From owner-freebsd-jail@FreeBSD.ORG Mon Sep 17 21:55:14 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6BCBA16A419 for ; Mon, 17 Sep 2007 21:55:14 +0000 (UTC) (envelope-from scode@hyperion.scode.org) Received: from hyperion.scode.org (cl-1361.ams-04.nl.sixxs.net [IPv6:2001:960:2:550::2]) by mx1.freebsd.org (Postfix) with ESMTP id 472A013C461 for ; Mon, 17 Sep 2007 21:55:13 +0000 (UTC) (envelope-from scode@hyperion.scode.org) Received: by hyperion.scode.org (Postfix, from userid 1001) id 424A023C462; Mon, 17 Sep 2007 23:55:10 +0200 (CEST) Date: Mon, 17 Sep 2007 23:55:10 +0200 From: Peter Schuller To: "Max N. Boyarov" Message-ID: <20070917215509.GA67914@hyperion.scode.org> References: <20070830084510.GA66523@www.photor.de> <86hcmhb84h.fsf@bsd.by> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="82I3+IH0IqGh5yIs" Content-Disposition: inline In-Reply-To: <86hcmhb84h.fsf@bsd.by> User-Agent: Mutt/1.5.16 (2007-06-09) Cc: freebsd-jail@freebsd.org Subject: Re: Running postgres 8.2 in a jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Sep 2007 21:55:14 -0000 --82I3+IH0IqGh5yIs Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable > try enable security.jail.sysvipc_allowed But realize that this breaks the sandbox partially since sysvipc/shared memory will be shared across all jails and the host. --=20 / Peter Schuller PGP userID: 0xE9758B7D or 'Peter Schuller ' Key retrieval: Send an E-Mail to getpgpkey@scode.org E-Mail: peter.schuller@infidyne.com Web: http://www.scode.org --82I3+IH0IqGh5yIs Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFG7ve9DNor2+l1i30RAlIEAKCgvEOAXNvkvkV33L6sHVmf8gVVcwCgj90g iiHbY4l8tbR0XsyV0qrbv60= =JtNX -----END PGP SIGNATURE----- --82I3+IH0IqGh5yIs-- From owner-freebsd-jail@FreeBSD.ORG Mon Sep 17 21:56:06 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1C5AF16A418 for ; Mon, 17 Sep 2007 21:56:06 +0000 (UTC) (envelope-from scode@hyperion.scode.org) Received: from hyperion.scode.org (cl-1361.ams-04.nl.sixxs.net [IPv6:2001:960:2:550::2]) by mx1.freebsd.org (Postfix) with ESMTP id EAA5F13C46B for ; Mon, 17 Sep 2007 21:56:05 +0000 (UTC) (envelope-from scode@hyperion.scode.org) Received: by hyperion.scode.org (Postfix, from userid 1001) id 48A8F23C462; Mon, 17 Sep 2007 23:56:05 +0200 (CEST) Date: Mon, 17 Sep 2007 23:56:05 +0200 From: Peter Schuller To: Paul Hoffman Message-ID: <20070917215605.GB67914@hyperion.scode.org> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="R3G7APHDIzY6R/pk" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.16 (2007-06-09) Cc: freebsd-jail@freebsd.org Subject: Re: Hosted FreeBSD jail services? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Sep 2007 21:56:06 -0000 --R3G7APHDIzY6R/pk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable > Greetings again. Do folks here know of any commercially hosted FreeBSD=20 > virtual servers that use jails? I could not find any that used FreeBSD as= =20 > Xen domU images. Verio's $90/month is ridiculously expensive. www.johncompanies.com (the guys also behind rsync.net). --=20 / Peter Schuller PGP userID: 0xE9758B7D or 'Peter Schuller ' Key retrieval: Send an E-Mail to getpgpkey@scode.org E-Mail: peter.schuller@infidyne.com Web: http://www.scode.org --R3G7APHDIzY6R/pk Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFG7vf0DNor2+l1i30RAsu6AKCdeIbNHuIsRPOZ2jb2djlBAtQSZwCgtXRW 76zWrOuMatdh/e35948xQuk= =tlus -----END PGP SIGNATURE----- --R3G7APHDIzY6R/pk-- From owner-freebsd-jail@FreeBSD.ORG Tue Sep 18 05:54:57 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7C13416A417 for ; Tue, 18 Sep 2007 05:54:57 +0000 (UTC) (envelope-from scode@hyperion.scode.org) Received: from hyperion.scode.org (cl-1361.ams-04.nl.sixxs.net [IPv6:2001:960:2:550::2]) by mx1.freebsd.org (Postfix) with ESMTP id 22D6613C468 for ; Tue, 18 Sep 2007 05:54:57 +0000 (UTC) (envelope-from scode@hyperion.scode.org) Received: by hyperion.scode.org (Postfix, from userid 1001) id 86E1A23C499; Tue, 18 Sep 2007 07:54:56 +0200 (CEST) Date: Tue, 18 Sep 2007 07:54:56 +0200 From: Peter Schuller To: "Brian A. Seklecki" Message-ID: <20070918055456.GA72403@hyperion.scode.org> References: <20070830084510.GA66523@www.photor.de> <86hcmhb84h.fsf@bsd.by> <20070917215509.GA67914@hyperion.scode.org> <20070917175712.L3959@soundwave.pitbpa0.priv.collaborativefusion.