Re: Configuring network without ezjail
On 2015-12-11 18:50, marcel wrote: No I don't get to have an IP address... Yet I have writed this in my host's rc.conf: jail_enable="YES" jail_list="thename" jail_guantanamo_rootdir="thepath" jail_guantanamo_hostname="thename" jail_guantanamo_ip="192.168.0.12" and I use the command: jail thepath thename 192.168.0.12 /bin/csh to connect to my jail... Is the jail even created? You show jail_name as "thename", but the jail config variables are jail_quantanamo_*. So when you say "thename" do you really mean quantanamo? Because if you don't, then the jail won't get configured at startup. The command you're using to connect to the jail is actually a command that creates a jail. That's probably not what you want, as that jail is likely to disappear again after you exit from it. You should be using jexec(8), assuming your jail has been properly created in the first place. Now to the IP address: is your entire box behind some gateway, where it uses a 192.168 address? If it isn't, you'll need more than to just declare such an address - you'll need a jail with vnet, which is rather more complex. But if it is, then the question becomes: is 192.168.0.12 the host address, i.e. are you creating a jail that shares the host address? If you are it should work, but most jails aren't done this way. Specifying a jail's IP address only tell which of the host's existing addresses to use. If that address isn't already set up, it won't be used - unless you tell it to. If you're still using the rc.conf-based jail specification, you can set jail_interface (or jail_quantanamo_interface) to the name of the network interface where the host's main IP address lives (e.g. "em0" or somesuch). Such a config line is likely all you need. - Jamie ___ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
OSS in jail
Hi, I would like one of my jails to have the ability to play back sound, but not to record it. As I understand, sound is played back by writing to /dev/dsp and recorded by reading from it. Hence, placing the /dev/dsp device (and /dev/dsp[0-9]* devices) in the jail via devfs.rules is not a solution since the jail superuser can override permissions on these devices and even read from them when they lack read permission. Is there a way to give a device to a jail in write-only mode? If not, is it possible to create a virtual OSS stack and give that to the jail? How would you solve this problem? Also, is it possible to give the jail a mixer device that can only read mixer settings but not alter them? Thanks, Luís ___ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: Configuring network without ezjail
On 12/12/2015 02:59, Michael B. Eichorn wrote: > On Fri, 2015-12-11 at 21:44 -0500, Michael B. Eichorn wrote: >> On Sat, 2015-12-12 at 02:08 +, marcel wrote: >>> ... and I think I have enabling gateway, I wrote thins in both of >>> my >>> rc.conf (jail and host): >>> >>> gateway_enable="YES" >>> >>> Is it correct ? >> You only need gateway_enable if you are doing routing, it is not >> necessary for a typical jail setup. Most of the time you are just >> adding an alias to the host's nic. OK so if I want to my jail can access to internet I have to do routing, right ? >>> But I don't think I have DNS problems, my host correctly access to >>> the >>> internet and the resolv.conf of my jail and my host are same... >>> >>> On 12/12/2015 01:50, marcel wrote: No I don't get to have an IP address... Yet I have writed this in my host's rc.conf: jail_enable="YES" jail_list="thename" jail_guantanamo_rootdir="thepath" jail_guantanamo_hostname="thename" jail_guantanamo_ip="192.168.0.12" and I use the command: jail thepath thename 192.168.0.12 /bin/csh to connect to my jail... On 11/12/2015 23:31, Dirk Engling wrote: > On 12.12.15 01:19, marcel wrote: > >> I would like to know if it is possible to configure a jail's >> network for >> accessing to the World Wide Web but without ezjail ? >> I have created my jail without ezjail (mkdir jail, make >> installworld, >> etc...) and I would like to continue without it if it's >> possible... > Sure, why doesn't it connect to the net? Does it have a RFC1918 > IP? If > so, you need to enable NAT. If not, did you enable gatewaying? > Maybe you > just have DNS problems, so is your resolv.conf set up properly? > > Without knowing what exactly is not working, I can not help > you. > > erdgeist >> I think you found some old instructions, assuming a 10.x system here >> is >> the boilerplate for a typical jail: >> >> rc.conf: >> >> jail_enable="YES" >> >> jail.conf: >> >> interface = re0; >> mount.devfs; >> exec.start = "/bin/sh /etc/rc"; >> exec.stop = "/bin/sh /etc/rc.shutdown"; >> >> thenameofthejail { >> host.hostname = host.domain.tld; >> path = /the/path/to/the/jail >> ip4.addr = 192.168.0.12; >> } >> >> and start it up with >> >> # jail -c thenameofthejail >> >> And another handy tip you can avoid building a jail with make by >> extacting the base.txz file found in places like the install media >> into >> the jail directory OK, so my jail.conf look like your jail.conf and when I type jls my jail have the IP 192.168.0.12 but when I type ifconfig in my jail I have no ip... > Oh and before I forget, the trickiest thing for me moving from ezjail > to jail was updating. Assuming your jails are complete base systems and > that you would like to use