Hi,
On 19/01/12 00:59, Denny Schierz wrote:
> =======================================
>
> # host:
> jexec 2 ifconfig epair0b 192.168.1.2 netmask 255.255.255.0 up
> ifconfig: up: permission denied
I use 9.0.0 release for host and jail and a generic kernel with OPTIONS
VIMAGE being the only change/addition.
No problem.
>
>
> # sysctl:
>
> security.jail.enforce_statfs: 2
> security.jail.mount_allowed: 0
> security.jail.chflags_allowed: 0
> security.jail.allow_raw_sockets: 1
> security.jail.sysvipc_allowed: 1
security.jail.allow_raw_sockets: 0
security.jail.sysvipc_allowed: 0
> security.jail.socket_unixiproute_only: 1
> security.jail.set_hostname_allowed: 1
> security.jail.jail_max_af_ips: 255
> security.jail.jailed: 0
>
> /etc/rc.conf:
> =============================
> jail_enable="YES"
> jail_v2_enable="YES"
> jail_list=""
> jail_sysvipc_allow="YES"
I don't have this line, not sure what it does either.
>
> #JAIL template
> jail_list="$jail_list template"
> jail_template_name="template"
> jail_template_hostname="template.CHANGED"
> jail_template_devfs_enable="YES"
> jail_template_rootdir="/jails/template"
> jail_template_mount_enable="YES"
> jail_template_fstab="/etc/jails/fstabs/template"
> jail_template_vnet_enable="YES"
> jail_template_devfs_ruleset="devfsrules_jail"
>
> #network
> jail_template_exec_prestart0="ifconfig epair0 create"
> jail_template_exec_prestart1="ifconfig bridge0 addm epair0a"
> jail_template_exec_prestart2="ifconfig epair0a up"
> jail_template_exec_earlypoststart0="ifconfig epair0b vnet template"
> jail_template_exec_afterstart0="ifconfig lo0 127.0.0.1"
> jail_template_exec_afterstart1="ifconfig epair0b 192.168.1.2 netmask
> 255.255.255.0 up"
> jail_template_exec_afterstart2="route add default 130.83.160.62"
> jail_template_exec_afterstart3="/bin/sh /etc/rc"
^^^^^^^^^^^^^^^
The initscript runs /etc/rc already when the jail is created, this makes
it run a second time which messed things up for me.
When the initscript runs /etc/rc, all the scripts with NOJAIL are
skipped. For some reason, when running /etc/rc a second time through
this configuration, some daemons like cron were started a second time.
I now execute a custom /etc/rc.jail which runs a few init scripts
manually to configure networking and start a few daemons that don't come
up with the original run of /etc/rc.
> jail_template_exec_poststop0="ifconfig bridge0 deletem epair0a"
> jail_template_exec_poststop1="ifconfig epair0a destroy"
I am not doing this, because shortly after stopping a jail this would
give me a kernel panic.
If you comment those lines, the devices will stay where they are and
simply be re-used the next time you start the jail again. Works without
a problem for me.
Regards
Philipp
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