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="/9DWx/yDrRhgMJTb" Content-Disposition: inline In-Reply-To: <20070917175712.L3959@soundwave.pitbpa0.priv.collaborativefusion.com> User-Agent: Mutt/1.5.16 (2007-06-09) Cc: freebsd-jail@freebsd.org Subject: Re: Running postgres 8.2 in a jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Sep 2007 05:54:57 -0000 --/9DWx/yDrRhgMJTb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable > Which will hopefully be fixed in 7x, along with attracted routing=20 > instances. Really? Would you happen to have a reference to some specific information? On sysvipc that is. --=20 / Peter Schuller PGP userID: 0xE9758B7D or 'Peter Schuller ' Key retrieval: Send an E-Mail to getpgpkey@scode.org E-Mail: peter.schuller@infidyne.com Web: http://www.scode.org --/9DWx/yDrRhgMJTb Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFG72gvDNor2+l1i30RAuOGAKDYLuFD7Y1ewVZ0JgHVo1mSE6aBwgCggF7Z LI/oe8Vkc9ugjoRgbIHjeUA= =46ab -----END PGP SIGNATURE----- --/9DWx/yDrRhgMJTb-- From owner-freebsd-jail@FreeBSD.ORG Tue Sep 18 09:52:08 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1EA1F16A468 for ; Tue, 18 Sep 2007 09:52:08 +0000 (UTC) (envelope-from maochang1981@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.183]) by mx1.freebsd.org (Postfix) with ESMTP id C6C9F13C48D for ; Tue, 18 Sep 2007 09:52:07 +0000 (UTC) (envelope-from maochang1981@gmail.com) Received: by wa-out-1112.google.com with SMTP id k17so2330568waf for ; Tue, 18 Sep 2007 02:51:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; bh=doWy1himgo67yi8S1v++GJRdWgp7X9PtYg/yYbvmrlc=; b=rMTkmLSTvNEO0waikpPSzvK7s9aL+Bq/JpZnB8foMU1i8MuG6WqmZ+BIcTC5hxgpxFqZpOvhBEVzFUvYkBW/nukiuHbQpkZ3y5/dgJGbctE72YN58MEajkeAiC+8C0jSu8LTXrzDgeLcpZJGOgQb3D3Dwdsh5S+k0zoIGiYlvHM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type; b=BwA8mDcJzh8cdMQD8cUA4QNoSgtqniMQj4PIqx5ks8zm6sU+OSDixPnmwEuB1190GEW6DdEH6rC3ImV7hoPZBpEL6k/sQkSg6EpiGt9H/0jJpb8QevS0/y95DcnF1Ce9Umw9o+5AY4r8K1Xa4QuEDovwB42j86HQPB5zBlmBaIg= Received: by 10.114.198.1 with SMTP id v1mr1755979waf.1190107436065; Tue, 18 Sep 2007 02:23:56 -0700 (PDT) Received: by 10.114.36.13 with HTTP; Tue, 18 Sep 2007 02:23:56 -0700 (PDT) Message-ID: Date: Tue, 18 Sep 2007 17:23:56 +0800 From: "maomao maomao" To: freebsd-jail@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: post the mail list X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Sep 2007 09:52:08 -0000 my mail address is : maochang1981@gmail.com. thanks a lot! From owner-freebsd-jail@FreeBSD.ORG Tue Sep 18 19:52:44 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 98D4416A417; Tue, 18 Sep 2007 19:52:44 +0000 (UTC) (envelope-from lambert@lambertfam.org) Received: from sysmon.tcworks.net (sysmon.tcworks.net [65.66.76.4]) by mx1.freebsd.org (Postfix) with ESMTP id 6905013C457; Tue, 18 Sep 2007 19:52:44 +0000 (UTC) (envelope-from lambert@lambertfam.org) Received: from sysmon.tcworks.net (localhost [127.0.0.1]) by sysmon.tcworks.net (8.13.1/8.13.1) with ESMTP id l8IJTXlE022798; Tue, 18 Sep 2007 14:29:33 -0500 (CDT) (envelope-from lambert@lambertfam.org) Received: (from lambert@localhost) by sysmon.tcworks.net (8.13.1/8.13.1/Submit) id l8IJTX8u022797; Tue, 18 Sep 2007 14:29:33 -0500 (CDT) (envelope-from lambert@lambertfam.org) X-Authentication-Warning: sysmon.tcworks.net: lambert set sender to lambert@lambertfam.org using -f Date: Tue, 18 Sep 2007 14:29:33 -0500 From: Scott Lambert To: freebsd-jail@freebsd.org, freebsd-stable@freebsd.org Message-ID: <20070918192933.GC71361@sysmon.tcworks.net> Mail-Followup-To: freebsd-jail@freebsd.org, freebsd-stable@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.2i Cc: Subject: Problems with FreeRADIUS in a jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Sep 2007 19:52:44 -0000 I've been trying to get FreeRADIUS 2.0 working inside a FreeBSD 6.2-STABLE jail. The work I've been doing with the Alan DeKok of FreeRADIUS starts with this message: https://lists.freeradius.org/pipermail/freeradius-users/2007-September/065883.html Here is the thread index : https://lists.freeradius.org/pipermail/freeradius-users/2007-September/thread.html#65883 I am way out of my depth at this point. I thought I had the problem found yesterday in FreeRADIUS but Alan says what I did to "fix" it shouldn't work at all. He seems to think it is a jail problem. Is anybody else testing the new version of FreeRADIUS in a jail? I would greatly appreciate any help I can get on this topic. If someone wants to take a look at it, here is a script I am using to get the current sources: ======================================================================== #!/bin/sh DATE=`date +%Y%m%d` fetch ftp://ftp.freeradius.org/pub/freeradius/snapshots/freeradius-server-snapshot-${DATE}.tar.bz2 tar -yxvf freeradius-server-snapshot-${DATE}.tar.bz2 rm -rf freeradius-server-snapshot cp -rp freeradius-server-snapshot-${DATE} freeradius-server-snapshot ======================================================================== Thanks in advance! -- Scott Lambert KC5MLE Unix SysAdmin lambert@lambertfam.org From owner-freebsd-jail@FreeBSD.ORG Tue Sep 18 21:27:16 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BFC5E16A417; Tue, 18 Sep 2007 21:27:16 +0000 (UTC) (envelope-from jamie@gritton.org) Received: from gritton.org (gritton.org [161.58.222.4]) by mx1.freebsd.org (Postfix) with ESMTP id 6707713C461; Tue, 18 Sep 2007 21:27:16 +0000 (UTC) (envelope-from jamie@gritton.org) Received: from [10.20.12.66] (fw.oremut02.us.wh.verio.net [198.65.168.24]) (authenticated bits=0) by gritton.org (8.13.6.20060614/8.13.6) with ESMTP id l8IL3Hhu008692; Tue, 18 Sep 2007 15:03:17 -0600 (MDT) Message-ID: <46F03D10.2070607@gritton.org> Date: Tue, 18 Sep 2007 15:03:12 -0600 From: James Gritton User-Agent: Thunderbird 1.5.0.2 (X11/20060512) MIME-Version: 1.0 To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-hackers@freebsd.org Subject: Hierarchical jails - any current work? