Re: Configuring network without ezjail

2015-12-12 Thread James Gritton

On 2015-12-11 18:50, marcel wrote:

No I don't get to have an IP address... Yet I have writed this in my
host's rc.conf:

jail_enable="YES"
jail_list="thename"
jail_guantanamo_rootdir="thepath"
jail_guantanamo_hostname="thename"
jail_guantanamo_ip="192.168.0.12"

and I use the command:

jail thepath thename 192.168.0.12 /bin/csh

to connect to my jail...


Is the jail even created?  You show jail_name as "thename", but the jail 
config variables are jail_quantanamo_*.  So when you say "thename" do 
you really mean quantanamo?  Because if you don't, then the jail won't 
get configured at startup.


The command you're using to connect to the jail is actually a command 
that creates a jail.  That's probably not what you want, as that jail is 
likely to disappear again after you exit from it.  You should be using 
jexec(8), assuming your jail has been properly created in the first 
place.


Now to the IP address: is your entire box behind some gateway, where it 
uses a 192.168 address?  If it isn't, you'll need more than to just 
declare such an address - you'll need a jail with vnet, which is rather 
more complex.  But if it is, then the question becomes: is 192.168.0.12 
the host address, i.e. are you creating a jail that shares the host 
address?  If you are it should work, but most jails aren't done this 
way.


Specifying a jail's IP address only tell which of the host's existing 
addresses to use.  If that address isn't already set up, it won't be 
used - unless you tell it to.  If you're still using the rc.conf-based 
jail specification, you can set jail_interface (or 
jail_quantanamo_interface) to the name of the network interface where 
the host's main IP address lives (e.g. "em0" or somesuch).  Such a 
config line is likely all you need.


- Jamie
___
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"


OSS in jail

2015-12-12 Thread Luís Fernando Schultz Xavier da Silveira
Hi,

I would like one of my jails to have the ability to play back sound,
but not to record it. As I understand, sound is played back by writing
to /dev/dsp and recorded by reading from it. Hence, placing the /dev/dsp
device (and /dev/dsp[0-9]* devices) in the jail via devfs.rules is not
a solution since the jail superuser can override permissions on these
devices and even read from them when they lack read permission.

Is there a way to give a device to a jail in write-only mode?
If not, is it possible to create a virtual OSS stack and give that to
the jail?
How would you solve this problem?

Also, is it possible to give the jail a mixer device that can only read
mixer settings but not alter them?

Thanks,
Luís


___
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"

Re: Configuring network without ezjail

2015-12-12 Thread marcel


On 12/12/2015 02:59, Michael B. Eichorn wrote:
> On Fri, 2015-12-11 at 21:44 -0500, Michael B. Eichorn wrote:
>> On Sat, 2015-12-12 at 02:08 +, marcel wrote:
>>> ... and I think I have enabling gateway, I wrote thins in both of
>>> my
>>> rc.conf (jail and host):
>>>
>>> gateway_enable="YES"
>>>
>>> Is it correct ?
>> You only need gateway_enable if you are doing routing, it is not
>> necessary for a typical jail setup. Most of the time you are just
>> adding an alias to the host's nic.
OK so if I want to my jail can access to internet I have to do routing,
right ?
>>> But I don't think I have DNS problems, my host correctly access to
>>> the
>>> internet and the resolv.conf of my jail and my host are same...
>>>
>>> On 12/12/2015 01:50, marcel wrote:
 No I don't get to have an IP address... Yet I have writed this in
 my
 host's rc.conf:

 jail_enable="YES"
 jail_list="thename"
 jail_guantanamo_rootdir="thepath"
 jail_guantanamo_hostname="thename"
 jail_guantanamo_ip="192.168.0.12"

 and I use the command:

 jail thepath thename 192.168.0.12 /bin/csh

 to connect to my jail...

