From owner-freebsd-jail@FreeBSD.ORG Mon Jan 18 11:07:00 2010 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AF4F2106566C for ; Mon, 18 Jan 2010 11:07:00 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 9E1108FC1E for ; Mon, 18 Jan 2010 11:07:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id o0IB70t4047589 for ; Mon, 18 Jan 2010 11:07:00 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id o0IB707H047587 for freebsd-jail@FreeBSD.org; Mon, 18 Jan 2010 11:07:00 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 18 Jan 2010 11:07:00 GMT Message-Id: <201001181107.o0IB707H047587@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jan 2010 11:07:00 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail o kern/133265 jail [jail] is there a solution how to run nfs client in ja o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with 5 problems total. From owner-freebsd-jail@FreeBSD.ORG Tue Jan 19 22:34:38 2010 Return-Path: Delivered-To: freebsd-jail@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0A316106568F; Tue, 19 Jan 2010 22:34:38 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id D61E38FC15; Tue, 19 Jan 2010 22:34:37 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id o0JMYbIZ026530; Tue, 19 Jan 2010 22:34:37 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id o0JMYb7C026526; Tue, 19 Jan 2010 22:34:37 GMT (envelope-from linimon) Date: Tue, 19 Jan 2010 22:34:37 GMT Message-Id: <201001192234.o0JMYb7C026526@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-jail@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: conf/142972: [jail] [patch] Support JAILv2 and vnet in rc.d/jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jan 2010 22:34:38 -0000 Old Synopsis: Support JAILv2 and vnet in rc.d/jail New Synopsis: [jail] [patch] Support JAILv2 and vnet in rc.d/jail Responsible-Changed-From-To: freebsd-bugs->freebsd-jail Responsible-Changed-By: linimon Responsible-Changed-When: Tue Jan 19 22:34:19 UTC 2010 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=142972 From owner-freebsd-jail@FreeBSD.ORG Tue Jan 19 23:11:11 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2B1971065693; Tue, 19 Jan 2010 23:11:11 +0000 (UTC) (envelope-from merijn@inconsistent.nl) Received: from mail.inconsistent.nl (mail.inconsistent.nl [IPv6:2001:888:1744::3]) by mx1.freebsd.org (Postfix) with ESMTP id E17778FC1D; Tue, 19 Jan 2010 23:11:10 +0000 (UTC) Received: from localhost (unknown [IPv6:2001:888:1744:2:226:8ff:fe05:84f4]) (Authenticated sender: merijn@inconsistent.nl) by mail.inconsistent.nl (Postfix) with ESMTPSA id 1F6B831CD; Wed, 20 Jan 2010 00:11:09 +0100 (CET) Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes To: freebsd-bugs@freebsd.org, freebsd-jail@freebsd.org References: <201001192234.o0JMYb7C026526@freefall.freebsd.org> Date: Wed, 20 Jan 2010 00:11:08 +0100 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: "Merijn