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Sep 2007 21:27:16 -0000 I've been doing some work on a hierarchical jail setup, but I've got this nagging feeling it's been done before. Does anyone know of such an existing project? If not, I'll put forward my own code. - James Gritton jamie@gritton.org From owner-freebsd-jail@FreeBSD.ORG Wed Sep 19 09:58:10 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 927FD16A420 for ; Wed, 19 Sep 2007 09:58:10 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from redbull.bpaserver.net (redbullneu.bpaserver.net [213.198.78.217]) by mx1.freebsd.org (Postfix) with ESMTP id 30AE513C494 for ; Wed, 19 Sep 2007 09:58:10 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from outgoing.leidinger.net (p54A54503.dip.t-dialin.net [84.165.69.3]) by redbull.bpaserver.net (Postfix) with ESMTP id 3E0152E0D9; Wed, 19 Sep 2007 11:58:05 +0200 (CEST) Received: from webmail.leidinger.net (webmail.Leidinger.net [192.168.1.102]) by outgoing.leidinger.net (Postfix) with ESMTP id EEA025B4812; Wed, 19 Sep 2007 11:57:38 +0200 (CEST) Received: (from www@localhost) by webmail.leidinger.net (8.14.1/8.13.8/Submit) id l8J9vcO1043600; Wed, 19 Sep 2007 11:57:38 +0200 (CEST) (envelope-from Alexander@Leidinger.net) Received: from pslux.cec.eu.int (pslux.cec.eu.int [158.169.9.14]) by webmail.leidinger.net (Horde MIME library) with HTTP; Wed, 19 Sep 2007 11:57:38 +0200 Message-ID: <20070919115738.mygln5az9k4kkko4@webmail.leidinger.net> X-Priority: 3 (Normal) Date: Wed, 19 Sep 2007 11:57:38 +0200 From: Alexander Leidinger To: James Gritton References: <46F03D10.2070607@gritton.org> In-Reply-To: <46F03D10.2070607@gritton.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.1.4) / FreeBSD-7.0 X-BPAnet-MailScanner-Information: Please contact the ISP for more information X-BPAnet-MailScanner: Found to be clean X-BPAnet-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-14.9, required 8, BAYES_00 -15.00, RDNS_DYNAMIC 0.10) X-BPAnet-MailScanner-From: alexander@leidinger.net X-Spam-Status: No X-Mailman-Approved-At: Wed, 19 Sep 2007 12:49:56 +0000 Cc: freebsd-hackers@freebsd.org, freebsd-jail@freebsd.org Subject: Re: Hierarchical jails - any current work? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Sep 2007 09:58:10 -0000 Quoting James Gritton (from Tue, 18 Sep 2007 15:03:12 -0600): > I've been doing some work on a hierarchical jail setup, but I've got > this nagging feeling it's been done before. Does anyone know of such > an existing project? If not, I'll put forward my own code. At http://perforce.freebsd.org/branchView.cgi?BRANCH=cdjones%5fjail%5fcurrent are changes to improve jails. I don't know if it does what you want, as you haven't described how hierarchical jails are supposed to work. For infor what is available there, I suggest to ask cdjones. Bye, Alexander. -- HUGH BEAUMONT died in 1982!! http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 From owner-freebsd-jail@FreeBSD.ORG Wed Sep 19 15:24:49 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9B0FE16A417; Wed, 19 Sep 2007 15:24:49 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (arm132.internetdsl.tpnet.pl [83.17.198.132]) by mx1.freebsd.org (Postfix) with ESMTP id 41F6F13C45B; Wed, 19 Sep 2007 15:24:49 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id E203545E97; Wed, 19 Sep 2007 16:53:16 +0200 (CEST) Received: from localhost (unknown [194.182.142.6]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id 50DA945B26; Wed, 19 Sep 2007 16:53:09 +0200 (CEST) Date: Wed, 19 Sep 2007 16:51:43 +0200 From: Pawel Jakub Dawidek To: James Gritton Message-ID: <20070919145143.GD965@garage.freebsd.pl> References: <46F03D10.2070607@gritton.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="zjcmjzIkjQU2rmur" Content-Disposition: inline In-Reply-To: <46F03D10.2070607@gritton.org> User-Agent: Mutt/1.4.2.3i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 7.0-CURRENT i386 X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-2.6 required=3.0 tests=BAYES_00 autolearn=ham version=3.0.4 Cc: freebsd-hackers@freebsd.org, freebsd-jail@freebsd.org Subject: Re: Hierarchical jails - any current work? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Sep 2007 15:24:49 -0000 --zjcmjzIkjQU2rmur Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Sep 18, 2007 at 03:03:12PM -0600, James Gritton wrote: > I've been doing some work on a hierarchical jail setup, but I've got > this nagging feeling it's been done before. Does anyone know of such > an existing project? If not, I'll put forward my own code. Something like this: http://garage.freebsd.pl/mljail.README I did it some time ago, and this is one of the feature for new jail implementation with is beeing designed. