headers
FreeBSD bugmaster | 6 Aug 2012 13:07
Picon
Favicon

freebsd-jail@...

Note: to view an individual PR, use:
  http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).

The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.

S Tracker      Resp.      Description
--------------------------------------------------------------------------------
o kern/169751  jail       [jail] reading routing information does not work in ja
o bin/167911   jail       new jail(8) problem with removal, ifconfg -alias and k
o kern/159918  jail       [jail] inter-jail communication failure
o docs/156853  jail       [patch] Update docs: jail(8) security issues with worl
o kern/156111  jail       [jail] procstat -b not supported in jail
o misc/155765  jail       [patch] `buildworld' does not honors WITHOUT_JAIL
o conf/154246  jail       [jail] [patch] Bad symlink created if devfs mount poin
o conf/149050  jail       [jail] rcorder ``nojail'' too coarse for Jail+VNET
s conf/142972  jail       [jail] [patch] Support JAILv2 and vnet in rc.d/jail
o conf/141317  jail       [patch] uncorrect jail stop in /etc/rc.d/jail
o kern/133265  jail       [jail] is there a solution how to run nfs client in ja
o kern/119842  jail       [smbfs] [jail] "Bad address" with smbfs inside a jail
o bin/99566    jail       [jail] [patch] fstat(1) according to specified jid
o bin/32828    jail       [jail] w(1) incorrectly handles stale utmp slots with 

14 problems total.
Permalink | Reply | 0 comments |
headers
FreeBSD bugmaster | 13 Aug 2012 13:07
Picon
Favicon

freebsd-jail@...

Note: to view an individual PR, use:
  http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).

The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.

S Tracker      Resp.      Description
--------------------------------------------------------------------------------
o kern/169751  jail       [jail] reading routing information does not work in ja
o bin/167911   jail       new jail(8) problem with removal, ifconfg -alias and k
o kern/159918  jail       [jail] inter-jail communication failure
o docs/156853  jail       [patch] Update docs: jail(8) security issues with worl
o kern/156111  jail       [jail] procstat -b not supported in jail
o misc/155765  jail       [patch] `buildworld' does not honors WITHOUT_JAIL
o conf/154246  jail       [jail] [patch] Bad symlink created if devfs mount poin
o conf/149050  jail       [jail] rcorder ``nojail'' too coarse for Jail+VNET
s conf/142972  jail       [jail] [patch] Support JAILv2 and vnet in rc.d/jail
o conf/141317  jail       [patch] uncorrect jail stop in /etc/rc.d/jail
o kern/133265  jail       [jail] is there a solution how to run nfs client in ja
o kern/119842  jail       [smbfs] [jail] "Bad address" with smbfs inside a jail
o bin/99566    jail       [jail] [patch] fstat(1) according to specified jid
o bin/32828    jail       [jail] w(1) incorrectly handles stale utmp slots with 

14 problems total.
Permalink | Reply | 0 comments |
headers
Jun Kuriyama | 16 Aug 2012 03:19
Picon
Favicon

[patch] etc/rc.d/jail: allow extra parameters for each jails


Hi,

Here is a patch which I'm using for years in my production
environment.

I usually changes parameters documented in jail(8) for each jails, but
current rc.d/jail has no feature to pass extra parameters at starting
jails.

I hope this patch will not prevent jamie's recent/next work for
rc.d/jail.  I'll commit this if there is no objection.

Index: etc/defaults/rc.conf
===================================================================
--- etc/defaults/rc.conf	(revision 239314)
+++ etc/defaults/rc.conf	(working copy)
 <at>  <at>  -705,6 +705,7  <at>  <at> 
 #jail_example_mount_enable="NO"			# mount/umount jail's fs
 #jail_example_fstab=""				# fstab(5) for mount/umount
 #jail_example_flags="-l -U root"		# flags for jail(8)
+#jail_example_parameters="allow.raw_sockets=1"	# extra parameters for this jail

 ##############################################################
 ### Define source_rc_confs, the mechanism used by /etc/rc.* ##
Index: etc/rc.d/jail
===================================================================
--- etc/rc.d/jail	(revision 239314)
+++ etc/rc.d/jail	(working copy)
 <at>  <at>  -115,6 +115,8  <at>  <at>
(Continue reading)

