From owner-freebsd-ports-bugs@FreeBSD.ORG Thu May 1 17:10:01 2014 Return-Path: Delivered-To: freebsd-ports-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 75BF0B96 for ; Thu, 1 May 2014 17:10:01 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 575231445 for ; Thu, 1 May 2014 17:10:01 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s41HA1iI038176 for ; Thu, 1 May 2014 17:10:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s41HA1Bi038175; Thu, 1 May 2014 17:10:01 GMT (envelope-from gnats) Date: Thu, 1 May 2014 17:10:01 GMT Message-Id: <201405011710.s41HA1Bi038175@freefall.freebsd.org> To: freebsd-ports-bugs@FreeBSD.org Cc: From: Dreamcat4 Subject: Re: ports/189120: [Maintainer update] sysutils/qjail maintenance & enhancements X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: Dreamcat4 List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 May 2014 17:10:01 -0000 The following reply was made to PR ports/189120; it has been noted by GNATS. From: Dreamcat4 To: bug-followup@freebsd.org, qjail@a1poweruser.com Cc: Subject: Re: ports/189120: [Maintainer update] sysutils/qjail maintenance & enhancements Date: Thu, 1 May 2014 18:03:33 +0100 --047d7b41791d90744e04f859a7f0 Content-Type: text/plain; charset=UTF-8 Joe is killing off the "interface|ip_address/subnet" syntax in the very next 3.3 version of qjail. It turns out that will create a problem for running "insecure" local services such as virtualbox. Specifically it's the "vboxwebserv" daemon which requires a 2nd interface for loopback (localhost lo0) inside of the jail for the daemon to bind its TCP listen port to (so it isn't exposed to outside). Basically the daemon listens on a TCP port "18083" in a very insecure manner - to connect to another php service "phppvirtualbox" which running locally inside of the same jail. With current version 3.2, I am actually doing this: qjail create -4 "192.168.1.203,lo0|127.0.0.2" Which works fabulously. (otherwise the daemon ends up binding to the public-facing interface = very bad). I was really hoping Joe could help by either: A) Released a separate update for auto-nic (as it's own version) before rolling in the other changes which disable the multiple-nic embedded ip syntax. OR B) Allow me to fork the qjail project from version 3.2 ? I'm not aware of any other workaround specifically to that issue. So if you could please respond with some ideas. Kind Regards --047d7b41791d90744e04f859a7f0 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Joe is killing off the "interface|ip_address/subnet" syntax in t= he very next 3.3 version of qjail.

It tur= ns out that will create a problem for running "insecure" local se= rvices such as virtualbox. Specifically it's the "vboxwebserv"= ; daemon which requires a 2nd interface for loopback (localhost lo0) inside= of the jail for the daemon to bind its TCP listen port to (so it isn't= exposed to outside).

Basically the daemon l= istens on a TCP port "18083" in a very insecure manner - to conne= ct to another php service "phppvirtualbox" which running locally = inside of the same jail.

With current version 3= .2, I am actually doing this:

qjail = create -4 "192.168.1.203,lo0|127.0.0.2"

Which works fabulously. (otherwise the daemon ends up binding to the public= -facing interface =3D very bad).


I was = really hoping Joe could help by either:

A) Released a separate update for auto-nic (as it's own version) before= rolling in the other changes which disable the multiple-nic embedded ip sy= ntax.

OR

B) Allow me to fork the = qjail project from version 3.2 ?


I'm not aware of any o= ther workaround specifically to that issue.

So if you could please= respond with some ideas.
Kind Regards

--047d7b41791d90744e04f859a7f0--