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --zjcmjzIkjQU2rmur Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFG8Td/ForvXbEpPzQRArobAKCV+LdK1Lk0CYTTBSN39tH+tIrGaACgp6N9 qn5vSZ9ztKvCV2P5PYRjueQ= =dvFZ -----END PGP SIGNATURE----- --zjcmjzIkjQU2rmur-- From owner-freebsd-jail@FreeBSD.ORG Wed Sep 19 19:08:23 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 06C1316A468 for ; Wed, 19 Sep 2007 19:08:23 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outW.internet-mail-service.net (outW.internet-mail-service.net [216.240.47.246]) by mx1.freebsd.org (Postfix) with ESMTP id BA3B013C4B4 for ; Wed, 19 Sep 2007 19:08:22 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.40) with ESMTP; Wed, 19 Sep 2007 12:08:21 -0700 X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (nat.ironport.com [63.251.108.100]) by idiom.com (Postfix) with ESMTP id EA44D1263FF; Wed, 19 Sep 2007 12:08:20 -0700 (PDT) Message-ID: <46F173A4.6000703@elischer.org> Date: Wed, 19 Sep 2007 12:08:20 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.6 (Macintosh/20070728) MIME-Version: 1.0 To: Pawel Jakub Dawidek References: <46F03D10.2070607@gritton.org> <20070919145143.GD965@garage.freebsd.pl> In-Reply-To: <20070919145143.GD965@garage.freebsd.pl> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-hackers@freebsd.org, freebsd-jail@freebsd.org Subject: Re: Hierarchical jails - any current work? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Sep 2007 19:08:23 -0000 Pawel Jakub Dawidek wrote: > On Tue, Sep 18, 2007 at 03:03:12PM -0600, James Gritton wrote: >> I've been doing some work on a hierarchical jail setup, but I've got >> this nagging feeling it's been done before. Does anyone know of such >> an existing project? If not, I'll put forward my own code. > > Something like this: > > http://garage.freebsd.pl/mljail.README > > I did it some time ago, and this is one of the feature for new jail > implementation with is beeing designed. I hope in conjuction with Marko and the vimage stuff, which is already hierarchical. > From owner-freebsd-jail@FreeBSD.ORG Wed Sep 19 19:30:51 2007 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 551BB16A418; Wed, 19 Sep 2007 19:30:51 +0000 (UTC) (envelope-from jamie@gritton.org) Received: from gritton.org (gritton.org [161.58.222.4]) by mx1.freebsd.org (Postfix) with ESMTP id 0E1E213C45A; Wed, 19 Sep 2007 19:30:50 +0000 (UTC) (envelope-from jamie@gritton.org) Received: from [10.20.12.66] (fw.oremut02.us.wh.verio.net [198.65.168.24]) (authenticated bits=0) by gritton.org (8.13.6.20060614/8.13.6) with ESMTP id l8JJUnct059865; Wed, 19 Sep 2007 13:30:50 -0600 (MDT) Message-ID: <46F178E4.7050408@gritton.org> Date: Wed, 19 Sep 2007 13:30:44 -0600 From: James Gritton User-Agent: Thunderbird 1.5.0.2 (X11/20060512) MIME-Version: 1.0 To: Pawel Jakub Dawidek References: <46F03D10.2070607@gritton.org> <20070919145143.GD965@garage.freebsd.pl> In-Reply-To: <20070919145143.GD965@garage.freebsd.pl> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-hackers@FreeBSD.org, freebsd-jail@FreeBSD.org Subject: Re: Hierarchical jails - any current work? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Sep 2007 19:30:51 -0000 Pawel Jakub Dawidek wrote: > Something like this: > http://garage.freebsd.pl/mljail.README > > I did it some time ago, and this is one of the feature for new jail > implementation with is beeing designed Yes, that's just the thing I'm talking about, so it looks like I have indeed be reinventing something. (The jail scheduling work of cdjones it something else I'm interested in, but for another time). Now the question becomes: how much jail work is out there, and what's the likelihood is it seeing the light of day in a released kernel? I hate to be going about coding stuff that's been done before (well, actually I enjoy coding it but you know...), but I only ever see snippets of jail work mentioned here and there and nothing ever seems to get anywhere official. I figured the place to talk about this was the freebsd-jail mailing list, but it seems to be mostly for stuff like "getting app X to work in a jail" or "the current jail rc scripts have this or that deficiency." That's why I cross-mailed to freebsd-hackers - maybe more appropriate there? Where's the secret place people really go to communicate this kind of thing? I've done a lot of work in the general jail-like area, and while much of it it the same as others' I'd like to share what isn't. Of course, with other people's jail-related projects staying on the sidelines so long - and that by those with "@freebsd.org" stature - one wonders if there's a point. I don't mean to sound down on anything, just wondering what the state of the "jail community" is. Or where it is. - Jamie From owner-freebsd-jail@FreeBSD.ORG Wed Sep 19 20:08:27 2007 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 373F416A469 for ; Wed, 19 Sep 2007 20:08:27 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outD.internet-mail-service.net (outD.internet-mail-service.net [216.240.47.227]) by mx1.freebsd.org (Postfix) with ESMTP id D883513C461 for ; Wed, 19 Sep 2007 20:08:26 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.40) with ESMTP; Wed, 19 Sep 2007 13:08:25 -0700 X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (nat.ironport.com [63.251.108.100]) by idiom.com (Postfix) with ESMTP id 360F71263D3; Wed, 19 Sep 2007 13:08:25 -0700 (PDT) Message-ID: <46F181B7.6080803@elischer.org> Date: Wed, 19 Sep 2007 13:08:23 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.6 (Macintosh/20070728) MIME-Version: 1.0 To: James Gritton References: <46F03D10.2070607@gritton.org> <20070919145143.GD965@garage.freebsd.pl> <46F178E4.7050408@gritton.org> In-Reply-To: <46F178E4.7050408@gritton.