Re: Little issue with Jails

Tue, 11 Jul 2017 10:20:27 -0700 

Software Information wrote on 2017/07/11 19:01:

Hi All
I am using FreeBSD 11 and have created a new jail using the following steps

1. make buildworld DESTDIR=/here/is/the/jail
2. make installworld DESTDIR=/here/is/the/jail
3. make distribution DESTDIR=/here/is/the/jail
4. mount -t devfs devfs /here/is/the/jail/dev

I have the following in my host rc.conf

jail_enable="YES"   # Set to NO to disable starting of any jails

jail_list="www"     # Space separated list of names of jails

Note: Jail names in jail_list should contain alphanumeric characters only.

For each jail listed in jail_list, a group of rc.conf(5) settings, which
describe the particular jail, should be added:



jail_www_rootdir="/usr/jail/www"     # jail's root directory

jail_www_hostname="jailname.org"  # jail's hostname

jail_www_ip="IP_Address"           # jail's IP address

jail_www_devfs_enable="YES"          # mount devfs in the jail


On the host, I did sysctl security.jail.allow_raw_sockets=1

In /etc/jail.conf, in the config section for that jail, I entered the
line *allow.raw.sockets
= 1 *


and I also did an *echo 'security.jail.allow_raw_sockets=1' >>
/etc/sysctl.conf *inside the jail.



From what I can tell, I should be able to ping inside the jail now but it

still doesn't work. Does anyone see anything I may have left out?
I recommend you to use jail.conf only and do not set jail variables in rc.conf. It is not good to mix these two. 

Put jail_enable="YES" in to rc.conf and then this in to jail.conf:

## Typical static defaults:
## Use the rc scripts to start and stop jails.  Mount jail's /dev.
exec.start = "/bin/sh /etc/rc";
exec.stop  = "/bin/sh /etc/rc.shutdown";
exec.clean;
exec.system_user   = "root";
exec.jail_user     = "root";
mount.devfs;
devfs_ruleset      = 4;
enforce_statfs     = 1;
allow.set_hostname = 0;
allow.sysvipc      = 0;
allow.raw_sockets  = 0;

## Dynamic wildcard parameter:
## Base the path off the jail name.
path            = "/usr/jail/$name";
exec.consolelog = "/var/log/jail/$name.console";
mount.fstab     = "/etc/fstab.$name";

## Jail www
www {
        host.hostname     = "jailname.example.com";
        ip4.addr          = 10.10.10.10;
        allow.raw_sockets = 1;
}


Then you can run this jail by command:

# service jail start www


Miroslav Lachman
_______________________________________________
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Reply via email to