Does the base system have security.jail.allow_raw_sockets=1? You need to
have that, or set the jail's allow.raw_sockets. You can't set the jail's
permissions from within the jail itself. If you have multiple jail
levels, then both jails need to allow raw sockets - a jail can't allow a
child jail t
One other thing that is odd: hierarchical jails don't seem to inherit some
sysctls such as allow_raw_socket.
In the host (jail), rc.conf has jail_set_allow_raw_sockets="YES" and
sysctl.conf has "security.jail.allow_raw_sockets=1", but no child jail can
ping out:
neko# ping google.com
ping: socket:
The sysctls not only don't get written to, they don't have any useful
information to read either. They only describe the existence and format
of the various jail parameters. Sorry, but there;s no way to set a
default children.max parameter or inherit it from the parent. We've
decided to set the de
Thanks, that worked for me.
* Using jail to change children.max on the parent does not affect
`sysctl security.jail.param.children.max` in the child. Also
security.jail.param.children.cur never changes either. Not sure if that's
intended behavior.
* Is there any way to persist the security.jail.pa
On Mon, 28 Sep 2009, Edwin Shao wrote:
Hi Jamie,
When I try to change the parameter, nothing happens:
rescue /etc> sudo sysctl security.jail.param.children.max=1
security.jail.param.children.max: 0 -> 0
rescue /etc> sudo sysctl security.jail.param.children.max
security.jail.param.children.max:
Edwin Shao wrote:
When I try to change the parameter, nothing happens:
rescue /etc> sudo sysctl security.jail.param.children.max=1
security.jail.param.children.max: 0 -> 0
rescue /etc> sudo sysctl security.jail.param.children.max
security.jail.param.children.max: 0
Am I doing this incorrectly?
Hi Jamie,
When I try to change the parameter, nothing happens:
rescue /etc> sudo sysctl security.jail.param.children.max=1
security.jail.param.children.max: 0 -> 0
rescue /etc> sudo sysctl security.jail.param.children.max
security.jail.param.children.max: 0
Am I doing this incorrectly?
Thanks,
E
Edwin Shao wrote:
Hello,
Does anyone have a walkthrough for how to get hierarchical jails to work?
I've been playing around with it for a couple of days and it simply is not
working. I would like to know if anyone has gotten it to work, and if so,
how?
The error I tend to get within a jail (star
Hello,
Does anyone have a walkthrough for how to get hierarchical jails to work?
I've been playing around with it for a couple of days and it simply is not
working. I would like to know if anyone has gotten it to work, and if so,
how?
The error I tend to get within a jail (starting another child j
Note: to view an individual PR, use:
http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).
The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.
S Tracker
10 matches
Mail list logo