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-hackers@FreeBSD.org, freebsd-jail@FreeBSD.org, Pawel Jakub Dawidek Subject: Re: Hierarchical jails - any current work? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Sep 2007 20:08:27 -0000 James Gritton wrote: > Pawel Jakub Dawidek wrote: >> Something like this: >> http://garage.freebsd.pl/mljail.README >> >> I did it some time ago, and this is one of the feature for new jail >> implementation with is beeing designed > > Yes, that's just the thing I'm talking about, so it looks like I have > indeed be reinventing something. (The jail scheduling work of cdjones > it something else I'm interested in, but for another time). > > Now the question becomes: how much jail work is out there, and what's > the likelihood is it seeing the light of day in a released kernel? I > hate to be going about coding stuff that's been done before (well, > actually I enjoy coding it but you know...), but I only ever see > snippets of jail work mentioned here and there and nothing ever seems to > get anywhere official. I figured the place to talk about this was the > freebsd-jail mailing list, but it seems to be mostly for stuff like > "getting app X to work in a jail" or "the current jail rc scripts have > this or that deficiency." That's why I cross-mailed to freebsd-hackers > - maybe more appropriate there? > > Where's the secret place people really go to communicate this kind of > thing? I've done a lot of work in the general jail-like area, and while > much of it it the same as others' I'd like to share what isn't. Of > course, with other people's jail-related projects staying on the > sidelines so long - and that by those with "@freebsd.org" stature - one > wonders if there's a point. I don't mean to sound down on anything, > just wondering what the state of the "jail community" is. Or where it is. > please please please familiarise yourself with the Vimage code that Marko Zec is working on. It is a superset of jails and all future virtualisation work at this level (as oppposed to Xen or vmware etc.) should be done in co-operation so that a generic framework is used. marko has done some of this already and his code utilises some of the existing Jail frameowork. > - Jamie > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" From owner-freebsd-jail@FreeBSD.ORG Wed Sep 19 20:18:48 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E60CA16A419; Wed, 19 Sep 2007 20:18:48 +0000 (UTC) (envelope-from jamie@gritton.org) Received: from gritton.org (gritton.org [161.58.222.4]) by mx1.freebsd.org (Postfix) with ESMTP id 8772113C457; Wed, 19 Sep 2007 20:18:48 +0000 (UTC) (envelope-from jamie@gritton.org) Received: from [10.20.12.66] (fw.oremut02.us.wh.verio.net [198.65.168.24]) (authenticated bits=0) by gritton.org (8.13.6.20060614/8.13.6) with ESMTP id l8JKIj47061841; Wed, 19 Sep 2007 14:18:45 -0600 (MDT) Message-ID: <46F18420.2060209@gritton.org> Date: Wed, 19 Sep 2007 14:18:40 -0600 From: James Gritton User-Agent: Thunderbird 1.5.0.2 (X11/20060512) MIME-Version: 1.0 To: Julian Elischer References: <46F03D10.2070607@gritton.org> <20070919145143.GD965@garage.freebsd.pl> <46F178E4.7050408@gritton.org> <46F181B7.6080803@elischer.org> In-Reply-To: <46F181B7.6080803@elischer.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-hackers@freebsd.org, freebsd-jail@freebsd.org Subject: Re: Hierarchical jails - any current work? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Sep 2007 20:18:49 -0000 > please please please familiarise yourself with the Vimage code that > Marko Zec is working on. This is the stuff at http://imunes.tel.fer.hr/virtnet/, right? I take it that's the definitive place to go. I recall having looked at that before, and I guess I was thrown off by the "net work virtualization" title and didn't know it was to be a general jail replacement. So sure, I'll give that a thorough study and see what I can do with it. I still hope I can contribute and not just have bothered you all to just end up being another user :-). - Jamie From owner-freebsd-jail@FreeBSD.ORG Wed Sep 19 20:28:42 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 100FD16A418 for ; Wed, 19 Sep 2007 20:28:42 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outI.internet-mail-service.net (outI.internet-mail-service.net [216.240.47.232]) by mx1.freebsd.org (Postfix) with ESMTP id D079D13C428 for ; Wed, 19 Sep 2007 20:28:41 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.40) with ESMTP; Wed, 19 Sep 2007 13:28:40 -0700 X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (nat.ironport.com [63.251.108.100]) by idiom.com (Postfix) with ESMTP id 09E50126428; Wed, 19 Sep 2007 13:28:39 -0700 (PDT) Message-ID: <46F18676.5050507@elischer.org> Date: Wed, 19 Sep 2007 13:28:38 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.6 (Macintosh/20070728) MIME-Version: 1.0 To: James Gritton References: <46F03D10.2070607@gritton.org> <20070919145143.GD965@garage.freebsd.pl> <46F178E4.7050408@gritton.org> <46F181B7.6080803@elischer.org> <46F18420.2060209@gritton.org> In-Reply-To: <46F18420.2060209@gritton.