headers
FreeBSD bugmaster | 2 Jun 2008 13:06
Picon
Favicon

freebsd-jail@...

Current FreeBSD problem reports
Critical problems
Serious problems

S Tracker      Resp.      Description
--------------------------------------------------------------------------------
s kern/89528   jail       [jail] [patch] impossible to kill a jail
o kern/119842  jail       [smbfs] [jail] "Bad address" with smbfs inside a jail

2 problems total.

Non-critical problems

S Tracker      Resp.      Description
--------------------------------------------------------------------------------
o bin/32828    jail       [jail] w(1) incorrectly handles stale utmp slots with 
o kern/68192   jail       [quotas] [jail] Cannot use quotas on jailed systems
o kern/72498   jail       [libc] [jail] timestamp code on jailed SMP machine gen
o kern/74314   jail       [resolver] [jail] DNS resolver broken under certain ja
o kern/84215   jail       [jail] [patch] wildcard ip (INADDR_ANY) should not bin
o kern/89989   jail       [jail] [patch] Add option -I (ASCII 73) PID  to specif
o kern/97071   jail       [jail] [patch] add security.jail.jid sysctl
o bin/99566    jail       [jail] [patch] fstat(1) according to specified jid
o kern/120753  jail       [jail] Zombie jails (jailed child process exits while 

9 problems total.
Permalink | Reply | 0 comments |
headers
alexus | 3 Jun 2008 01:52
Picon

Re: FreeBSD-7.0 MULTIPLE-IPs

anyone?

On Mon, May 12, 2008 at 2:28 PM, alexus <alexus@...> wrote:
> Hello,
>
> I saw there is a few patches out there that gives jail ability to have
> more then 1(one) IP address, however all those patches are very old
> and jail in FreeBSD-7.0 has more then it had even 2-3 years ago, so I
> was wondering if there is a new patch that works with FreeBSD-7, maybe
> implmenting this patch is somewhat easier in 7.0 vs older releases? I
> think DragonFly implmeneted one of the patches directly into core, why
> FreeBSD won't do it already?
> --
> http://alexus.org/
>

--

-- 
http://alexus.org/
Permalink | Reply | 3 comments |
headers
alexus | 3 Jun 2008 02:17
Picon

Re: New wiki page - Jails

i'm more concern about:

Multi-IPv4/v6/no-IP jails
 In progress
 Bjoern A. Zeeb
 The multi-IPv4/v6 jails project was resumed in early January after
previous work had been abandoned in 2006.
As an alternate solution to full network stack virtualization, this
work shall provide a lightweight solution for multi-IP virtualization.
Perforce
based on FreeBSD 7.x?/8.x

any ETA at all? seems like such a demanding feature, yet its barly
made it to the list of things to do :(

On Sat, May 24, 2008 at 5:45 PM, Miroslav Lachman <000.fbsd@...> wrote:
>
>
> Bjoern A. Zeeb wrote:
>
>> On Sat, 24 May 2008, Miroslav Lachman wrote:
>>
>> Hi,
>>
>>> I just started with some informations on http://wiki.freebsd.org/Jails
>>> So let me know what you think about it and do not hesitate with more
>>> ideas.
>>
>>
>> Thanks for the summary.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Frank Behrens | 3 Jun 2008 08:21
Picon

Re: New wiki page - Jails

alexus <alexus@...> wrote on 2 Jun 2008 20:17:
> Multi-IPv4/v6/no-IP jails
>  In progress
>  Bjoern A. Zeeb
>  The multi-IPv4/v6 jails project was resumed in early January after
> previous work had been abandoned in 2006.
> As an alternate solution to full network stack virtualization, this
> work shall provide a lightweight solution for multi-IP virtualization.
> Perforce
> based on FreeBSD 7.x?/8.x
> 
> 
> any ETA at all? seems like such a demanding feature, yet its barly
> made it to the list of things to do :(

I can't give you an ETA, but I can give you a good feeling. ;-)
On Bjoerns page are already patches available. I'm testing this on 
RELENG_7 and did not see any problems, it works very well on a 
(small) productive system.