Permalink | Reply | 5 comments |
headers
Doug Barton | 16 Aug 2012 05:14
Picon
Favicon

Re: [patch] etc/rc.d/jail: allow extra parameters for each jails

On 08/15/2012 03:19 PM, Jun Kuriyama wrote:
> 
> Hi,
> 
> Here is a patch which I'm using for years in my production
> environment.
> 
> I usually changes parameters documented in jail(8) for each jails, but
> current rc.d/jail has no feature to pass extra parameters at starting
> jails.
> 
> I hope this patch will not prevent jamie's recent/next work for
> rc.d/jail.  I'll commit this if there is no objection.
> 
> 
> Index: etc/defaults/rc.conf
> ===================================================================
> --- etc/defaults/rc.conf	(revision 239314)
> +++ etc/defaults/rc.conf	(working copy)
>  <at>  <at>  -705,6 +705,7  <at>  <at> 
>  #jail_example_mount_enable="NO"			# mount/umount jail's fs
>  #jail_example_fstab=""				# fstab(5) for mount/umount
>  #jail_example_flags="-l -U root"		# flags for jail(8)
> +#jail_example_parameters="allow.raw_sockets=1"	# extra parameters for this jail

Why not just use _flags for this?
Permalink | Reply | 2 comments |
headers
Jun Kuriyama | 16 Aug 2012 05:24
Picon
Favicon

Re: [patch] etc/rc.d/jail: allow extra parameters for each jails

2012/8/16 Doug Barton <dougb@...>:
> On 08/15/2012 03:19 PM, Jun Kuriyama wrote:
>>  #jail_example_flags="-l -U root"             # flags for jail(8)
>> +#jail_example_parameters="allow.raw_sockets=1"       # extra parameters for this jail
>
> Why not just use _flags for this?

Current implementation of rc.d/jail uses old command line syntax which
cannot pass parameters to jail(8), so main modifications of my patch
is changing this to use new command line style to use with "-c" flag
and named parameters.

Then, you are right, these named parameters can be passed via _flags
after my patch.  I just want separate command line option flags and
named parameters.  I don't have strong argument to add _parameters
variables.  I just think adding _parameters may be easy to
configure/understand.

--

-- 
Jun Kuriyama <kuriyama@...> // FreeBSD Project
         <kuriyama@...> // S2 Factory, Inc.
Permalink | Reply | 1 comment |
headers
Doug Barton | 16 Aug 2012 05:32
Picon
Favicon

Re: [patch] etc/rc.d/jail: allow extra parameters for each jails

On 08/15/2012 05:24 PM, Jun Kuriyama wrote:
> 2012/8/16 Doug Barton <dougb@...>:
>> On 08/15/2012 03:19 PM, Jun Kuriyama wrote:
>>>  #jail_example_flags="-l -U root"             # flags for jail(8)
>>> +#jail_example_parameters="allow.raw_sockets=1"       # extra parameters for this jail
>>
>> Why not just use _flags for this?
> 
> Current implementation of rc.d/jail uses old command line syntax which
> cannot pass parameters to jail(8), so main modifications of my patch
> is changing this to use new command line style to use with "-c" flag
> and named parameters.
> 
> Then, you are right, these named parameters can be passed via _flags
> after my patch.  I just want separate command line option flags and
> named parameters.  I don't have strong argument to add _parameters
> variables.  I just think adding _parameters may be easy to
> configure/understand.

Thank you for the explanation. FWIW, this sounds reasonable to me.

Doug
Permalink | Reply | 0 comments |
headers
Bjoern A. Zeeb | 17 Aug 2012 12:28

Re: [patch] etc/rc.d/jail: allow extra parameters for each jails

On Thu, 16 Aug 2012, Jun Kuriyama wrote:

>
> Hi,
>
> Here is a patch which I'm using for years in my production
> environment.
>
> I usually changes parameters documented in jail(8) for each jails, but
> current rc.d/jail has no feature to pass extra parameters at starting
> jails.
>
> I hope this patch will not prevent jamie's recent/next work for
> rc.d/jail.  I'll commit this if there is no objection.

