On a jail created with ezjail on 10-STABLE, mergemaster is not actually
ignoring files set with IGNORE_FILES in the jail's /etc/mergemaster.rc.
For example:
/usr/jails/whatsit/etc/mergemaster.rc
IGNORE_FILES="/boot/device.hints"
From the host:
# cd /usr/src ; mergemaster -U -D /usr/j
A couple of patches to make mergemaster work better with ezjails.
These are only very superficially tested. Feedback welcome.
1. If /etc/mergemaster.rc exists in the jail, it is sourced. This
allows IGNORE_FILES to be set in the jail. And other settings, but
that's the one I wanted.
2.
On Sun, 13 Jul 2014, Mateusz Guzik wrote:
On Sat, Jul 12, 2014 at 08:08:52PM -0600, Warren Block wrote:
A couple of patches to make mergemaster work better with ezjails.
These are only very superficially tested. Feedback welcome.
1. If /etc/mergemaster.rc exists in the jail, it is sourced
On Sun, 13 Jul 2014, Ian Smith wrote:
On Sat, 12 Jul 2014 20:08:52 -0600, Warren Block wrote:
A couple of patches to make mergemaster work better with ezjails.
> These are only very superficially tested. Feedback welcome.
> 1. If /etc/mergemaster.rc exists in the jail, it is sourced.
devfsrules_jail is defined in /etc/defaults/devfs.rules, but a new
ruleset is needed to unhide bpf devices for using check_dhcp in a jail.
It seems clunky to define the new ruleset in /etc/devfs.rules on the
host. Is there a more elegant way to define it with the jail (ezjail)
settings in /us
net-mgmt/monitoring-plugins has a check_dhcp program used to test the
availability of a remote DHCP server. It has BSD-specific code, but
seems fairly dated and only works when all supposedly optional
parameters are given. However, it does work on a normal machine:
OK: Received 1 DHCPOFFER
On Thu, 24 Jul 2014, Glen Barber wrote:
On Thu, Jul 24, 2014 at 09:14:24PM -0600, Warren Block wrote:
net-mgmt/monitoring-plugins has a check_dhcp program used to test the
availability of a remote DHCP server. It has BSD-specific code, but seems
fairly dated and only works when all supposedly
On Thu, 24 Jul 2014, Glen Barber wrote:
On Thu, Jul 24, 2014 at 09:25:06PM -0600, Warren Block wrote:
On Thu, 24 Jul 2014, Glen Barber wrote:
The problem, I suspect, is that bpf(4) does not exist in the jail.
It's there:
# ls -lh /dev/b*
crw--- 1 root wheel 0x12 Jul 24 21:00
On Thu, 24 Jul 2014, Glen Barber wrote:
On Thu, Jul 24, 2014 at 09:35:52PM -0600, Warren Block wrote:
On Thu, 24 Jul 2014, Glen Barber wrote:
On Thu, Jul 24, 2014 at 09:25:06PM -0600, Warren Block wrote:
On Thu, 24 Jul 2014, Glen Barber wrote:
The problem, I suspect, is that bpf(4) does
On Thu, 24 Jul 2014, Glen Barber wrote:
I think dhclient still will not work though, since it is set as 'nojail'
in /etc/rc.d/dhclient rc script.
To be clear, what worked was running /sbin/dhclient, not the rc script.
It requests and gets a lease, but does not manage to assign the address
to
On Sat, 26 Jul 2014, Alexander Leidinger wrote:
On Thu, 24 Jul 2014 10:07:52 -0600 (MDT)
Warren Block wrote:
devfsrules_jail is defined in /etc/defaults/devfs.rules, but a new
ruleset is needed to unhide bpf devices for using check_dhcp in a
jail.
It seems clunky to define the new ruleset
On Sat, 26 Jul 2014, Warren Block wrote:
If devfs accepted an optional file parameter, additional rulesets could be
defined with for each jail. There might be security implications with that.