 On 11/12/2015 23:31, Dirk Engling wrote:
> On 12.12.15 01:19, marcel wrote:
>
>> I would like to know if it is possible to configure a jail's
>> network for
>> accessing to the World Wide Web but without ezjail ?
>> I have created my jail without ezjail (mkdir jail, make
>> installworld,
>> etc...) and I would like to continue without it if it's
>> possible...
> Sure, why doesn't it connect to the net? Does it have a RFC1918
> IP? If
> so, you need to enable NAT. If not, did you enable gatewaying?
> Maybe you
> just have DNS problems, so is your resolv.conf set up properly?
>
> Without knowing what exactly is not working, I can not help
> you.
>
>   erdgeist
>> I think you found some old instructions, assuming a 10.x system here
>> is
>> the boilerplate for a typical jail:
>>
>> rc.conf:
>>
>>   jail_enable="YES"
>>
>> jail.conf:
>>
>>   interface = re0;
>>   mount.devfs;
>>   exec.start = "/bin/sh /etc/rc";
>>   exec.stop = "/bin/sh /etc/rc.shutdown";
>>
>>   thenameofthejail {
>> host.hostname = host.domain.tld;
>>  path = /the/path/to/the/jail
>> ip4.addr = 192.168.0.12;
>>   }
>>
>> and start it up with
>>
>> # jail -c thenameofthejail
>>
>> And another handy tip you can avoid building a jail with make by
>> extacting the base.txz file found in places like the install media
>> into
>> the jail directory
OK, so my jail.conf look like your jail.conf and when I type jls my jail
have the IP 192.168.0.12 but when I type ifconfig in my jail I have no ip...
> Oh and before I forget, the trickiest thing for me moving from ezjail
> to jail was updating. Assuming your jails are complete base systems and
> that you would like to use binary updates with freebsd-update, and you
> have completely sparated jails without any funny tricks to save space,
> here is Ike's simple jail update guide:
>
> edit the jail's freebsd-update.conf and change
>
> Components src world kernel
> -to-
> Components world
>
> then run freebsd-update like so:
>
> # freebsd-update -b /usr/jails/jaildir \
>   -f usr/jails/jaildir/etc/freebsd-update.conf \
>   -d /usr/jails/jaildir/var/db/freebsd-update fetch
> # freebsd-update -b /usr/jails/jaildir \
>   -f /usr/jails/jaildir/etc/freebsd-update.conf \
>   -d /usr/jails/jaildir/var/db/freebsd-update install
>
> Using the -f flag keeps the jail from using the host config since jails
> cannot update kernels anyway. And -d keeps jails and hosts from
> trampling each other which is nice if you want to do more than one at a
> time, or if you use freebsd-update cron.
Thanks for tip !
___
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"


Re: Configuring network without ezjail

2015-12-12 Thread marcel


On 12/12/2015 18:10, James Gritton wrote:
> On 2015-12-11 18:50, marcel wrote:
>> No I don't get to have an IP address... Yet I have writed this in my
>> host's rc.conf:
>>
>> jail_enable="YES"
>> jail_list="thename"
>> jail_guantanamo_rootdir="thepath"
>> jail_guantanamo_hostname="thename"
>> jail_guantanamo_ip="192.168.0.12"
>>
>> and I use the command:
>>
>> jail thepath thename 192.168.0.12 /bin/csh
>>
>> to connect to my jail...
>
> Is the jail even created?  You show jail_name as "thename", but the
> jail config variables are jail_quantanamo_*.  So when you say
> "thename" do you really mean quantanamo?  Because if you don't, then
> the jail won't get configured at startup.
>
> The command you're using to connect to the jail is actually a command
> that creates a jail.  That's probably not what you want, as that jail
> is likely to disappear again after you exit from it.  You should be
> using jexec(8), assuming your jail has been properly created in the
> first place.
>
> Now to the IP address: is your entire box behind some gateway, where
> it uses a 192.168 address?  If it isn't, you'll need more than to just
> declare such an address - you'll need a jail with vnet, which is
> rather more complex.  But if it is, then the question becomes: is
> 192.168.0.12 the host address, i.e. are you creating a jail that
> shares the host address?  If you are it should work, but most jails
> aren't done this way.
>
> Specifying a jail's IP address only tell which of the host's existing
> addresses to use.  If that address isn't already set up, it won't be
> used - unless you tell it to.  If you're still using the rc.conf-based
> jail specification, you can set jail_interface (or
> jail_quantanamo_interface) to the name of the network interface where
> the host's main IP address lives (e.g. "em0" or somesuch).  Such a
> config line is likely all you need.
>
> - Jamie
Yes, the jail is created with the make installworld, make distribution,
jail -c , etc method and I launch it with jail -c guantanamo and connect
to it with jexec id shell.

