EzJail network

cgigeek

Member

Reaction score: 2
Messages: 61

I am having some problems with jails on 8.4 AMD64.

From the host (which pings outside just fine):
Code:
# sysctl -a | grep jail.sy
security.jail.sysvipc_allowed: 1

From inside the jail after restarting it:
Code:
# ping localhost
ping: socket: Operation not permitted
# ping 4.4.4.4
ping: socket: Operation not permitted

sysctl -a | grep jail.sy
security.jail.sysvipc_allowed: 0

Relevant configurations per file:

rc.conf:
Code:
ezjail_enable="YES"
jail_sysvipc_allow="YES"

sysctl.conf:
Code:
security.jail.sysvipc_allowed=1
security.jail.allow_raw_sockets=1
security.jail.mount_allowed=1

Code:
# uname -a
FreeBSD ns2.gigegeo.com 8.4-RELEASE-p3 FreeBSD 8.4-RELEASE-p3

I went and tried:
Code:
export jail_*jailname*_com_parameters="allow.raw_sockets=1 allow.sysvipc=1"
to no avail.

Please advise.
 

Beeblebrox

Aspiring Daemon

Reaction score: 151
Messages: 985

The fact that you can ping from the host while you have set security.jail.sysvipc_allowed has no relevance, because this setting refers to the jail and has no control over host.

For ezjail, try to set in /usr/local/etc/ezjail/<jailname>
Code:
export jail_<jailname>_allow_raw_sockets="YES"
 

alfiqmiq

New Member


Messages: 1

Maybe this helps:)
Now from inside jail raw_sockets are 1.

Code:
cat /etc/jail.conf 
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
allow.noset_hostname;
firebird {
        jid = 1;
        path = "/v1/firebird/";
        mount.devfs;
        devfs_ruleset = 4;
        host.hostname = "firebird.lan";
        ip4.addr = 10.10.10.10;
        interface = lo1;
        allow.raw_sockets;
}
 
Top