From owner-freebsd-questions@FreeBSD.ORG Wed Aug 21 11:35:24 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 91515552 for ; Wed, 21 Aug 2013 11:35:24 +0000 (UTC) (envelope-from freebsd@qeng-ho.org) Received: from blue.qeng-ho.org (blue.qeng-ho.org [217.155.128.241]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 289E42343 for ; Wed, 21 Aug 2013 11:35:23 +0000 (UTC) Received: from fileserver.home.qeng-ho.org (localhost [127.0.0.1]) by fileserver.home.qeng-ho.org (8.14.5/8.14.5) with ESMTP id r7LBZDWt082806; Wed, 21 Aug 2013 12:35:14 +0100 (BST) (envelope-from freebsd@qeng-ho.org) Message-ID: <5214A5F1.1060405@qeng-ho.org> Date: Wed, 21 Aug 2013 12:35:13 +0100 From: Arthur Chance User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:17.0) Gecko/20130810 Thunderbird/17.0.8 MIME-Version: 1.0 To: Karl Pielorz Subject: Re: jail.conf ignoring exec.fib? References: <98486B2D79D00F0898B7C9E6@Mail-PC.tdx.co.uk> <520B7F0F.7020006@a1poweruser.com> <1960A5B02323B4982B4C0320@Mail-PC.tdx.co.uk> <520FA592.7010305@qeng-ho.org> <52131A55.2040400@qeng-ho.org> <5213A13E.9050307@qeng-ho.org> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Aug 2013 11:35:24 -0000 On 21/08/2013 11:35, Karl Pielorz wrote: > > > --On 20 August 2013 18:02 +0100 Arthur Chance wrote: > >> And that's just made me think of something else - I have a horrible >> feeling that jexec will attach to the jail using whatever fib it's >> running under, i.e. the fib from the host environment. Do you have (or >> can you enable) ssh running in the jail? If so, log into the jail that >> way, and see what >> >> sysctl net.my_fibnum >> >> shows then, because you'll be running under the environment created by >> /etc/rc. > > Ok, one word: Bingo. That was it. I'll spare you the gory details of how > I cut myself off from the machine, managed to create a jail with no > access etc. etc. > > But yes, that was it - in summary: > > jail -c -v Does not actually *show* the fib being set, but will show > an error if the setfib call fails. > > jexec Runs a process in the jail, using the prevailing fib - not > the jails fib, you can rectify this by using 'setfib X jexec jail tcsh' > > I don't know if that last point should be considered a 'bug' or not... Certainly the jexec problem is going to bite people again and again, so you should probably file a PR for it. As for the -v option, the man page says "Print a message on every operation", so it's down to what is or isn't regarded as an operation worth reporting. > Many thanks for your help! No problem, it helps me understand jails better as well. -- In the dungeons of Mordor, Sauron bred Orcs with LOLcats to create a new race of servants. Called Uruk-Oh-Hai in the Black Speech, they were cruel and delighted in torturing spelling and grammar. _Lord of the Rings 2.0, the Web Edition_