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-hackers@freebsd.org, freebsd-jail@freebsd.org Subject: Re: Hierarchical jails - any current work? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Sep 2007 20:28:42 -0000 James Gritton wrote: >> please please please familiarise yourself with the Vimage code that >> Marko Zec is working on. > > This is the stuff at http://imunes.tel.fer.hr/virtnet/, right? I take > it that's the definitive place to go. I recall having looked at that > before, and I guess I was thrown off by the "net work virtualization" > title and didn't know it was to be a general jail replacement. So sure, > I'll give that a thorough study and see what I can do with it. I still > hope I can contribute and not just have bothered you all to just end up > being another user :-). > > - Jamie Network virualisation is one part of the job.. it uses jail code to provide other separation, but it would be good if the connections were more 'formal'. We should have an official architecture for this sort of thing. Marco has said that one of the things that needs to be done is to spend time integrating it better with the other (read jail) virtualisation code.. That could be your name I hear being called :-) From owner-freebsd-jail@FreeBSD.ORG Wed Sep 19 21:28:02 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ADA4D16A41A for ; Wed, 19 Sep 2007 21:28:02 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id 61CA813C459 for ; Wed, 19 Sep 2007 21:28:02 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id ED36A41C712; Wed, 19 Sep 2007 23:10:09 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id 9TECUhgBNE5x; Wed, 19 Sep 2007 23:10:06 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 5D7EB41C735; Wed, 19 Sep 2007 23:10:06 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id D89BD444885; Wed, 19 Sep 2007 21:05:38 +0000 (UTC) Date: Wed, 19 Sep 2007 21:05:38 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Scott Lambert In-Reply-To: <20070918192933.GC71361@sysmon.tcworks.net> Message-ID: <20070919202625.Y58095@maildrop.int.zabbadoz.net> References: <20070918192933.GC71361@sysmon.tcworks.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-jail@freebsd.org, freebsd-stable@freebsd.org Subject: Re: Problems with FreeRADIUS in a jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Sep 2007 21:28:02 -0000 On Tue, 18 Sep 2007, Scott Lambert wrote: Hi, > I've been trying to get FreeRADIUS 2.0 working inside a FreeBSD > 6.2-STABLE jail. > > The work I've been doing with the Alan DeKok of FreeRADIUS starts with > this message: > > https://lists.freeradius.org/pipermail/freeradius-users/2007-September/065883.html > > Here is the thread index : > > https://lists.freeradius.org/pipermail/freeradius-users/2007-September/thread.html#65883 > > I am way out of my depth at this point. I thought I had the problem > found yesterday in FreeRADIUS but Alan says what I did to "fix" it > shouldn't work at all. if you mean the == INADDR_ANY => != change, Alan should be right from the code you pasted into the mails. > He seems to think it is a jail problem. I haven't read their code but from what I got in the thread it sounds like they seem to be overly clever doing assumtions that are just wrong (no matter if it's a jail or not). So it seems C: bind(INADDR_ANY) C: getsockname returns an address inside the jail C: packet gets out to dstaddr S: the packets gets proccessed S: a reply is send to the IP address from the dstaddr (as used by the client) and it should always be that way (no matter if the C: is in jail or not) C: packets is recved C: ip address is checked and to whatever it would be checked should match - in case they have the IP address it would match, in case they bound to inaddr_any all addresses should match. They might have problems matching up their internal state or overwriting something somewhere. I would assume what could happen is that bind to INADDR_ANY, getsockname returns != INADDR_ANY thus inaddr_any = 0; On recv. they fill in the match from the Client = * definition which would be INADDR_ANY but inaddr_any is set to 0 and thus the check on the ip address does not match because they would need both INADDR_ANY and inaddr_any = 1 for that (for whatever reason they need to duplicate that information). But that's just a wild guess... -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT Software is harder than hardware so better get it right the first time. From owner-freebsd-jail@FreeBSD.ORG