--

-- 
Frank Behrens, Osterwieck, Germany
PGP-key 0x5B7C47ED on public servers available.
Permalink | Reply | 0 comments |
headers
Isaac Levy | 3 Jun 2008 10:49

Re: FreeBSD-7.0 MULTIPLE-IPs

Hello Alexus,

I haven't been very close to this lately, so I may be stepping out of  
turn- but there's one big reason: The Virtual IP stack implementation  
underway (separate from the jail mechanism, but of course, QUITE  
perfect for jailing uses).

I first learned Marko Zec's work on the virtual IP stack at EuroBSDCon  
2007:
http://2007.eurobsdcon.org/tutorial-virtualized-network-stack.html

However, Bjoern Zeeb has resumed a jail-specific multi-ip  
implimentation- the current status seems to be updated soemwhat  
frequently here (yay!):
http://wiki.freebsd.org/Jails#head-27743b977485318e421b24962498cf007f70dacf

"The multi-IPv4/v6 jails project was resumed in early January after  
previous work had been abandoned in 2006.
As an alternate solution to full network stack virtualization, this  
work shall provide a lightweight solution for multi-IP virtualization.  
Perforce
based on FreeBSD 7.x?/8.x"

Sadly for you however, at the time of this writing, it seems the 7.x  
patches are 'in progress'.

--
To answer the dragonfly jail patch question- Dragonfly is a fork of  
the 4.x FreeBSD code, and with that, is now extremely different from  
FreeBSD 5.x onward.  Therefore, many patches from the 4.x era code are
(Continue reading)

Permalink | Reply | 2 comments |
headers
Bjoern A. Zeeb | 3 Jun 2008 11:38

Re: FreeBSD-7.0 MULTIPLE-IPs

On Tue, 3 Jun 2008, Isaac Levy wrote:

Hi ike,

> I first learned Marko Zec's work on the virtual IP stack at EuroBSDCon 2007:
> http://2007.eurobsdcon.org/tutorial-virtualized-network-stack.html

If you knew about things that happened at BSDCan 2008;-) Where have you been?

> However, Bjoern Zeeb has resumed a jail-specific multi-ip implimentation- the 
> current status seems to be updated soemwhat frequently here (yay!):
> http://wiki.freebsd.org/Jails#head-27743b977485318e421b24962498cf007f70dacf
>
> "The multi-IPv4/v6 jails project was resumed in early January after previous 
> work had been abandoned in 2006.
> As an alternate solution to full network stack virtualization, this work 
> shall provide a lightweight solution for multi-IP virtualization. Perforce
> based on FreeBSD 7.x?/8.x"
>
> Sadly for you however, at the time of this writing, it seems the 7.x patches 
> are 'in progress'.

Well the entire things is "in progress" and as this is a FAQ the
RELENG_7 patch that is out there is a bit outdated and I am working on
an updated version as soon as I have tested what is in p4 on HEAD and
feel that it still is as stable as the old patch was.
BTW. Any HEAD version would be as old as the RELENG_7 one.

Go here to find your way to the (old but stable) patch:
http://www.freebsd.org/news/status/report-2008-01-2008-03.html#Multi-IPv4/v6/no-IP-jails
(Continue reading)

Permalink | Reply | 1 comment |
headers
Isaac Levy | 3 Jun 2008 16:05

Re: FreeBSD-7.0 MULTIPLE-IPs

Hi Bjorn,

On Jun 3, 2008, at 5:38 AM, Bjoern A. Zeeb wrote:

> On Tue, 3 Jun 2008, Isaac Levy wrote:
>
> Hi ike,
>
>> I first learned Marko Zec's work on the virtual IP stack at  
>> EuroBSDCon 2007:
>> http://2007.eurobsdcon.org/tutorial-virtualized-network-stack.html
>
> If you knew about things that happened at BSDCan 2008;-) Where have  
> you been?