binary updates with freebsd-update, and you > have completely sparated jails without any funny tricks to save space, > here is Ike's simple jail update guide: > > edit the jail's freebsd-update.conf and change > > Components src world kernel > -to- > Components world > > then run freebsd-update like so: > > # freebsd-update -b /usr/jails/jaildir \ > -f usr/jails/jaildir/etc/freebsd-update.conf \ > -d /usr/jails/jaildir/var/db/freebsd-update fetch > # freebsd-update -b /usr/jails/jaildir \ > -f /usr/jails/jaildir/etc/freebsd-update.conf \ > -d /usr/jails/jaildir/var/db/freebsd-update install > > Using the -f flag keeps the jail from using the host config since jails > cannot update kernels anyway. And -d keeps jails and hosts from > trampling each other which is nice if you want to do more than one at a > time, or if you use freebsd-update cron. Thanks for tip ! ___ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: Configuring network without ezjail
On 12/12/2015 18:10, James Gritton wrote: > On 2015-12-11 18:50, marcel wrote: >> No I don't get to have an IP address... Yet I have writed this in my >> host's rc.conf: >> >> jail_enable="YES" >> jail_list="thename" >> jail_guantanamo_rootdir="thepath" >> jail_guantanamo_hostname="thename" >> jail_guantanamo_ip="192.168.0.12" >> >> and I use the command: >> >> jail thepath thename 192.168.0.12 /bin/csh >> >> to connect to my jail... > > Is the jail even created? You show jail_name as "thename", but the > jail config variables are jail_quantanamo_*. So when you say > "thename" do you really mean quantanamo? Because if you don't, then > the jail won't get configured at startup. > > The command you're using to connect to the jail is actually a command > that creates a jail. That's probably not what you want, as that jail > is likely to disappear again after you exit from it. You should be > using jexec(8), assuming your jail has been properly created in the > first place. > > Now to the IP address: is your entire box behind some gateway, where > it uses a 192.168 address? If it isn't, you'll need more than to just > declare such an address - you'll need a jail with vnet, which is > rather more complex. But if it is, then the question becomes: is > 192.168.0.12 the host address, i.e. are you creating a jail that > shares the host address? If you are it should work, but most jails > aren't done this way. > > Specifying a jail's IP address only tell which of the host's existing > addresses to use. If that address isn't already set up, it won't be > used - unless you tell it to. If you're still using the rc.conf-based > jail specification, you can set jail_interface (or > jail_quantanamo_interface) to the name of the network interface where > the host's main IP address lives (e.g. "em0" or somesuch). Such a > config line is likely all you need. > > - Jamie Yes, the jail is created with the make installworld, make distribution, jail -c , etc method and I launch it with jail -c guantanamo and connect to it with jexec id shell. Yes, sorry I have badly explained so jail_name="thename", thename is guantanamo. My host is behind a router that provide me an internet access yes and yes 192.168.0.12 is my host ip so yes my jail share the host address. jls command show me this address but ifconfig command (in my jail) show me no address... I've read that in my case I've just need of jail_enable="YES" in my rc.conf... I will add with most of jail_guantanamo* variable and test... ___ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: Configuring network without ezjail
On 2015-12-12 23:18, marcel wrote: On 12/12/2015 18:10, James Gritton wrote: On 2015-12-11 18:50, marcel wrote: No I don't get to have an IP address... Yet I have writed this in my host's rc.conf: jail_enable="YES" jail_list="thename" jail_guantanamo_rootdir="thepath" jail_guantanamo_hostname="thename" jail_guantanamo_ip="192.168.0.12" and I use the command: jail thepath thename 192.168.0.12 /bin/csh to connect to my jail... Is the jail even created? You show jail_name as "thename", but the jail config variables are jail_quantanamo_*. So when you say "thename" do you really mean quantanamo? Because if you don't, then the jail won't get configured at startup. The command you're using to connect to the jail is actually a command that creates a jail. That's probably not what you want, as that jail is likely to disappear again after you exit from it. You should be using jexec(8), assuming your jail has been properly created in the first place. Now to the IP address: is your entire box behind some gateway, where it uses a 192.168 address? If it isn't, you'll need more than to just declare such an address - you'll need a jail with vnet, which is rather more complex. But if it is, then the question becomes: is 192.168.0.12 the host address, i.e. are you creating a jail that shares the host address? If you are it should work, but most jails aren't done this way. Specifying a jail's IP address only tell which of the host's existing addresses to use. If that address isn't already set up, it won't be used - unless you tell it to. If you're still using the rc.conf-based jail specification, you can set jail_interface (or jail_quantanamo_interface) to the name of the network interface where the host's main IP address lives (e.g. "em0" or somesuch). Such a config line is likely all you need. - Jamie