Actually, it looks like that can be done. devfs_rulesets_from_file() in
/etc/rc.subr has a parser
This is tangential to my earlier changes to mergemaster.
I'm working on an ezjail addition for the Handbook. The update section
shows both source and binary updates.
For source, ezjail-admin update -b on the host does a
buildworld;installworld on the basejail.
For binary, ezjail-admin upda
On Tue, 29 Jul 2014, Allan Jude wrote:
On 2014-07-29 17:44, Warren Block wrote:
What process for running mergemaster should I suggest? Maybe different
ones for trusted and untrusted jails?
This will mount /usr/src into the basejail read-only:
mount -t nullfs -o ro /usr/src /usr/jails
On Tue, 5 Aug 2014, mailinglists wrote:
On 5/08/14 11:13 am, Warren Block wrote:
On Tue, 29 Jul 2014, Allan Jude wrote:
On 2014-07-29 17:44, Warren Block wrote:
What process for running mergemaster should I suggest? Maybe different
ones for trusted and untrusted jails?
This will mount
Is it technically possible to start a jail much earlier in the boot
order?
The reason is that a jailed DNS server could be used by the host if it
was started before any of the host's network services needed DNS. After
/etc/rc.d/netwait, say.
There may be other jailed services that would als
On Sat, 9 Aug 2014, James Gritton wrote:
On 8/9/2014 6:53 PM, Warren Block wrote:
Is it technically possible to start a jail much earlier in the boot order?
The reason is that a jailed DNS server could be used by the host if it was
started before any of the host's network services neede
On Wed, 13 Aug 2014, Allan Jude wrote:
The second problem might be simpler to solve. With sendmail_enable="NO"
in the dns1 jail (so it can send status email), sendmail on the host is
blocked:
sm-mta[679]: daemon Daemon0: problem creating SMTP socket
sm-mta[679]: NOQUEUE: SYSERR(root): opendaem
On Wed, 13 Aug 2014, Warren Block wrote:
On Wed, 13 Aug 2014, Allan Jude wrote:
sm-mta[679]: daemon Daemon0: problem creating SMTP socket
sm-mta[679]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon Daemon0:
cannot bind: Can't assign requested address
This was due to an incorrect loo
On Wed, 13 Aug 2014, Warren Block wrote:
It works... mostly. This file is /etc/rc.d/earlyjail:
#!/bin/sh
# PROVIDE: earlyjail
# REQUIRE: netwait
# KEYWORD:
# BEFORE: mountcritremote
/usr/local/etc/rc.d/ezjail start dns1
When /etc/rc.d/jail runs much later in the startup, it tries to
On Thu, 2 Oct 2014, Erich Dollansky wrote:
Hi,
I recently upgraded to 10.1 BETA3 via sources. All seemed to be fine
until I started jails which connect to the Internet. It simply does not
work anymore. When the browser from the jail connects to another jail
on the same machine via HTTP, it all
On Mon, 22 Dec 2014, Mark Felder wrote:
On Thu, Dec 18, 2014, at 00:18, Alexander Lunev wrote:
As i said in message to Jamie Gritton, i found why jails couldn't ping
internet - i forget to add jail's address to table which permitted to
NAT.
Why subnet mask should be /32? What harm could be d
On Tue, 27 Jan 2015, Allan Jude wrote:
Ezjail still works perfectly fine. It is moderately actively maintained,
it works very well with ZFS. The value of having a single basejail,
rather than multiple is slightly diminished by the fact that we all have
more disk space than we used to, and the fa
On Sun, 20 Dec 2015, dweimer wrote:
On 2015-12-20 1:25 pm, Michael B. Eichorn wrote:
On Sun, 2015-12-20 at 17:50 +0100, Michael Grimm wrote:
Hi —
[Background: I wish to run (some of my) ezjail-made jails and VNET
which cannot be done by ezjail, natively.]
But I found a way to mix both ezjail
24 matches
Mail list logo