Oh, work :) I was pulled into a job which I let consume my entire life  
for a while here, I'll be out of the thick of it for summer.

>
>
>
>> However, Bjoern Zeeb has resumed a jail-specific multi-ip  
>> implimentation- the current status seems to be updated soemwhat  
>> frequently here (yay!):
>> http://wiki.freebsd.org/Jails#head-27743b977485318e421b24962498cf007f70dacf
>>
>> "The multi-IPv4/v6 jails project was resumed in early January after  
>> previous work had been abandoned in 2006.
>> As an alternate solution to full network stack virtualization, this  
>> work shall provide a lightweight solution for multi-IP
(Continue reading)

Permalink | Reply | 0 comments |
headers
Miroslav Lachman | 4 Jun 2008 00:14
Picon

Re: A simple rc.d jail patch to enable priority

Alexander Leidinger wrote:

> Quoting Jan Srzednicki <w <at> wrzask.pl> (from Sun, 24 Feb 2008 17:30:05 
> +0100):
> 
>> Hello,
>>
>> I have written this tiny little patch to the jail rc.d script, which
>> allows user to set jail nice value. It doesn't change any default
>> behaviour.
>>
>> Can that make it to the trees?
>> Patch attached.
> 
> You need to provide documentation for it if you want that someone  
> considers it for inclusion into the tree.

I took it and sent PR conf/124248 with patch for rc.d/jail, 
defaults/rc.conf and man5/rc.conf.5

Please let me know if commited, so I can update status of the patch on 
http://wiki.freebsd.org/Jails

Miroslav Lachman
Permalink | Reply | 0 comments |
headers
Nicolas de Bari Embriz Garcia Rojas | 6 Jun 2008 07:11

ipsec

I had to make an VPN using IPSEC, the vpn is on the master host and is  
working but if it is only available from the master host not the  
jails, how can i make the jails to ping/access/telnet the VPN?

I have something like this:

192.10.10.1---->A.A.A.A<------VPN /INTERNET--------->B.B.B.B--- 
 >196.18.20.121
              jails1 --->A.A.A.1  _|
	     jails2 --->A.A.A.2  _|

the jail1 is the one that needs the vpn to acces but if y try to ping  
196.18.20.121 from jail1 with public IP (A.A.A.1) does not get any  
response, the VPN is only working from the master host.

Any ideas on how to fixt this?

my kernel has already compiled with:

options IPSEC
options IPSEC_ESP
options IPSEC_DEBUG
options IPSEC_FILTERGIF
device  crypto
device  enc
options IPSEC_NAT_T

regards

--
(Continue reading)

Permalink | Reply | 2 comments |
headers
Nicolas de Bari Embriz Garcia Rojas | 9 Jun 2008 07:59

ipsec ipencap

this option IPSEC_FILTERGIF seems only to work when using ipencap, but  
any idea on how to make it work when not using ipencap ?

regards.

I had to make an VPN using IPSEC, the vpn is on the master host and is  
working but if it is only available from the master host not the  
jails, how can i make the jails to ping/access/telnet the VPN?

I have something like this:

192.10.10.1---->A.A.A.A<------VPN /INTERNET--------->B.B.B.B--- 
 >196.18.20.121
             jails1 --->A.A.A.1  _|
	     jails2 --->A.A.A.2  _|

the jail1 is the one that needs the vpn to acces but if y try to ping  
196.18.20.121 from jail1 with public IP (A.A.A.1) does not get any  
response, the VPN is only working from the master host.

Any ideas on how to fixt this?

my kernel has already compiled with:

options IPSEC
options IPSEC_ESP
options IPSEC_DEBUG
options IPSEC_FILTERGIF
device  crypto
device  enc
(Continue reading)

Permalink | Reply | 0 comments |

Gmane