Wed Sep 19 21:38:30 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DB84416A419; Wed, 19 Sep 2007 21:38:30 +0000 (UTC) (envelope-from lambert@lambertfam.org) Received: from sysmon.tcworks.net (sysmon.tcworks.net [65.66.76.4]) by mx1.freebsd.org (Postfix) with ESMTP id AA70513C458; Wed, 19 Sep 2007 21:38:30 +0000 (UTC) (envelope-from lambert@lambertfam.org) Received: from sysmon.tcworks.net (localhost [127.0.0.1]) by sysmon.tcworks.net (8.13.1/8.13.1) with ESMTP id l8JLcTup029458; Wed, 19 Sep 2007 16:38:29 -0500 (CDT) (envelope-from lambert@lambertfam.org) Received: (from lambert@localhost) by sysmon.tcworks.net (8.13.1/8.13.1/Submit) id l8JLcTxR029457; Wed, 19 Sep 2007 16:38:29 -0500 (CDT) (envelope-from lambert@lambertfam.org) X-Authentication-Warning: sysmon.tcworks.net: lambert set sender to lambert@lambertfam.org using -f Date: Wed, 19 Sep 2007 16:38:29 -0500 From: Scott Lambert To: "Bjoern A. Zeeb" Message-ID: <20070919213829.GA39059@sysmon.tcworks.net> Mail-Followup-To: "Bjoern A. Zeeb" , freebsd-jail@freebsd.org, freebsd-stable@freebsd.org References: <20070918192933.GC71361@sysmon.tcworks.net> <20070919202625.Y58095@maildrop.int.zabbadoz.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20070919202625.Y58095@maildrop.int.zabbadoz.net> User-Agent: Mutt/1.4.2.2i Cc: freebsd-jail@freebsd.org, freebsd-stable@freebsd.org Subject: Re: Problems with FreeRADIUS in a jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Sep 2007 21:38:31 -0000 On Wed, Sep 19, 2007 at 09:05:38PM +0000, Bjoern A. Zeeb wrote: > On Tue, 18 Sep 2007, Scott Lambert wrote: > > Hi, > > >I've been trying to get FreeRADIUS 2.0 working inside a FreeBSD > >6.2-STABLE jail. > > > >The work I've been doing with the Alan DeKok of FreeRADIUS starts with > >this message: > > > >https://lists.freeradius.org/pipermail/freeradius-users/2007-September/065883.html > > > >Here is the thread index : > > > >https://lists.freeradius.org/pipermail/freeradius-users/2007-September/thread.html#65883 > > > >I am way out of my depth at this point. I thought I had the problem > >found yesterday in FreeRADIUS but Alan says what I did to "fix" it > >shouldn't work at all. > > if you mean the == INADDR_ANY => != change, Alan should be right from > the code you pasted into the mails. Yeah, I dug in and tried to prove myself right yesterday. I was completely wrong. I don't know how that ended up working on all of my test cases. > > He seems to think it is a jail problem. > > I haven't read their code but from what I got in the thread it sounds > like they seem to be overly clever doing assumtions that are just > wrong (no matter if it's a jail or not). That's my impression. > So it seems > > C: bind(INADDR_ANY) > C: getsockname returns an address inside the jail > C: packet gets out to dstaddr > > S: the packets gets proccessed > S: a reply is send to the IP address from the dstaddr (as used by the > client) > and it should always be that way (no matter if the C: is in jail or not) > > C: packets is recved > C: ip address is checked and to whatever it would be checked should > match - in case they have the IP address it would match, in case they > bound to inaddr_any all addresses should match. > > They might have problems matching up their internal state or > overwriting something somewhere. > > I would assume what could happen is that bind to INADDR_ANY, > getsockname returns != INADDR_ANY thus inaddr_any = 0; > On recv. they fill in the match from the Client = * definition > which would be INADDR_ANY but inaddr_any is set to 0 and thus the > check on the ip address does not match because they would need both > INADDR_ANY and inaddr_any = 1 for that (for whatever reason they need > to duplicate that information). > > But that's just a wild guess... I wish my wild guesses were a tenth that good. Last night, I found a place where they unconditionally set reply->dst_ipaddr = client_ipaddr. I think that is exactly what you are postulating above. It looks like they had reasons for setting that, but I can't tell what circumstances would necessitate it. I posted another message to the thread about that but Alan hasn't responded to that post just yet so either he didn't have time to mess with me today, or he may be checking into the validity of that unconditional assignment. I'm hoping for the latter because I would like to get this resolved and move on with putting it in production. :-) Thanks for the help! -- Scott Lambert KC5MLE Unix SysAdmin lambert@lambertfam.org From owner-freebsd-jail@FreeBSD.ORG Thu Sep 20 06:24:51 2007 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0933516A419; Thu, 20 Sep 2007 06:24:51 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (arm132.internetdsl.tpnet.pl [83.17.198.132]) by mx1.freebsd.org (Postfix) with ESMTP id 3B2A913C45A; Thu, 20 Sep 2007 06:24:49 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id AAD5645E91; Thu, 20 Sep 2007 08:24:47 +0200 (CEST) Received: from localhost (154.81.datacomsa.pl [195.34.81.154]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id B0E0A456AB; Thu, 20 Sep 2007 08:24:40 +0200 (CEST) Date: Thu, 20 Sep 2007 08:23:13 +0200 From: Pawel Jakub Dawidek To: James Gritton Message-ID: <20070920062313.GA1119@garage.freebsd.pl> References: <46F03D10.2070607@gritton.org> <20070919145143.GD965@garage.freebsd.pl> <46F178E4.7050408@gritton.