Date: Mon, 11 Apr 2016 07:11:41 -0600 From: James Gritton <jamie@freebsd.org> To: freebsd-jail@freebsd.org Cc: Rodomar 705 <rodomar705@gmail.com> Subject: Re: Unable to enable allow.socket_af in jail Message-ID: <ad74057871c840683c1bfda0fac488b5@gritton.org> In-Reply-To: <CAO99SiDGpj8cpd0U-3kPH-3jNQ03Yr=61L5KFw_MmCe17zZ76w@mail.gmail.com> References: <CAO99SiDGpj8cpd0U-3kPH-3jNQ03Yr=61L5KFw_MmCe17zZ76w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2016-04-10 03:19, Rodomar 705 wrote: > Sorry for bothering, but after one hour of reading I still can't find a > solution for this problem. > > I'm trying to run a Linux game server inside a jail itself, for added > security. The server itself run great on the host system itself. I'm > using > ezjail to manage the jail subsystem itself. > > After installing linux_base, the server start up just fine, until to > the > point where it needs to fire up the network port, and crashing with > > (NetworkException) cannot create socket: 93 - Protocol not supported > > First i was thinking that allow_raw_sockets was what missing, after > messing > with my configuration, i was able to make it work. No dice. After > reading > the jail configuration, expecially under the allow section > configuration, > it was clear to me that was missing were allow.socket_af. Tried with > the > same parameter used with the first one, no dice. Tried adding sysvipc, > taken by some comments online, no dice. Adding one to the parameters > (even > if wasn't making any sense since the other two was enabled without), no > dice. > > Can anyone explain me what I'm doing wrong? > > Thanks for your time, i'll leave the config below. > > In configuration file inside /usr/local/etc/ezjail/<jailname>: > > export jail_<jailname>_parameters="allow.raw_sockets allow.socket_af=1 > allow.sysvipc" > > Result from sudo jexec <jid> sysctl security.jail | egrep > '(allow_raw|sysvipc_allowed|socket_af)': > > security.jail.param.allow.socket_af: 0 > security.jail.allow_raw_sockets: 1 > security.jail.sysvipc_allowed: 1 What's the output of "jls -s"? In particular, are you seeing allow.socket_af there? (If not, you'll see allow.nosocket_af). Also, what do you see for ip4 and ip6? What address family is the linux server program trying to open? Jails will give EAFNOSUPPORT (Protocol not supported) for non-inet address families, but also for IPv4 or IPv6 if the jail is set up without ip4 or ip6 support. - Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ad74057871c840683c1bfda0fac488b5>