12:22:44 -0600 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Feb 2018 18:22:52 -0000 On 02/01/2018 12:15 PM, Valeri Galtsev wrote: > > > On 02/01/18 12:05, James B. Byrne via freebsd-questions wrote: >> >> On Thu, February 1, 2018 12:55, James B. Byrne wrote: >>> On the jail I see this behaviour: >>> >>> root@hll124:~ # sysctl security.jail.allow_raw_sockets >>> security.jail.allow_raw_sockets: 0 >>> >>> root@hll124:~ # sysctl security.jail.allow_raw_sockets=1 >>> security.jail.allow_raw_sockets: 0 >>> sysctl: security.jail.allow_raw_sockets=1: Operation not permitted >>> >>> So, how is this fixed? >>> >> >> On host: >> >> # jls >>     JID  IP Address      Hostname                      Path >>       6  127.0.124.1     hll124.hamilton.harte-lyne.ca /usr/jails/hll124 >> >> # jail -m jid=6 allow.raw_sockets=1 >> >> On jail: >> >> # sysctl security.jail.allow_raw_sockets >> security.jail.allow_raw_sockets: 1 >> >> root@hll124:~ # ping 192.168.71.1 >> PING 192.168.71.1 (192.168.71.1): 56 data bytes >> 64 bytes from 192.168.71.1: icmp_seq=0 ttl=64 time=0.253 ms >> >> >> So, how does one get the jail to automatically configure this setting? >> > > I do not know how to do it using ezjail, but after ezjail does its > magic, the following line > > allow.raw_sockets = 1; > > will be in /etc/jail.conf inside particular jail configuration. > > ( after that setting is modified, particular jail has to be restarted > as someone already mentioned) > > I hope, someone who uses ezjail will chime in. > > Thanks. > Valeri > >> > For ezjail, see https://lists.freebsd.org/pipermail/freebsd-questions/2018-February/280740.html