Am 27.11.2015 um 08:54 schrieb "Carsten Bäcker":
Sorry... something's wrong with GMX webmailer. Secont time this
happens.
Hi Hackers,
i'm running into problems creating hierarchical jails.
First of all: this is my first try with *hierarchical* jails (in favor
of creating a bunch of VMs for software-testing).
I aliased lo0 with 127.0.1.1 - 127.0.1.3
--- HOST jail.conf ---
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
persist;
allow.socket_af=1;
allow.raw_sockets=1;
path = "/usr/local/jails/$name";
mount.fstab = "/usr/local/jails/fstab.$name";
core {
host.hostname="jail_core";
children.max=2;
ip4.addr =
ue0|192.168.42.90,lo0|127.0.1.1,lo0|127.0.1.2,lo0|127.0.1.3;
}
--- "jail_core" jail.conf ---
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
persist;
path = "/usr/local/jails/$name";
mount.fstab = "/usr/local/jails/fstab.$name";
dev1 {
host.hostname="jail_dev1";
ip4.addr = lo0|127.0.1.1;
}
jail_core starts up fine, but "children.max" seems to have no effect
when checked within the jail.
root@jail_core:/ # sysctl security.jail.param.children
security.jail.param.children.max: 0
security.jail.param.children.cur: 0
I'm not sure if this is related to the following problem, but when i
try to create a child-jail in this jailed environment i run into the
following error.
root@jail_core:/ # jail -c dev1
ifconfig: ioctl (SIOCAIFADDR): permission denied
jail: dev1: /sbin/ifconfig lo0 inet 127.0.1.1 netmask 255.255.255.255
alias: failed
What am i doing wrong? Any suggestions?
Unfortunately i didn't find too much information concerning
hierarchical jails.
Running CURRENT -r290973.
Best Regards
Carsten Bäcker
The trouble likes in dev1's ip4.addr specification. "lo0|127.0.1.1"
means that the IP address is 127.0.1.1, and that an alias should be
added on the interface lo0. But dev1 doesn't have permission to add
IP aliases, which is where the "alias: failed" message comes from.
The solution is easy in this case: you've already planned ahead and
created the alias in core (as you should have), so it doesn't need to
be created again. Just change dev1's specification to "ip4.addr =
127.0.1.1".
- Jamie
_______________________________________________
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
