From owner-freebsd-jail@FreeBSD.ORG Fri Jul 25 04:22:41 2014 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from hub.FreeBSD.org (hub.freebsd.org [IPv6:2001:1900:2254:206c::16:88]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 123D5535; Fri, 25 Jul 2014 04:22:40 +0000 (UTC) Date: Fri, 25 Jul 2014 00:22:37 -0400 From: Glen Barber To: Warren Block Subject: Re: check_dhcp Message-ID: <20140725042237.GC1065@hub.FreeBSD.org> References: <20140725032045.GY1065@hub.FreeBSD.org> <20140725033114.GZ1065@hub.FreeBSD.org> <20140725034600.GA1065@hub.FreeBSD.org> <20140725035533.GB1065@hub.FreeBSD.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="TuBLotoxjxNtqonL" Content-Disposition: inline In-Reply-To: X-Operating-System: FreeBSD 11.0-CURRENT amd64 X-SCUD-Definition: Sudden Completely Unexpected Dataloss X-SULE-Definition: Sudden Unexpected Learning Event User-Agent: Mutt/1.5.23 (2014-03-12) Cc: freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Jul 2014 04:22:41 -0000 --TuBLotoxjxNtqonL Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jul 24, 2014 at 10:19:53PM -0600, Warren Block wrote: > On Thu, 24 Jul 2014, Glen Barber wrote: >=20 > >I think dhclient still will not work though, since it is set as 'nojail' > >in /etc/rc.d/dhclient rc script. >=20 > To be clear, what worked was running /sbin/dhclient, not the rc script. It > requests and gets a lease, but does not manage to assign the address to t= he > jail's interface. >=20 Rightfully so. I would be worried if it did.[1] > >Does /var/run/dhclient* stuff exist in the jail, with valid entries? >=20 > It does create a pid file, and a dhclient.leases file in /var/db/. But t= he > lease address is not assigned. >=20 Good, I would be worried about this, as well.[1] > >I suspect no, and if yes, I would argue this is a bug that it does. >=20 > It runs, but toothlessly, which seems about right. :) [1] Consider a shared hosting provider using jail(8), where root access is granted. Such a case should not expect a dhclient(8) to arbitrarily succeed on the network. Glen --TuBLotoxjxNtqonL Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJT0duNAAoJELls3eqvi17QKp0QALmdTeYGzKDPcf91BIvuNEV+ QOqnSPiV5i+Xf0n7Gr03ufA4KbzPH1jfC0S+/pfcPNE8F2diIvlSoAwdsxCOQzNE RO6/XV1MhxFG+nrE6yzPadPQdq/98t3xPPzBUaPaJdeWVxZyiz6ME+pEDmdNy9xc r8JmMjn9afTlUKiHjagIf9uWHAxFIlGWQqVoCyYY4iCvLiiQt3llSeZF2YMrgOSS c7WMSTXeMsSON3HMpKMLB4/fX9XAd6DIZ8TqKFk1NbbuY1s1exBg60O9KjtSNH/t p85SEp1ERvC0BL9vCe3Y4shkqYQlv01qoIaC9uXQ9MNt3OHnFQt5Y7grv17yN3kA KmpeJLraAhk5qUvcTMSt9Of2aVV+7/UZIGI1IuvbyByQuXZj7DrVOfScpptvDTih /nqTS1E5t99uf+6JiMBSImJRn1RKkAW0EOOu45cmrtz8Q8374/7D5uR/juacedgD Z5sMjTbD0A0pczrxXleVFHbzDtaYf29J/dEva516Tuhg866qC7ftv2vvZUFq0KX+ yx1cCy76NTtwlt/Ett+MpIelY6D9PZzLHI+HmSFMXTAS0mKzobNSCHhOV9e6COBv KXovHMQB+GAgKK5Qp7/sFAq4JGk5InxPrpEfsWarz3w+Q/UycwtxL2FoLTBfe5aD 0KU6f+MkWOfU8E+wHUlk =CmEq -----END PGP SIGNATURE----- --TuBLotoxjxNtqonL--