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="SUOF0GtieIMvvwua" Content-Disposition: inline In-Reply-To: <46F178E4.7050408@gritton.org> User-Agent: Mutt/1.4.2.3i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 7.0-CURRENT i386 X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-2.6 required=3.0 tests=BAYES_00 autolearn=ham version=3.0.4 Cc: freebsd-hackers@FreeBSD.org, freebsd-jail@FreeBSD.org Subject: Re: Hierarchical jails - any current work? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Sep 2007 06:24:51 -0000 --SUOF0GtieIMvvwua Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Sep 19, 2007 at 01:30:44PM -0600, James Gritton wrote: > Pawel Jakub Dawidek wrote: > >Something like this: > > http://garage.freebsd.pl/mljail.README > > > >I did it some time ago, and this is one of the feature for new jail > >implementation with is beeing designed >=20 > Yes, that's just the thing I'm talking about, so it looks like I have=20 > indeed be reinventing something. (The jail scheduling work of cdjones=20 > it something else I'm interested in, but for another time). >=20 > Now the question becomes: how much jail work is out there, and what's=20 > the likelihood is it seeing the light of day in a released kernel? I=20 > hate to be going about coding stuff that's been done before (well,=20 > actually I enjoy coding it but you know...), but I only ever see=20 > snippets of jail work mentioned here and there and nothing ever seems to= =20 > get anywhere official. I figured the place to talk about this was the=20 > freebsd-jail mailing list, but it seems to be mostly for stuff like=20 > "getting app X to work in a jail" or "the current jail rc scripts have=20 > this or that deficiency." That's why I cross-mailed to freebsd-hackers= =20 > - maybe more appropriate there? >=20 > Where's the secret place people really go to communicate this kind of=20 > thing? I've done a lot of work in the general jail-like area, and while= =20 > much of it it the same as others' I'd like to share what isn't. Of=20 > course, with other people's jail-related projects staying on the=20 > sidelines so long - and that by those with "@freebsd.org" stature - one= =20 > wonders if there's a point. I don't mean to sound down on anything,=20 > just wondering what the state of the "jail community" is. Or where it is. We are not hidding anything, don't worry:) We just had developers summit in Denmark when we talked about future jail design. We also talked about this at the developers summit in Milan last year. Currently we have the big picture and quite a few details, I wouldn't call it finished project, because it's not, but we moved forward definiately. Once we polish the notes taken at devsummit we will publish them on a wiki page and give some time to the community to comment on that. If you want to work on jails I would hold on before the wiki page is ready, because I suspect there will be a lot of work to do. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --SUOF0GtieIMvvwua Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFG8hHRForvXbEpPzQRAutXAJ9+0XQktu9rDrjmBisOmAf1W00PlwCePYrO 9hIHKmrabHQ5uarnCSI5IZ8= =If+t -----END PGP SIGNATURE----- --SUOF0GtieIMvvwua-- From owner-freebsd-jail@FreeBSD.ORG Thu Sep 20 21:25:46 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3E82D16A47A for ; Thu, 20 Sep 2007 21:25:46 +0000 (UTC) (envelope-from d.hill@yournetplus.com) Received: from smtp.ndunet.com (smtp.ndunet.com [162.42.148.2]) by mx1.freebsd.org (Postfix) with ESMTP id 8E4C813C469 for ; Thu, 20 Sep 2007 21:25:45 +0000 (UTC) (envelope-from d.hill@yournetplus.com) Received: from [65.124.230.214] (HELO [192.168.1.10]) by smtp.ndunet.com (CommuniGate Pro SMTP 5.1.12 _community_) with ESMTPS id 301426 for freebsd-jail@freebsd.org; Thu, 20 Sep 2007 20:04:30 +0000 Date: Thu, 20 Sep 2007 20:04:27 +0000 (UTC) From: Duane Hill X-X-Sender: d.hill@duane.dbq.yournetplus.com To: freebsd-jail@freebsd.org Message-ID: <20070920194911.N4267@duane.dbq.yournetplus.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: Multiple IP Addresses - Configuration Issue X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Sep 2007 21:25:46 -0000 I am attempting to get more than one IP configured in a jail. I've taken a look at: http://www.digitaldaemon.com/FreeBSD/FreeBSD/index.html And have applied the patch: FreeBSD_6.2-STABLE-mijail.patch I'm kind of at a stopping point with regards to how you define the multiple IP's within /etc/rc.conf. This is the current jail configuration in /etc/rc.conf: jail_test_rootdir="/home/hoosegow/test" jail_test_hostname="test.localhost" jail_test_ip="192.168.1.11" jail_test_interface="dc0" jail_test_devfs_enable="YES" jail_test_devfs_ruleset="devfsrules_jail" ------ _|_ (_| |