Verstraaten" Message-ID: In-Reply-To: <201001192234.o0JMYb7C026526@freefall.freebsd.org> User-Agent: Opera Mail/10.10 (MacIntel) Cc: Subject: Re: conf/142972: [jail] [patch] Support JAILv2 and vnet in rc.d/jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jan 2010 23:11:11 -0000 On Tue, 19 Jan 2010 23:34:37 +0100, wrote: > Old Synopsis: Support JAILv2 and vnet in rc.d/jail > New Synopsis: [jail] [patch] Support JAILv2 and vnet in rc.d/jail > > Responsible-Changed-From-To: freebsd-bugs->freebsd-jail > Responsible-Changed-By: linimon > Responsible-Changed-When: Tue Jan 19 22:34:19 UTC 2010 > Responsible-Changed-Why: > Over to maintainer(s). > > http://www.freebsd.org/cgi/query-pr.cgi?pr=142972 This patch seems to lack support for adding IPv6 addresses to the jails. It passes $_addrl (which can contain both IPv4 and IPv6 addresses) as an argument to ip4.addr and doesn't include ipv6.addr at all. I have a half done patch for starting jails with the new argument syntax lying around (which does do IPv6). I'll try and clean up my patch to something presentable and then combine it with the vnet code in this patch somewhere this week unless someone beats me to the punch. Kind regards, Merijn Verstraaten From owner-freebsd-jail@FreeBSD.ORG Wed Jan 20 09:20:04 2010 Return-Path: Delivered-To: freebsd-jail@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B00D31065672 for ; Wed, 20 Jan 2010 09:20:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 97D778FC0C for ; Wed, 20 Jan 2010 09:20:04 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id o0K9K4nx015101 for ; Wed, 20 Jan 2010 09:20:04 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id o0K9K4g2015100; Wed, 20 Jan 2010 09:20:04 GMT (envelope-from gnats) Date: Wed, 20 Jan 2010 09:20:04 GMT Message-Id: <201001200920.o0K9K4g2015100@freefall.freebsd.org> To: freebsd-jail@FreeBSD.org From: David BERARD Cc: Subject: Re: conf/142972: [jail] [patch] Support JAILv2 and vnet in rc.d/jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: David BERARD List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Jan 2010 09:20:04 -0000 The following reply was made to PR conf/142972; it has been noted by GNATS. From: David BERARD To: freebsd-jail@freebsd.org, bug-followup@freebsd.org Cc: Merijn Verstraaten Subject: Re: conf/142972: [jail] [patch] Support JAILv2 and vnet in rc.d/jail Date: Wed, 20 Jan 2010 10:16:57 +0100 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig63BF9C8D2DF19443C3D812C4 Content-Type: multipart/mixed; boundary="------------020001070709060807020708" This is a multi-part message in MIME format. --------------020001070709060807020708 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable > This patch seems to lack support for adding IPv6 addresses to the jails= =2E > It passes $_addrl (which can contain both IPv4 and IPv6 addresses) as a= n > argument to ip4.addr and doesn't include ipv6.addr at