Yes, sorry I have badly explained so jail_name="thename", thename is
guantanamo.

My host is behind a router that provide me an internet access yes and
yes 192.168.0.12 is my host ip so yes my jail share the host address.
jls command show me this address but ifconfig command (in my jail) show
me no address...

I've read that in my case I've just need of jail_enable="YES" in my
rc.conf... I will add with most of jail_guantanamo* variable and test...
___
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"


Re: Configuring network without ezjail

2015-12-12 Thread James Gritton

On 2015-12-12 23:18, marcel wrote:

On 12/12/2015 18:10, James Gritton wrote:

On 2015-12-11 18:50, marcel wrote:

No I don't get to have an IP address... Yet I have writed this in my
host's rc.conf:

jail_enable="YES"
jail_list="thename"
jail_guantanamo_rootdir="thepath"
jail_guantanamo_hostname="thename"
jail_guantanamo_ip="192.168.0.12"

and I use the command:

jail thepath thename 192.168.0.12 /bin/csh

to connect to my jail...


Is the jail even created?  You show jail_name as "thename", but the
jail config variables are jail_quantanamo_*.  So when you say
"thename" do you really mean quantanamo?  Because if you don't, then
the jail won't get configured at startup.

The command you're using to connect to the jail is actually a command
that creates a jail.  That's probably not what you want, as that jail
is likely to disappear again after you exit from it.  You should be
using jexec(8), assuming your jail has been properly created in the
first place.

Now to the IP address: is your entire box behind some gateway, where
it uses a 192.168 address?  If it isn't, you'll need more than to just
declare such an address - you'll need a jail with vnet, which is
rather more complex.  But if it is, then the question becomes: is
192.168.0.12 the host address, i.e. are you creating a jail that
shares the host address?  If you are it should work, but most jails
aren't done this way.

Specifying a jail's IP address only tell which of the host's existing
addresses to use.  If that address isn't already set up, it won't be
used - unless you tell it to.  If you're still using the rc.conf-based
jail specification, you can set jail_interface (or
jail_quantanamo_interface) to the name of the network interface where
the host's main IP address lives (e.g. "em0" or somesuch).  Such a
config line is likely all you need.

- Jamie

Yes, the jail is created with the make installworld, make distribution,
jail -c , etc method and I launch it with jail -c guantanamo and 
connect

to it with jexec id shell.

Yes, sorry I have badly explained so jail_name="thename", thename is
guantanamo.

My host is behind a router that provide me an internet access yes and
yes 192.168.0.12 is my host ip so yes my jail share the host address.
jls command show me this address but ifconfig command (in my jail) show
me no address...

I've read that in my case I've just need of jail_enable="YES" in my
rc.conf... I will add with most of jail_guantanamo* variable and 
test...


If 192.168.0.12 is your host IP, try creating the jail without IP 
address restrictions.  I don't think you can do that with with the old 
rc.conf-based specification, but with a jail.conf file (or from a 
command line), you just add "ip4=inherit" and don't mention an 
ip4.address at all.  That will create a jail that has access to all of 
the host IP addresses.


- Jamie
___
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"


Re: Configuring network without ezjail

2015-12-12 Thread Sami Halabi
hi,
I think you need to configure the ip in the host first kater it'll be seen
in the jail.

using rf 1918 addreses means you need NAT  in your router to have  access
the internet.
rather than that using the term 'routing' is incorrecg unless you have
multiple hops to get the packets to the router.

