Date: Fri, 27 Nov 2015 10:09:02 -0700 From: James Gritton <jamie@freebsd.org> To: freebsd-hackers@freebsd.org, freebsd-jail@freebsd.org Cc: =?UTF-8?Q?Carsten_B=C3=A4cker?= <carbaecker@gmx.de> Subject: Re: Hierarchical Jails Message-ID: <5afb4a26c024263f7312f1f0984444a1@gritton.org>
next in thread | raw e-mail | index | archive | help
Am 27.11.2015 um 08:54 schrieb "Carsten Bäcker":
> Sorry... something's wrong with GMX webmailer. Secont time this
> happens.
> Hi Hackers,
> i'm running into problems creating hierarchical jails.
> First of all: this is my first try with *hierarchical* jails (in favor
> of creating a bunch of VMs for software-testing).
> I aliased lo0 with 127.0.1.1 - 127.0.1.3
> --- HOST jail.conf ---
> exec.start = "/bin/sh /etc/rc";
> exec.stop = "/bin/sh /etc/rc.shutdown";
> exec.clean;
> mount.devfs;
> persist;
>
> allow.socket_af=1;
> allow.raw_sockets=1;
> path = "/usr/local/jails/$name";
> mount.fstab = "/usr/local/jails/fstab.$name";
> core {
> host.hostname="jail_core";
> children.max=2;
> ip4.addr =
> ue0|192.168.42.90,lo0|127.0.1.1,lo0|127.0.1.2,lo0|127.0.1.3;
> }
> --- "jail_core" jail.conf ---
> exec.start = "/bin/sh /etc/rc";
> exec.stop = "/bin/sh /etc/rc.shutdown";
> exec.clean;
> mount.devfs;
> persist;
> path = "/usr/local/jails/$name";
> mount.fstab = "/usr/local/jails/fstab.$name";
> dev1 {
> host.hostname="jail_dev1";
> ip4.addr = lo0|127.0.1.1;
> }
> jail_core starts up fine, but "children.max" seems to have no effect
> when checked within the jail.
> root@jail_core:/ # sysctl security.jail.param.children
> security.jail.param.children.max: 0
> security.jail.param.children.cur: 0
> I'm not sure if this is related to the following problem, but when i
> try to create a child-jail in this jailed environment i run into the
> following error.
> root@jail_core:/ # jail -c dev1
> ifconfig: ioctl (SIOCAIFADDR): permission denied
> jail: dev1: /sbin/ifconfig lo0 inet 127.0.1.1 netmask 255.255.255.255
> alias: failed
> What am i doing wrong? Any suggestions?
> Unfortunately i didn't find too much information concerning
> hierarchical jails.
> Running CURRENT -r290973.
> Best Regards
> Carsten Bäcker
The trouble likes in dev1's ip4.addr specification. "lo0|127.0.1.1"
means that the IP address is 127.0.1.1, and that an alias should be
added on the interface lo0. But dev1 doesn't have permission to add
IP aliases, which is where the "alias: failed" message comes from.
The solution is easy in this case: you've already planned ahead and
created the alias in core (as you should have), so it doesn't need to
be created again. Just change dev1's specification to "ip4.addr =
127.0.1.1".
- Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5afb4a26c024263f7312f1f0984444a1>