all. You're right, Fixed in this new patch. Best regards. --=20 David BERARD --------------------------------------- NFrance Conseil david(at)nfrance.com GPG|PGP KeyId 0x7FC68EB8 GPG|PGP Key http://tinyurl.com/gpgdavid --------------------------------------- * No electrons were harmed in * * the transmission of this email * --------------020001070709060807020708 Content-Type: text/plain; name="jailv2rcip6.patch" Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="jailv2rcip6.patch" LS0tIC91c3Ivc3JjL2V0Yy9yYy5kL2phaWwJMjAwOS0xMC0yNSAwMjoxMDoyOS4wMDAwMDAw MDAgKzAxMDAKKysrIC9ldGMvcmMuZC9qYWlsCTIwMTAtMDEtMjAgMDk6NDg6MDQuMDAwMDAw MDAwICswMTAwCkBAIC0zOCw2ICszOCw3IEBACiAJX2ZkZXNjZGlyPSIke19kZXZkaXJ9L2Zk IgogCV9wcm9jZGlyPSIke19yb290ZGlyfS9wcm9jIgogCWV2YWwgX2hvc3RuYW1lPVwiXCRq YWlsXyR7X2p9X2hvc3RuYW1lXCIKKwlldmFsIF9uYW1lPVwiXCRqYWlsXyR7X2p9X25hbWVc IgogCWV2YWwgX2lwPVwiXCRqYWlsXyR7X2p9X2lwXCIKIAlldmFsIF9pbnRlcmZhY2U9XCJc JHtqYWlsXyR7X2p9X2ludGVyZmFjZTotJHtqYWlsX2ludGVyZmFjZX19XCIKIAlldmFsIF9l eGVjPVwiXCRqYWlsXyR7X2p9X2V4ZWNcIgpAQCAtOTUsNiArOTYsOSBAQAogCQlmaQogCWZp CiAKKwkjIEpBSUwgbmV3IHN0eWxlCisJZXZhbCBfdjI9XCJcJHtqYWlsX3YyX2VuYWJsZTot Ik5PIn1cIgorCiAJIyBUaGUgZGVmYXVsdCBqYWlsIHJ1bGVzZXQgd2lsbCBiZSB1c2VkIGJ5 IHJjLnN1YnIgaWYgbm9uZSBpcyBzcGVjaWZpZWQuCiAJZXZhbCBfcnVsZXNldD1cIlwke2ph aWxfJHtfan1fZGV2ZnNfcnVsZXNldDotJHtqYWlsX2RldmZzX3J1bGVzZXR9fVwiCiAJZXZh bCBfZGV2ZnM9XCJcJHtqYWlsXyR7X2p9X2RldmZzX2VuYWJsZTotJHtqYWlsX2RldmZzX2Vu YWJsZX19XCIKQEAgLTExMCwxOCArMTE0LDI2IEBACiAJZXZhbCBfZnN0YWI9XCJcJHtqYWls XyR7X2p9X2ZzdGFiOi0ke2phaWxfZnN0YWJ9fVwiCiAJWyAteiAiJHtfZnN0YWJ9IiBdICYm IF9mc3RhYj0iL2V0Yy9mc3RhYi4ke19qfSIKIAlldmFsIF9mbGFncz1cIlwke2phaWxfJHtf an1fZmxhZ3M6LSR7amFpbF9mbGFnc319XCIKLQlbIC16ICIke19mbGFnc30iIF0gJiYgX2Zs YWdzPSItbCAtVSByb290IgorCWlmIGNoZWNreWVzbm8gX3YyOyB0aGVuCisJCVsgLXogIiR7 X2ZsYWdzfSIgXSAmJiBfZmxhZ3M9Ii1sIC1VIHJvb3QgLWMiCisJZWxzZQorCQlbIC16ICIk e19mbGFnc30iIF0gJiYgX2ZsYWdzPSItbCAtVSByb290IgorCWZpCiAJZXZhbCBfY29uc29s ZWxvZz1cIlwke2phaWxfJHtfan1fY29uc29sZWxvZzotJHtqYWlsX2NvbnNvbGVsb2d9fVwi CiAJWyAteiAiJHtfY29uc29sZWxvZ30iIF0gJiYgX2NvbnNvbGVsb2c9Ii92YXIvbG9nL2ph aWxfJHtfan1fY29uc29sZS5sb2ciCiAJZXZhbCBfZmliPVwiXCR7amFpbF8ke19qfV9maWI6 LSR7amFpbF9maWJ9fVwiCisJZXZhbCBfdm5ldD1cIlwke2phaWxfJHtfan1fdm5ldF9lbmFi bGU6LSJOTyJ9XCIKIAogCSMgRGVidWdnaW5nIGFpZAogCSMKKwlkZWJ1ZyAiJF9qIHYyIGVu YWJsZTogJF92MiIKIAlkZWJ1ZyAiJF9qIGRldmZzIGVuYWJsZTogJF9kZXZmcyIKIAlkZWJ1 ZyAiJF9qIGZkZXNjZnMgZW5hYmxlOiAkX2ZkZXNjZnMiCiAJZGVidWcgIiRfaiBwcm9jZnMg ZW5hYmxlOiAkX3Byb2NmcyIKIAlkZWJ1ZyAiJF9qIG1vdW50IGVuYWJsZTogJF9tb3VudCIK KwlkZWJ1ZyAiJF9qIHZuZXQgZW5hYmxlOiAkX3ZuZXQiCiAJZGVidWcgIiRfaiBob3N0bmFt ZTogJF9ob3N0bmFtZSIKKwlkZWJ1ZyAiJF9qIG5hbWU6ICRfbmFtZSIKIAlkZWJ1ZyAiJF9q IGlwOiAkX2lwIgogCWphaWxfc2hvd19hZGRyZXNzZXMgJHtfan0KIAlkZWJ1ZyAiJF9qIGlu dGVyZmFjZTogJF9pbnRlcmZhY2UiCkBAIC00ODEsNiArNDkzLDIwIEBACiAJCSopCTs7CiAJ CWVzYWMKIAorCQkKKwkJIyBBcHBlbmQgYWRkcmVzcyB0byBsaXN0IG9mIGFkZHJlc3NlcyBm