Can i use mpd5 in jail?

[riku]

Hi, everybody!

I want to setup mpd5 in jail env, but that can not work.

the error message :

Multi-link PPP daemon for FreeBSD

process 20150 started, version 5.5 (root@host1 05:24  6-May-2010)
MppcTestCap: can't create socket node: Operation not permitted
LinksInit(): can't create socket node: Operation not permitted
CcpsInit(): can't create socket node: Operation not permitted
EcpsInit(): can't create socket node: Operation not permitted
CONSOLE: listening on 127.0.0.1 5005
web: listening on 0.0.0.0 5006

How to fix it?

Thanks

 

[SirDice]

You probably need to enable raw_sockets in the jail.

See the jail(8) man page.

 

[riku]

Thanks @sirdice

I had enable it , But I can not use mpd5 too.

 sysctl -a | grep raw_socket
security.jail.allow_raw_sockets: 1

 

[crsd]

Try loading all required netgraph modules from host system (Operation not permitted is most likely result of loading kernel modules in jail).

 

[riku]

I had load all netgraph modules , can not fix it.

pxe# kldstat
Id Refs Address    Size     Name
 1   25 0xc0400000 b6e060   kernel
 2    2 0xc292c000 e000     ipfw.ko
 3    1 0xc29ca000 4000     ipdivert.ko
 4    1 0xc2a10000 4000     ng_socket.ko
 5    8 0xc2a14000 b000     netgraph.ko
 6    1 0xc2a2c000 4000     ng_mppc.ko
 7    1 0xc2a30000 2000     rc4.ko
 8    1 0xc3b60000 3000     ng_tee.ko
 9    1 0xc3b63000 4000     ng_pptpgre.ko
10    1 0xc3b67000 5000     ng_ksocket.ko
11    1 0xc3b6c000 4000     ng_iface.ko
12    1 0xc3b70000 7000     ng_ppp.ko
13    1 0xc3b79000 3000     ng_tcpmss.ko

 

[SirDice]

Did you enable raw_sockets before starting the jail?

 

[riku]

Yes, I had enable it.

 

[yurigor]

I'd also like to have mpd5 inside of jail, but it seems that jails are not allowed to create interfaces.
On a host system you (and mpd too) can do ifconfig gif0 create (like ng0 etc.)
But in a jail doing ifconfig gif0 create gives you

ifconfig: SIOCIFCREATE2: Operation not permitted

.

I home that having vimage|vnet [read: virtual network stack] you can do things like that. They already have it in FBSD 8.0 and I hope they will improve it by 9.0 (which will include pf support).

 

[martinrame]

Hi, I'm on a FreeBSD 13.2 host with a 13.1 jail and I'm getting the same error.

My jail config is this (I use VNET):

pruebas {
  vnet;
  vnet.interface  = "epair12b";
  exec.prestart = "ifconfig epair12 create";
  exec.prestart += "ifconfig epair12a up";
  exec.prestart += "ifconfig bridge0 addm epair12a";
  exec.prestop = "ifconfig epair12b -vnet $name";
  exec.poststop = "ifconfig epair12a destroy";

  allow.raw_sockets;
  allow.set_hostname;
  enforce_statfs = 2;
  devfs_ruleset="5";
  mount.devfs;
  host.hostname = "${name}.bsd.am";
  exec.consolelog = "/var/log/jail-${name}.log";
  persist;
}

When I run mpd5 I get this:

root@pruebas:/ # mpd5
Multi-link PPP daemon for FreeBSD
 
process 19633 started, version 5.9
MppcTestCap: can't create socket node: Operation not permitted
LinksInit(): can't create socket node: Operation not permitted

 

[martinrame]

I attached th output of truss, hopefully someone can help me find the issue.

 

[martinrame]

Meanwhile I'm trying also to use pptp client, but I'm getting this:

Apr 30 16:42:10 pruebas pptp[61143]: anon log[usage:pptp.c:133]: /usr/local/sbin/pptp called with wrong arguments, program not started.
Apr 30 16:45:42 pruebas pptp[61321]: anon log[main:pptp.c:353]: The synchronous pptp option is NOT activated
Apr 30 16:45:42 pruebas pptp[61324]: anon log[ctrlp_rep:pptp_ctrl.c:259]: Sent control packet type is 1 'Start-Control-Connection-Request'
Apr 30 16:45:42 pruebas pptp[61324]: anon log[ctrlp_disp:pptp_ctrl.c:781]: Received Start Control Connection Reply
Apr 30 16:45:42 pruebas pptp[61324]: anon log[ctrlp_disp:pptp_ctrl.c:815]: Client connection established.
Apr 30 16:45:44 pruebas pptp[61324]: anon log[ctrlp_rep:pptp_ctrl.c:259]: Sent control packet type is 7 'Outgoing-Call-Request'
Apr 30 16:45:44 pruebas pptp[61324]: anon log[ctrlp_disp:pptp_ctrl.c:900]: Received Outgoing Call Reply.
Apr 30 16:45:44 pruebas pptp[61324]: anon log[ctrlp_disp:pptp_ctrl.c:939]: Outgoing call established (call ID 60991, peer's call ID 1403).
Apr 30 16:45:48 pruebas ppp[61321]: tun0: Warning: The alias command is deprecated
Apr 30 16:45:48 pruebas ppp[61321]: tun0: Alert: deflink: Can't create /var/run/pts/3.if: No such file or directory
Apr 30 16:46:05 pruebas ppp[61321]: tun0: Alert: deflink: Can't remove /var/run/pts/3.if: No such file or directory
Apr 30 16:46:05 pruebas pptp[61325]: anon warn[decaps_hdlc:pptp_gre.c:226]: short read (0): Invalid argument
Apr 30 16:46:05 pruebas pptp[61324]: anon log[callmgr_main:pptp_callmgr.c:245]: Closing connection (unhandled)
Apr 30 16:46:05 pruebas pptp[61324]: anon log[ctrlp_rep:pptp_ctrl.c:259]: Sent control packet type is 12 'Call-Clear-Request'
Apr 30 16:46:05 pruebas pptp[61324]: anon log[call_callback:pptp_callmgr.c:84]: Closing connection (call state)

Any hint?