From owner-freebsd-doc@FreeBSD.ORG Wed Aug 20 18:28:44 2014 Return-Path: Delivered-To: freebsd-doc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1E3FC3BB; Wed, 20 Aug 2014 18:28:44 +0000 (UTC) Received: from wonkity.com (wonkity.com [67.158.26.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "wonkity.com", Issuer "wonkity.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id C0DB136E1; Wed, 20 Aug 2014 18:28:43 +0000 (UTC) Received: from wonkity.com (localhost [127.0.0.1]) by wonkity.com (8.14.9/8.14.9) with ESMTP id s7KISaoV062331 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 20 Aug 2014 12:28:36 -0600 (MDT) (envelope-from wblock@wonkity.com) Received: from localhost (wblock@localhost) by wonkity.com (8.14.9/8.14.9/Submit) with ESMTP id s7KISaWW062328; Wed, 20 Aug 2014 12:28:36 -0600 (MDT) (envelope-from wblock@wonkity.com) Date: Wed, 20 Aug 2014 12:28:36 -0600 (MDT) From: Warren Block To: John Baldwin Subject: Re: ezjail Handbook section In-Reply-To: <201408201106.34557.jhb@freebsd.org> Message-ID: References: <201408201106.34557.jhb@freebsd.org> User-Agent: Alpine 2.11 (BSF 23 2013-08-11) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (wonkity.com [127.0.0.1]); Wed, 20 Aug 2014 12:28:36 -0600 (MDT) Cc: freebsd-doc@freebsd.org X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Aug 2014 18:28:44 -0000 On Wed, 20 Aug 2014, John Baldwin wrote: > On Tuesday, August 19, 2014 6:01:54 pm Warren Block wrote: >> On Mon, 4 Aug 2014, Warren Block wrote: >> >>> Draft version of an ezjail section for the Handbook Jails chapter: >>> http://www.wonkity.com/~wblock/jails/jails-ezjail.html >>> >>> This includes a complete setup at the end for running BIND in a jail. >>> In addition to a complete jail example, it can also serve as an example of >>> how to set up BIND now that the old chroot configuration is no more. >> >> Asking for review again of the final version at the link above. If >> there are no major complaints in the next few days, it will be >> committed. > > It's not clear to me if you need lo1? If you are using aliases on an external > interface as you would with a traditional jail then I think you don't need the > lo1 interface? It's there to keep jails from being involved with lo0 on the host. But I admit the explanation is fuzzy, and will seek clarification. (There is a bug that affects this also. When the host is a gateway, the jails use a non-default loopback and raw sockets for ping, jails get the host address wrong. More details in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=168678) > Finally, if you haven't tried etcupdate, you should try it and see how it > works compared to mergemaster. I remember looking at it years back, but did not stick with it because it was a port and not installed by default. Now that it's in base, it could be used in the update section as an alternative. Although maybe it should be mentioned in the updating chapter rather than in the jails chapter. Thanks!