Date: Tue, 4 May 1999 17:22:22 +0200 From: Rudolf Cejka <cejkar@dcse.fee.vutbr.cz> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: Rudolf Cejka <cejkar@dcse.fee.vutbr.cz>, "freebsd-current@freebsd.org" <freebsd-current@FreeBSD.ORG> Subject: Re: Jail - any success? Message-ID: <19990504172222.A25275@kazi.dcse.fee.vutbr.cz> In-Reply-To: <7998.925739554@critter.freebsd.dk>; from Poul-Henning Kamp on Mon, May 03, 1999 at 03:52:34PM %2B0200 References: <199905031339.PAA20535@kazi.dcse.fee.vutbr.cz> <7998.925739554@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Poul-Henning Kamp wrote (1999/05/03): > You need to put ip aliases on your loopback interface, forinstance: > > ifconfig lo0 10.0.0.1 netmask 255.255.255.255 alias > ... > ifconfig lo0 10.0.0.5 netmask 255.255.255.255 alias > > Then you give each jail one of these ipnumbers and start whatever > daemons you want in the jail (inetd, sshd, apache...) > > Of course your routing needs to work such that these ip numbers > end up on your machine, you can also do this by adding multiple > IP# to the ethernet of the machine. Thanks. Now I know where was the problem - if I create ip alias ifconfig lo0 A.B.C.D netmask 255.255.255.255 alias I must write jail command as jail /path domain.name D.C.B.A /command so on my PC ip-address isn't converted to a network format. Here are my suggestions: *) Aplly this patch to jail.c: (Or bug is in system call? What format should be there?) --- jail.c.orig Tue May 4 14:00:36 1999 +++ jail.c Tue May 4 14:00:47 1999 @@ -21,7 +21,7 @@ i = inet_aton(argv[3], &in); if (!i) errx(1, "Couldn't make sense if ip number\n"); - j.ip_number = in.s_addr; + j.ip_number = htonl(in.s_addr); i = jail(&j); if (i) err(1, "Imprisonment failed"); *) There should be "$Id" in all Makefile, jail.8, and jail.c I think. *) In jail(8) there is synopsis "jail path hostname ip-number". It should be "jail path hostname ip command ..." as is usage of jail command. (I you want I can fill PRs :-) Is it possible to call ping in prison session? # ping some.host ping: socket: Operation not permitted --=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--= Rudolf Cejka (cejkar@dcse.fee.vutbr.cz; http://www.fee.vutbr.cz/~cejkar) Brno University of Technology, Faculty of El. Engineering and Comp. Science Bozetechova 2, 612 66 Brno, Czech Republic To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990504172222.A25275>