From owner-freebsd-jail@FreeBSD.ORG Sat Nov 1 20:15:08 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 086271065702 for ; Sat, 1 Nov 2008 20:15:08 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id B70678FC1D for ; Sat, 1 Nov 2008 20:15:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id B48BE41C667; Sat, 1 Nov 2008 21:15:05 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id t-UDrj+iaQuC; Sat, 1 Nov 2008 21:15:05 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id 4178441C5DC; Sat, 1 Nov 2008 21:15:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 2C642444888; Sat, 1 Nov 2008 20:13:46 +0000 (UTC) Date: Sat, 1 Nov 2008 20:13:46 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Christer Edwards In-Reply-To: <20081101155205.GD90953@parkman.zelut.org> Message-ID: <20081101200710.V41609@maildrop.int.zabbadoz.net> References: <20081101155205.GD90953@parkman.zelut.org> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-jail@freebsd.org Subject: Re: dhcpd possible within jail? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Nov 2008 20:15:08 -0000 On Sat, 1 Nov 2008, Christer Edwards wrote: > I recently set up a few jails for internal network services (sshd, bind, > dhcpd, etc.) The only issue I have so far is that dhcpd doesn't seem to > work within the jail env. It appears to start properly, and the process > shows in top, but no leases are ever given out. [ ...] > I have also allowed raw_sockets from the host (unless there is another > way to accomplish this). > > If anyone can tell me what I'm missing, or if its simply a jail > limitation I'd appreciate it. dhcpd imho needs bpf, so you would have to expose /dev/bpf* to that jail and perhaps also /dev/net* things.. try adding something like this to your /etc/devfs.rules [devfsrules_jail_dhcp=5] add include $devfsrules_hide_all add include $devfsrules_unhide_basic add include $devfsrules_unhide_login add path 'bpf*' unhide add path net unhide add path 'net/*' unhide the number is the first free that is not in your /etc/defaults/devfs.rules and /etc/devfs.rules. That done change the /etc/rc.conf line for that jail to jail_FOOOOOO_devfs_ruleset="devfsrules_jail_dhcp" with FOOOOOO being the right jail name of course and restart the jail. Within the jail do a ls -l /dev/bpf* ; if there are no entries you'll need to reapply the devfs rules from the base system (sh /etc/rc.d/devfs start might do that). Try the ls again. imho, you do not need to allow raw sockets. HTH /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game.