b3IgdGhlIGphaWwgY29tbWFuZC4KKwkJY2FzZSAiJHtfdHlwZX0iIGluCisJCSJpbmV0IikJ Y2FzZSAiJHtfYWRkcmx2NH0iIGluCisJCQkiIikJX2FkZHJsdjQ9IiR7X2FkZHJ9IiA7Owor CQkJKikJX2FkZHJsdjQ9IiR7X2FkZHJsdjR9LCR7X2FkZHJ9IiA7OworCQkJZXNhYzs7CisJ CSJpbmV0NiIpIGNhc2UgIiR7X2FkZHJsdjZ9IiBpbgorCQkJIiIpCV9hZGRybHY2PSIke19h ZGRyfSIgOzsKKwkJCSopCV9hZGRybHY2PSIke19hZGRybHY2fSwke19hZGRyfSIgOzsKKwkJ CWVzYWM7OworCQllc2FjCisJCQorCQkKIAkJIyBBcHBlbmQgYWRkcmVzcyB0byBsaXN0IG9m IGFkZHJlc3NlcyBmb3IgdGhlIGphaWwgY29tbWFuZC4KIAkJY2FzZSAiJHtfYWRkcmx9IiBp bgogCQkiIikJX2FkZHJsPSIke19hZGRyfSIgOzsKQEAgLTU2Nyw2ICs1OTMsOCBAQAogCQkJ Y29udGludWU7CiAJCWZpCiAJCV9hZGRybD0iIgorCQlfYWRkcmx2ND0iIgorCQlfYWRkcmx2 Nj0iIgogCQlqYWlsX2lwcyAiYWRkIgogCQlpZiBbIC1uICIke19maWJ9IiBdOyB0aGVuCiAJ CQlfc2V0ZmliPSJzZXRmaWIgLUYgJyR7X2ZpYn0nIgpAQCAtNjM0LDEyICs2NjIsMjYgQEAK IAkJCSR7b3V0fQogCQkJaT0kKChpICsgMSkpCiAJCWRvbmUKLQotCQlldmFsICR7X3NldGZp Yn0gamFpbCAke19mbGFnc30gLWkgJHtfcm9vdGRpcn0gJHtfaG9zdG5hbWV9IFwKLQkJCVwi JHtfYWRkcmx9XCIgJHtfZXhlY19zdGFydH0gPiAke190bXBfamFpbH0gMj4mMQotCisJCWlm IGNoZWNreWVzbm8gX3YyOyB0aGVuCisJCQlfc3RhcnRfY21kPSIke19zZXRmaWJ9IGphaWwg LUogJHtfdG1wX2phaWx9ICR7X2ZsYWdzfSBwYXRoPSR7X3Jvb3RkaXJ9IGhvc3QuaG9zdG5h bWU9JHtfaG9zdG5hbWV9IFwKKwkJCQluYW1lPVwiJHtfbmFtZX1cIiIKKwkJCWlmIGNoZWNr eWVzbm8gX3ZuZXQ7IHRoZW4KKwkJCQlfc3RhcnRfY21kPSIke19zdGFydF9jbWR9IHZuZXQi CisJCQllbHNlCisJCQkJX3N0YXJ0X2NtZD0iJHtfc3RhcnRfY21kfSBpcDQuYWRkcj1cIiR7 X2FkZHJsdjR9XCIgaXA2LmFkZHI9XCIke19hZGRybHY2fVwiIgorCQkJZmkKKwkJCSBfc3Rh cnRfY21kPSIke19zdGFydF9jbWR9IGNvbW1hbmQ9JHtfZXhlY19zdGFydH0iCisJCQlldmFs ICR7X3N0YXJ0X2NtZH0gPiAvZGV2L251bGwgMj4mMQorCQllbHNlCisJCQlldmFsICR7X3Nl dGZpYn0gamFpbCAke19mbGFnc30gLWkgJHtfcm9vdGRpcn0gJHtfaG9zdG5hbWV9IFwKKwkJ CQlcIiR7X2FkZHJsfVwiICR7X2V4ZWNfc3RhcnR9ID4gJHtfdG1wX2phaWx9IDI+JjEKKwkJ ZmkKIAkJaWYgWyAiJD8iIC1lcSAwIF0gOyB0aGVuCi0JCQlfamFpbF9pZD0kKGhlYWQgLTEg JHtfdG1wX2phaWx9KQorCQkJaWYgY2hlY2t5ZXNubyBfdjI7IHRoZW4KKwkJCQlfamFpbF9p ZD0kKGF3ayAtRiAnPXwgJyAne3ByaW50ICQyfScgJHtfdG1wX2phaWx9KQorCQkJZWxzZQor CQkJCV9qYWlsX2lkPSQoaGVhZCAtMSAke190bXBfamFpbH0pCisJCQlmaQogCQkJaT0xCiAJ CQl3aGlsZSA6IDsgZG8KIAkJCQlldmFsIG91dD1cIlwke19leGVjX2FmdGVyc3RhcnQke2l9 Oi0nJ31cIgo= --------------020001070709060807020708-- --------------enig63BF9C8D2DF19443C3D812C4 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAktWyhAACgkQYIAREn/GjriZ7wCgl/nT0a5JlOZClGuJJgNn6pER aLEAnjgcSEbBzTzH0jS0SWMSvJz19ONm =2ezt -----END PGP SIGNATURE----- --------------enig63BF9C8D2DF19443C3D812C4-- From owner-freebsd-jail@FreeBSD.ORG Wed Jan 20 09:36:30 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D1918106566C for ; Wed, 20 Jan 2010 09:36:30 +0000 (UTC) (envelope-from david@nfrance.com) Received: from smtp-3.nfrance.com (smtp-3.nfrance.com [80.247.228.94]) by mx1.freebsd.org (Postfix) with ESMTP id 561D08FC19 for ; Wed, 20 Jan 2010 09:36:29 +0000 (UTC) Received: from releaser.nfrance.com (nfranceconseil.pr0.nerim.net [213.41.145.178]) (authenticated bits=0) by smtp-3.nfrance.com (8.13.8/8.13.6) with