On 23/10/2013 08:16, Mars G. Miro wrote: > Hi list, > > On a jail on FreeBSD 8.4R-p4 > > root@waspb1:~# ping -a 4.2.2.2 > ping: socket: Operation not permitted > root@waspb1:~# nc -uv 4.2.2.2 53 > Connection to 4.2.2.2 53 port [udp/domain] succeeded! > ^C > root@waspb1:~# sysctl security.jail.jailed > security.jail.jailed: 1 > root@waspb1:~# > > > But I have set it properly on the host: > > mars@wasp:~% sysctl -a | grep jail > security.jail.param.cpuset.id: 0 > security.jail.param.host.hostid: 0 > security.jail.param.host.hostuuid: 64 > security.jail.param.host.domainname: 256 > security.jail.param.host.hostname: 256 > security.jail.param.children.max: 0 > security.jail.param.children.cur: 0 > security.jail.param.enforce_statfs: 0 > security.jail.param.securelevel: 0 > security.jail.param.path: 1024 > security.jail.param.name: 256 > security.jail.param.parent: 0 > security.jail.param.jid: 0 > security.jail.enforce_statfs: 2 > security.jail.mount_allowed: 0 > security.jail.chflags_allowed: 1 > security.jail.allow_raw_sockets: 1 > security.jail.sysvipc_allowed: 1 > security.jail.socket_unixiproute_only: 1 > security.jail.set_hostname_allowed: 1 > security.jail.jail_max_af_ips: 255 > security.jail.jailed: 0 > > mars@wasp:~% uname -a > FreeBSD wasp.spry.lan 8.4-RELEASE-p4 FreeBSD 8.4-RELEASE-p4 #0: Sun Oct > 20 16:37:42 PHT 2013 root@XXX:/usr/obj/usr/src/sys/WASP amd64 > mars@wasp:~% > > On an 8.3R-p11 machine it works fine. > > Problem ? > >
Hi, Jails now have their own per-jail properties, so allow.raw_sockets needs to be passed as a parameter upon jail creation (or alternatively can be set by modifying an already running jail). Please refer to jail(8) manpage for further details. Regards, Jase. -- Jase Thew j...@freebsd.org FreeBSD Ports Committer
signature.asc
Description: OpenPGP digital signature
