jail

  1. U

    Solved Difficulty upgrading Jails

    Hi All, I upgraded my server from 13.0-RELEASE-p4 to 13.0-RELEASE-p13, and when I tried to run python3.9 in a jail I got the following error: ld-elf.so.1: /lib/libc.so.7: version FBSD_1.7 required by /usr/local/lib/libpython3.9.so.1.0 not found So I search on the forum and find this...
  2. A

    Solved netgraph vnet jail not getting ip address via DHCP

    Any netgraph gurus out there? I created two vnet jails with the help of the devin teske's jng scipts and example jail.conf under /usr/share/examples/jails/. I can enter either jail using jexec However, I cannot ping any targets from inside the jails. The jails do not appear to have ip...
  3. C

    Solved Accessing OpenVPN Client network from jail

    Hello. I have question. I have FreeBSD Host with one JAIL. On Host i setup OpenVPN client and i get routing to 192.168.0.1/24 over 10.4.44.109. From host i can ping 192.168.0.1 and that works fine. But from JAIL, i cant ping 192.168.0.1 and even 10.4.44.110 (my end of openVPN tunnel) Can i ask...
  4. spmzt

    ocserv in jail: cannot open /dev/tun

    Hi, I installed net/ocserv 1.1.3 on Freebsd 13.1 in jail. and I can create tun interface inside the jail. The problem is the net/ocserv try to access the /dev/tun inside my jail and it obviously fails. Here is my configuration: /etc/devfs.conf: [devfsrules_jail_overlay=5] add include...
  5. J

    Jails vs Docker performance

    I recently came across research (Bachelors thesis) that benchmarked jails against Docker. The conclusion was that, except for startup time, Docker outperformed jails in almost every category (memory - writes/sec, IO, CPU - events/sec). In some categories (read from disk), Docker outperforms by...
  6. A

    jails Jails on RPi4B as DHCP/DNS/file/web server/router

    I'm downsizing my server (an old 2006 hp ProLiant 19" rack monster with 41 disks) for a Raspberry Pi 4B 8GB as the electricity here in southern Sweden has become absurdly expensive. (The whole thing draws about €70 worth per year, now it is looking more like €4000...) While I'm redoing...
  7. epopen

    MTU of jail vimage by netgraph

    Hi All I have a question about MTU of jail vimage by netgraph. Please reference illustration of running system as follows. Running routing mode with gateway_enable="YES" @ /etc/rc.conf. Connect Jail of ssh from netif msk0(internet) via ssh. Log in is OK, but disconnect unexpected when high...
  8. rafael_grether

    Solved TOP Command & Jail

    Hi guys, Is there a way to TOP command shows username inside jail? USER_A in my host has UID 2001. USER_B in my Jail also has UID 2001. A process executed by USER_B shows to me that is executed by USER_A, when top is executed on my host. Since "top -j" brings up the JID, I think it should also...
  9. D

    Jailed ping(8) can not resolve names using hosts unbound(8), but host(1) and drill(1) can

    EFFECT drill resolves r0.z201 correctly to 192.168.201.1. host resolves r0.z201 correctly to 192.168.201.1. ping works when given argument 192.168.201.1. ping doesn't work when given argument r0.z201. (fails to resolve) OBSERVATIONS When using truss I can see that ping does...
  10. K

    Single sqlserver jail+ZFS for other jails, but how?

    Greetings. I have few jails running nginx on my FreeBSD 13.1 host. I'd like to create another jail for their SQL database needs. I'd like to create ZFS dataset for this purpose (for MySQL jail) but should I create it on host? If the dataset is created within the host, could the Jail access it...
  11. L

    Migrated JAILs from TrueNAS 11.3 to JAILS over FreeBSD 13 with VNET and now IPFW inside JAIL not work: kldload ipfw - not permitted

    In jail under TrueNAS 11, was mail server that can block IPs by IPFW rules. Now I move JAIL to FreeBSD 13.1, and detect that same JAIL with same settings, not allow to load IPFW inside jail. kldload ipfw kldload: can't load ipfw: Operation not permitted For JAILs managemnt use iocage...
  12. I

    jails Mounting an image file inside a jail

    I am trying to mount a Raspberry Pi FreeBSD image file in my "dev" jail for I can modify it. I had to make a few tweaks to my jail configuration to allow access to /dev/md* devices. I am able to intialize the image with mdconfig. The image gets assigned to /dev/md0, but when I try to run mount...
  13. A

    devfs_ruleset is broken

    Setting it to anything other than the default value disables all restrictions. Any idea why? Am I doing it wrong perhaps? { // devfs_ruleset=(rule number); mount.devfs; // }
  14. A

    jails can't access internet from within jails

    /etc/jails.conf: firefox { path = "/root/jails/firefox"; ip4.addr = "10.0.0.201"; host.hostname = "firefox"; interface = "wlan0"; mount.devfs; allow.raw_sockets; exec.clean; exec.start = "/bin/sh /etc/rc"; exec.stop = "/bin/sh /etc/rc.shutdown"; } /root/jails/firefox/etc/resolv.conf...
  15. HL1234

    IPFW jail with IPFW connection on private IP not working with /etc/rc.firewall workstation

    Because in between things have changed and I got no answer from the Forum, I like to try a new post. What do I have? -FreeBSD 13.0 -A jail with a running webserver -I'm using the firewall IPFW with NAT settings to connect to the jail from outside the host and from inside to outside. Now this...
  16. D

    VLAN bridge networking issue

    Hi there ! I am new to this board and relatively new to freebsd, so please be kind if i have done something wrong. I am learning :) I have 2 physical FreeBSD Hosts in my Network. Both of them are running several jails. Also i have multiple VLANs in my Network. The Jails are connected to...
  17. Holger

    Allowing non-root execution of a jailed application

    Allowing non-root execution of a jailed application Jailed programs can generally be executed by using jexec(8). However, you have to be root in order to do that. In this short article I present an approach on how you can allow a specific set of non-privileged users to execute a particular...
  18. Holger

    Running Google Chrome in a dedicated Linux-Jail

    Introduction and motivation There are great articles ([1] and [2]) by patovm04 here on the forum explaining how to run Chrome and Brave in a Linux chroot environment (usually /compat/linux or /compat/ubuntu). These approaches work great. However, I am a big fan of FreeBSD's jails and it has...
  19. HL1234

    jails What is the recommended way to connect to a running jail?

    Hello, I'm not a FreeBSD newb, but I'm new to jails, and read different solutions. I tried to build a jail with a webserver. Now I could start it. Then I wonder that are different outputs with these commands after I had start it: jexec 57 ps -ax gives me something like this PID TT STAT...
  20. sixpiece

    jails no internet from inside jail

    no internet from inside my jail... would like to assign jail an ipv6 address I added this line to sysctl.conf security.jail.allow_raw_sockets=1 I have some sysctl forwarding IPv6 jail.conf is as follows: hydroshop { host.hostname = "hydroponique.shop"; # Hostname...
Top