Date: Mon, 1 Oct 2007 15:18:53 -0400 (EDT) From: Randy Schultz <schulra@earlham.edu> To: freebsd-jail@freebsd.org Subject: djbdns on 1270.0.1 in a jail problem Message-ID: <Pine.BSF.4.64.0710011440340.51852@tdream.lly.earlham.edu>
next in thread | raw e-mail | index | archive | help
Heya, Playing around with jails and have run across something weird, I was wondering if somebody could explain. I'm trying to get djbdns to run inside the jail, with tinydns running on 127.0.0.1. The thing I cannot figure out is why tinydns always comes up on the jail's IP address, and not lo0, as reported by sockstat: Root Dude ? sockstat -l USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS root sshd 863 3 tcp4 159.28.1.59:22 *:* tinydns tinydns 862 3 udp4 159.28.1.59:53 *:* root syslogd 800 4 dgram /var/run/log root syslogd 800 5 dgram /var/run/logpriv root syslogd 800 6 udp4 159.28.1.59:514 *:* root sshd 638 3 tcp4 159.28.1.66:22 *:* root syslogd 530 4 dgram /var/run/log root syslogd 530 5 dgram /var/run/logpriv root syslogd 530 6 udp6 *:514 *:* root syslogd 530 7 udp4 *:514 *:* root devd 464 4 stream /var/run/devd.pipe My setup(really just a standard install) runs fine on a non-jailed system, tinydns comes up on 127.0.0.1. The jail does have the correct env setting: [root@opal /]# cat /service/tinydns/env/IP 127.0.0.1 At first I thought it was because lo0 was not in /dev in the jail. I've gone as far as unhiding *everything* in /dev via: Root Dude ? cat /etc/devfs.rules [test_unhide_all=5] add include $devfsrules_jail add unhide This indeed worked as the jail now has everything in it's /dev. Grasping at straws, I've also tweaked sysctl settings for jails: Root Dude ? sysctl -a|egrep jail security.jail.jailed: 0 security.jail.chflags_allowed: 0 security.jail.allow_raw_sockets: 1 security.jail.enforce_statfs: 2 security.jail.sysvipc_allowed: 1 security.jail.socket_unixiproute_only: 1 security.jail.set_hostname_allowed: 1 I know it's just something simple I'm missing/glossed over while reading but could somebody pls point me in the general direction of why 127.0.0.1 appears to be unavailable, or where I could read up on how to get it to work? Tnx. -- Randy (schulra@earlham.edu) 765.983.1283 <*> Love with your heart, think with your head; not the other way around.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.64.0710011440340.51852>