Date: Thu, 1 May 2014 17:10:01 GMT From: Dreamcat4 <dreamcat4@gmail.com> To: freebsd-ports-bugs@FreeBSD.org Subject: Re: ports/189120: [Maintainer update] sysutils/qjail maintenance & enhancements Message-ID: <201405011710.s41HA1Bi038175@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/189120; it has been noted by GNATS. From: Dreamcat4 <dreamcat4@gmail.com> To: bug-followup@freebsd.org, qjail@a1poweruser.com Cc: Subject: Re: ports/189120: [Maintainer update] sysutils/qjail maintenance & enhancements Date: Thu, 1 May 2014 18:03:33 +0100 --047d7b41791d90744e04f859a7f0 Content-Type: text/plain; charset=UTF-8 Joe is killing off the "interface|ip_address/subnet" syntax in the very next 3.3 version of qjail. It turns out that will create a problem for running "insecure" local services such as virtualbox. Specifically it's the "vboxwebserv" daemon which requires a 2nd interface for loopback (localhost lo0) inside of the jail for the daemon to bind its TCP listen port to (so it isn't exposed to outside). Basically the daemon listens on a TCP port "18083" in a very insecure manner - to connect to another php service "phppvirtualbox" which running locally inside of the same jail. With current version 3.2, I am actually doing this: qjail create -4 "192.168.1.203,lo0|127.0.0.2" Which works fabulously. (otherwise the daemon ends up binding to the public-facing interface = very bad). I was really hoping Joe could help by either: A) Released a separate update for auto-nic (as it's own version) before rolling in the other changes which disable the multiple-nic embedded ip syntax. OR B) Allow me to fork the qjail project from version 3.2 ? I'm not aware of any other workaround specifically to that issue. So if you could please respond with some ideas. Kind Regards --047d7b41791d90744e04f859a7f0 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div style=3D"font-family:arial,sans-serif;font-size:13px"= >Joe is killing off the "interface|ip_address/subnet" syntax in t= he very next 3.3 version of qjail.<br></div><div style=3D"font-family:arial= ,sans-serif;font-size:13px"> <br></div><div style=3D"font-family:arial,sans-serif;font-size:13px">It tur= ns out that will create a problem for running "insecure" local se= rvices such as virtualbox. Specifically it's the "vboxwebserv"= ; daemon which requires a 2nd interface for loopback (localhost lo0) inside= of the jail for the daemon to bind its TCP listen port to (so it isn't= exposed to outside).</div> <div style=3D"font-family:arial,sans-serif;font-size:13px"><br></div><div s= tyle=3D"font-family:arial,sans-serif;font-size:13px">Basically the daemon l= istens on a TCP port "18083" in a very insecure manner - to conne= ct to another php service "phppvirtualbox" which running locally = inside of the same jail.</div> <div style=3D"font-family:arial,sans-serif;font-size:13px"><br></div><div s= tyle=3D"font-family:arial,sans-serif;font-size:13px">With current version 3= .2, I am actually doing this:</div><div style=3D"font-family:arial,sans-ser= if;font-size:13px"> <br></div><div style=3D"font-family:arial,sans-serif;font-size:13px">qjail = create -4 "192.168.1.203,lo0|127.0.0.2"</div><div style=3D"font-f= amily:arial,sans-serif;font-size:13px"><br></div><div style=3D"font-family:= arial,sans-serif;font-size:13px"> Which works fabulously. (otherwise the daemon ends up binding to the public= -facing interface =3D very bad).</div><div style=3D"font-family:arial,sans-= serif;font-size:13px"><br></div><div style=3D"font-family:arial,sans-serif;= font-size:13px"> <br></div><div style=3D"font-family:arial,sans-serif;font-size:13px">I was = really hoping Joe could help by either:</div><div style=3D"font-family:aria= l,sans-serif;font-size:13px"><br></div><div style=3D"font-family:arial,sans= -serif;font-size:13px"> A) Released a separate update for auto-nic (as it's own version) before= rolling in the other changes which disable the multiple-nic embedded ip sy= ntax.</div><div style=3D"font-family:arial,sans-serif;font-size:13px"><br> </div><div style=3D"font-family:arial,sans-serif;font-size:13px">OR</div><d= iv style=3D"font-family:arial,sans-serif;font-size:13px"><br></div><div sty= le=3D"font-family:arial,sans-serif;font-size:13px">B) Allow me to fork the = qjail project from version 3.2 ?</div> <div style=3D"font-family:arial,sans-serif;font-size:13px"><br></div><div s= tyle=3D"font-family:arial,sans-serif;font-size:13px"><br></div><div style= =3D"font-family:arial,sans-serif;font-size:13px">I'm not aware of any o= ther workaround specifically to that issue.</div> <div style=3D"font-family:arial,sans-serif;font-size:13px"><br></div><div s= tyle=3D"font-family:arial,sans-serif;font-size:13px">So if you could please= respond with some ideas.</div><div style=3D"font-family:arial,sans-serif;f= ont-size:13px"> Kind Regards</div><div style=3D"font-family:arial,sans-serif;font-size:13px= "><br></div></div> --047d7b41791d90744e04f859a7f0--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201405011710.s41HA1Bi038175>