Sami
בתאריך 13 בדצמ׳ 2015 6:45 AM,‏ "marcel"  כתב:

>
>
> On 12/12/2015 02:59, Michael B. Eichorn wrote:
> > On Fri, 2015-12-11 at 21:44 -0500, Michael B. Eichorn wrote:
> >> On Sat, 2015-12-12 at 02:08 +, marcel wrote:
> >>> ... and I think I have enabling gateway, I wrote thins in both of
> >>> my
> >>> rc.conf (jail and host):
> >>>
> >>> gateway_enable="YES"
> >>>
> >>> Is it correct ?
> >> You only need gateway_enable if you are doing routing, it is not
> >> necessary for a typical jail setup. Most of the time you are just
> >> adding an alias to the host's nic.
> OK so if I want to my jail can access to internet I have to do routing,
> right ?
> >>> But I don't think I have DNS problems, my host correctly access to
> >>> the
> >>> internet and the resolv.conf of my jail and my host are same...
> >>>
> >>> On 12/12/2015 01:50, marcel wrote:
>  No I don't get to have an IP address... Yet I have writed this in
>  my
>  host's rc.conf:
> 
>  jail_enable="YES"
>  jail_list="thename"
>  jail_guantanamo_rootdir="thepath"
>  jail_guantanamo_hostname="thename"
>  jail_guantanamo_ip="192.168.0.12"
> 
>  and I use the command:
> 
>  jail thepath thename 192.168.0.12 /bin/csh
> 
>  to connect to my jail...
> 
>  On 11/12/2015 23:31, Dirk Engling wrote:
> > On 12.12.15 01:19, marcel wrote:
> >
> >> I would like to know if it is possible to configure a jail's
> >> network for
> >> accessing to the World Wide Web but without ezjail ?
> >> I have created my jail without ezjail (mkdir jail, make
> >> installworld,
> >> etc...) and I would like to continue without it if it's
> >> possible...
> > Sure, why doesn't it connect to the net? Does it have a RFC1918
> > IP? If
> > so, you need to enable NAT. If not, did you enable gatewaying?
> > Maybe you
> > just have DNS problems, so is your resolv.conf set up properly?
> >
> > Without knowing what exactly is not working, I can not help
> > you.
> >
> >   erdgeist
> >> I think you found some old instructions, assuming a 10.x system here
> >> is
> >> the boilerplate for a typical jail:
> >>
> >> rc.conf:
> >>
> >>   jail_enable="YES"
> >>
> >> jail.conf:
> >>
> >>   interface = re0;
> >>   mount.devfs;
> >>   exec.start = "/bin/sh /etc/rc";
> >>   exec.stop = "/bin/sh /etc/rc.shutdown";
> >>
> >>   thenameofthejail {
> >> host.hostname = host.domain.tld;
> >>  path = /the/path/to/the/jail
> >> ip4.addr = 192.168.0.12;
> >>   }
> >>
> >> and start it up with
> >>
> >> # jail -c thenameofthejail
> >>
> >> And another handy tip you can avoid building a jail with make by
> >> extacting the base.txz file found in places like the install media
> >> into
> >> the jail directory
> OK, so my jail.conf look like your jail.conf and when I type jls my jail
> have the IP 192.168.0.12 but when I type ifconfig in my jail I have no
> ip...
> > Oh and before I forget, the trickiest thing for me moving from ezjail
> > to jail was updating. Assuming your jails are complete base systems and
> > that you would like to use binary updates with freebsd-update, and you
> > have completely sparated jails without any funny tricks to save space,
> > here is Ike's simple jail update guide:
> >
> > edit the jail's freebsd-update.conf and change
> >
> > Components src world kernel
> > -to-
> > Components world
> >
> > then run freebsd-update like so:
> >
> > # freebsd-update -b /usr/jails/jaildir \
> >   -f usr/jails/jaildir/etc/freebsd-update.conf \
> >   -d /usr/jails/jaildir/var/db/freebsd-update fetch
> > # freebsd-update -b /usr/jails/jaildir \
> >   -f /usr/jails/jaildir/etc/freebsd-update.conf \
> >   -d /usr/jails/jaildir/var/db/freebsd-update install
> >
> > Using the -f flag keeps the jail from using the host config since jails
> > cannot update kernels anyway. And -d keeps jails and hosts from
> > trampling each other which is nice if you want to do more than one at a
> > time, or if you use freebsd-update cron.
> Thanks for tip !
> ___
> freebsd-jail@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
>
___
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"