Yes, the jail is created with the make installworld, make distribution, jail -c , etc method and I launch it with jail -c guantanamo and connect to it with jexec id shell. Yes, sorry I have badly explained so jail_name="thename", thename is guantanamo. My host is behind a router that provide me an internet access yes and yes 192.168.0.12 is my host ip so yes my jail share the host address. jls command show me this address but ifconfig command (in my jail) show me no address... I've read that in my case I've just need of jail_enable="YES" in my rc.conf... I will add with most of jail_guantanamo* variable and test... If 192.168.0.12 is your host IP, try creating the jail without IP address restrictions. I don't think you can do that with with the old rc.conf-based specification, but with a jail.conf file (or from a command line), you just add "ip4=inherit" and don't mention an ip4.address at all. That will create a jail that has access to all of the host IP addresses. - Jamie ___ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: Configuring network without ezjail
hi, I think you need to configure the ip in the host first kater it'll be seen in the jail. using rf 1918 addreses means you need NAT in your router to have access the internet. rather than that using the term 'routing' is incorrecg unless you have multiple hops to get the packets to the router. Sami בתאריך 13 בדצמ׳ 2015 6:45 AM, "marcel" כתב: > > > On 12/12/2015 02:59, Michael B. Eichorn wrote: > > On Fri, 2015-12-11 at 21:44 -0500, Michael B. Eichorn wrote: > >> On Sat, 2015-12-12 at 02:08 +, marcel wrote: > >>> ... and I think I have enabling gateway, I wrote thins in both of > >>> my > >>> rc.conf (jail and host): > >>> > >>> gateway_enable="YES" > >>> > >>> Is it correct ? > >> You only need gateway_enable if you are doing routing, it is not > >> necessary for a typical jail setup. Most of the time you are just > >> adding an alias to the host's nic. > OK so if I want to my jail can access to internet I have to do routing, > right ? > >>> But I don't think I have DNS problems, my host correctly access to > >>> the > >>> internet and the resolv.conf of my jail and my host are same... > >>> > >>> On 12/12/2015 01:50, marcel wrote: > No I don't get to have an IP address... Yet I have writed this in > my > host's rc.conf: > > jail_enable="YES" > jail_list="thename" > jail_guantanamo_rootdir="thepath" > jail_guantanamo_hostname="thename" > jail_guantanamo_ip="192.168.0.12" > > and I use the command: > > jail thepath thename 192.168.0.12 /bin/csh > > to connect to my jail... > > On 11/12/2015 23:31, Dirk Engling wrote: > > On 12.12.15 01:19, marcel wrote: > > > >> I would like to know if it is possible to configure a jail's > >> network for > >> accessing to the World Wide Web but without ezjail ? > >> I have created my jail without ezjail (mkdir jail, make > >> installworld, > >> etc...) and I would like to continue without it if it's > >> possible... > > Sure, why doesn't it connect to the net? Does it have a RFC1918 > > IP? If > > so, you need to enable NAT. If not, did you enable gatewaying? > > Maybe you > > just have DNS problems, so is your resolv.conf set up properly? > > > > Without knowing what exactly is not working, I can not help > > you. > > > > erdgeist > >> I think you found some old instructions, assuming a 10.x system here > >> is > >> the boilerplate for a typical jail: > >> > >> rc.conf: > >> > >> jail_enable="YES" > >> > >> jail.conf: > >> > >> interface = re0; > >> mount.devfs; > >> exec.start = "/bin/sh /etc/rc"; > >> exec.stop = "/bin/sh /etc/rc.shutdown"; > >> > >> thenameofthejail { > >> host.hostname = host.domain.tld; > >> path = /the/path/to/the/jail > >> ip4.addr = 192.168.0.12; > >> } > >> > >> and start it up with > >> > >> # jail -c thenameofthejail > >> > >> And another handy tip you can avoid building a jail with make by > >> extacting the base.txz file found in places like the install media > >> into > >> the jail directory > OK, so my jail.conf look like your jail.conf and when I type jls my jail > have the IP 192.168.0.12 but when I type ifconfig in my jail I have no > ip... > > Oh and before I forget, the trickiest thing for me moving from ezjail > > to jail was updating. Assuming your jails are complete base systems and > > that you would like to use binary updates with freebsd-update, and you > > have completely sparated jails without any funny tricks to save space, > > here is Ike's simple jail update guide: > > > > edit the jail's freebsd-update.conf and change > > > > Components src world kernel > > -to- > > Components world > > > > then run freebsd-update like so: > > > > # freebsd-update -b /usr/jails/jaildir \ > > -f usr/jails/jaildir/etc/freebsd-update.conf \ > > -d /usr/jails/jaildir/var/db/freebsd-update fetch > > # freebsd-update -b /usr/jails/jaildir \ > > -f /usr/jails/jaildir/etc/freebsd-update.conf \ > > -d /usr/jails/jaildir/var/db/freebsd-update install > > > > Using the -f flag keeps the jail from using the host config since jails > > cannot update kernels anyway. And -d keeps jails and hosts from > > trampling each other which is nice if you want to do more than one at a > > time, or if you use freebsd-update cron. > Thanks for tip ! > ___ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org" > ___ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"