Why not just use his work?

--

-- 
Bjoern A. Zeeb                                 You have to have visions!
          Stop bit received. Insert coin for new address family.
Permalink | Reply | 1 comment |
headers
Jamie Gritton | 17 Aug 2012 20:47
Picon
Favicon

Re: [patch] etc/rc.d/jail: allow extra parameters for each jails

On 08/17/12 04:28, Bjoern A. Zeeb wrote:
> On Thu, 16 Aug 2012, Jun Kuriyama wrote:
>
>>
>> Hi,
>>
>> Here is a patch which I'm using for years in my production
>> environment.
>>
>> I usually changes parameters documented in jail(8) for each jails, but
>> current rc.d/jail has no feature to pass extra parameters at starting
>> jails.
>>
>> I hope this patch will not prevent jamie's recent/next work for
>> rc.d/jail. I'll commit this if there is no objection.
>
> Why not just use his work?

Probably because it's a lot more "next" than "recent".
Soon ... real soon now.

- Jamie
Permalink | Reply | 0 comments |
headers
Curtis Villamizar | 19 Aug 2012 19:35

IPv6 multicast sent to jail


I'm trying to run isc-dhcpd using dhcpd -6 in a jail.  No luck.

The following code is run in the jail and doesn't fail.

        if (inet_pton(AF_INET6, All_DHCP_Relay_Agents_and_Servers,
                      &mreq.ipv6mr_multiaddr) <= 0) {
                log_fatal("inet_pton: unable to convert '%s'",
                          All_DHCP_Relay_Agents_and_Servers);
        }
        mreq.ipv6mr_interface = if_nametoindex(info->name);
        if (setsockopt(sock, IPPROTO_IPV6, IPV6_JOIN_GROUP,
                       &mreq, sizeof(mreq)) < 0) {
                log_fatal("setsockopt: IPV6_JOIN_GROUP: %m");
        }

where All_DHCP_Relay_Agents_and_Servers is defined as "FF02::1:2".

Later dhcpd binds to *.517 which can be seen in netstat -an.

Packets to ff02::1:2.517 are seen on the jailer (as opposed to the
jailee) using tcpdump, but no packets are received by the jailee.

When the same command from the jailer using a chroot to the jailee
directory, the multicast packets are received.

Is there a solution to this other than changing the jail from an
implied "ip6=new" with a specific address to "ip6=inherit".  What I'd
really like is a yet to be invented "ip6=new+multicast".
(Continue reading)

Permalink | Reply | 8 comments |
headers
FreeBSD bugmaster | 20 Aug 2012 13:07
Picon
Favicon

freebsd-jail@...

Note: to view an individual PR, use:
  http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).

The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.

S Tracker      Resp.      Description
--------------------------------------------------------------------------------
o kern/169751  jail       [jail] reading routing information does not work in ja
o bin/167911   jail       new jail(8) problem with removal, ifconfg -alias and k
o kern/159918  jail       [jail] inter-jail communication failure
o docs/156853  jail       [patch] Update docs: jail(8) security issues with worl
o kern/156111  jail       [jail] procstat -b not supported in jail
o misc/155765  jail       [patch] `buildworld' does not honors WITHOUT_JAIL
o conf/154246  jail       [jail] [patch] Bad symlink created if devfs mount poin
o conf/149050  jail       [jail] rcorder ``nojail'' too coarse for Jail+VNET
s conf/142972  jail       [jail] [patch] Support JAILv2 and vnet in rc.d/jail
o conf/141317  jail       [patch] uncorrect jail stop in /etc/rc.d/jail
o kern/133265  jail       [jail] is there a solution how to run nfs client in ja
o kern/119842  jail       [smbfs] [jail] "Bad address" with smbfs inside a jail
o bin/99566    jail       [jail] [patch] fstat(1) according to specified jid
o bin/32828    jail       [jail] w(1) incorrectly handles stale utmp slots with 

14 problems total.
Permalink | Reply | 0 comments |

Gmane