Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 1 Feb 2018 12:15:56 -0600
From:      Valeri Galtsev <galtsev@kicp.uchicago.edu>
To:        byrnejb@harte-lyne.ca, freebsd-questions@freebsd.org
Subject:   Re: FreeBSD, jail, ping
Message-ID:  <c9d6a2a0-7734-b445-1bdb-84ab793059c7@kicp.uchicago.edu>
In-Reply-To: <b6671fa375965a267ac11a245b9dc321.squirrel@webmail.harte-lyne.ca>
References:  <35d8e9b01acbb929ba4cb9b98241df54.squirrel@webmail.harte-lyne.ca> <b6671fa375965a267ac11a245b9dc321.squirrel@webmail.harte-lyne.ca>
next in thread | previous in thread | raw e-mail | index | archive | help 


On 02/01/18 12:05, James B. Byrne via freebsd-questions wrote:
> 
> On Thu, February 1, 2018 12:55, James B. Byrne wrote:
>> On the jail I see this behaviour:
>>
>> root@hll124:~ # sysctl security.jail.allow_raw_sockets
>> security.jail.allow_raw_sockets: 0
>>
>> root@hll124:~ # sysctl security.jail.allow_raw_sockets=1
>> security.jail.allow_raw_sockets: 0
>> sysctl: security.jail.allow_raw_sockets=1: Operation not permitted
>>
>> So, how is this fixed?
>>
> 
> On host:
> 
> # jls
>     JID  IP Address      Hostname                      Path
>       6  127.0.124.1     hll124.hamilton.harte-lyne.ca /usr/jails/hll124
> 
> # jail -m jid=6 allow.raw_sockets=1
> 
> On jail:
> 
> # sysctl security.jail.allow_raw_sockets
> security.jail.allow_raw_sockets: 1
> 
> root@hll124:~ # ping 192.168.71.1
> PING 192.168.71.1 (192.168.71.1): 56 data bytes
> 64 bytes from 192.168.71.1: icmp_seq=0 ttl=64 time=0.253 ms
> 
> 
> So, how does one get the jail to automatically configure this setting?
> 

I do not know how to do it using ezjail, but after ezjail does its 
magic, the following line

allow.raw_sockets = 1;

will be in /etc/jail.conf inside particular jail configuration.

( after that setting is modified, particular jail has to be restarted as 
someone already mentioned)

I hope, someone who uses ezjail will chime in.

Thanks.
Valeri

> 

-- 
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c9d6a2a0-7734-b445-1bdb-84ab793059c7>