ESMTP id o0K9H5ds097540; Wed, 20 Jan 2010 10:17:05 +0100 (CET) (envelope-from david@nfrance.com) Message-ID: <4B56CA09.7080402@nfrance.com> Date: Wed, 20 Jan 2010 10:16:57 +0100 From: David BERARD Organization: nfrance.com User-Agent: Thunderbird 2.0.0.21 (X11/20090423) MIME-Version: 1.0 To: freebsd-jail@freebsd.org, bug-followup@freebsd.org References: <201001192234.o0JMYb7C026526@freefall.freebsd.org> In-Reply-To: X-Enigmail-Version: 0.95.7 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig63BF9C8D2DF19443C3D812C4" Cc: Subject: Re: conf/142972: [jail] [patch] Support JAILv2 and vnet in rc.d/jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Jan 2010 09:36:30 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig63BF9C8D2DF19443C3D812C4 Content-Type: multipart/mixed; boundary="------------020001070709060807020708" This is a multi-part message in MIME format. --------------020001070709060807020708 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable > This patch seems to lack support for adding IPv6 addresses to the jails= =2E > It passes $_addrl (which can contain both IPv4 and IPv6 addresses) as a= n > argument to ip4.addr and doesn't include ipv6.addr at all. You're right, Fixed in this new patch. Best regards. --=20 David BERARD --------------------------------------- NFrance Conseil david(at)nfrance.com GPG|PGP KeyId 0x7FC68EB8 GPG|PGP Key http://tinyurl.com/gpgdavid --------------------------------------- * No electrons were harmed in * * the transmission of this email * --------------020001070709060807020708 Content-Type: text/plain; name="jailv2rcip6.patch" Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="jailv2rcip6.patch" LS0tIC91c3Ivc3JjL2V0Yy9yYy5kL2phaWwJMjAwOS0xMC0yNSAwMjoxMDoyOS4wMDAwMDAw MDAgKzAxMDAKKysrIC9ldGMvcmMuZC9qYWlsCTIwMTAtMDEtMjAgMDk6NDg6MDQuMDAwMDAw MDAwICswMTAwCkBAIC0zOCw2ICszOCw3IEBACiAJX2ZkZXNjZGlyPSIke19kZXZkaXJ9L2Zk IgogCV9wcm9jZGlyPSIke19yb290ZGlyfS9wcm9jIgogCWV2YWwgX2hvc3RuYW1lPVwiXCRq YWlsXyR7X2p9X2hvc3RuYW1lXCIKKwlldmFsIF9uYW1lPVwiXCRqYWlsXyR7X2p9X25hbWVc IgogCWV2YWwgX2lwPVwiXCRqYWlsXyR7X2p9X2lwXCIKIAlldmFsIF9pbnRlcmZhY2U9XCJc JHtqYWlsXyR7X2p9X2ludGVyZmFjZTotJHtqYWlsX2ludGVyZmFjZX19XCIKIAlldmFsIF9l eGVjPVwiXCRqYWlsXyR7X2p9X2V4ZWNcIgpAQCAtOTUsNiArOTYsOSBAQAogCQlmaQogCWZp CiAKKwkjIEpBSUwgbmV3IHN0eWxlCisJZXZhbCBfdjI9XCJcJHtqYWlsX3YyX2VuYWJsZTot Ik5PIn1cIgorCiAJIyBUaGUgZGVmYXVsdCBqYWlsIHJ1bGVzZXQgd2lsbCBiZSB1c2VkIGJ5 IHJjLnN1YnIgaWYgbm9uZSBpcyBzcGVjaWZpZWQuCiAJZXZhbCBfcnVsZXNldD1cIlwke2ph aWxfJHtfan1fZGV2ZnNfcnVsZXNldDotJHtqYWlsX2RldmZzX3J1bGVzZXR9fVwiCiAJZXZh bCBfZGV2ZnM9XCJcJHtqYWlsXyR7X2p9X2RldmZzX2VuYWJsZTotJHtqYWlsX2RldmZzX2Vu YWJsZX19XCIKQEAgLTExMCwxOCArMTE0LDI2IEBACiAJZXZhbCBfZnN0YWI9XCJcJHtqYWls XyR7X2p9X2ZzdGFiOi0ke2phaWxfZnN0YWJ9fVwiCiAJWyAteiAiJHtfZnN0YWJ9IiBdICYm IF9mc3RhYj0iL2V0Yy9mc3RhYi4ke19qfSIKIAlldmFsIF9mbGFncz1cIlwke2phaWxfJHtf an1fZmxhZ3M6LSR7amFpbF9mbGFnc319XCIKLQlbIC16ICIke19mbGFnc30iIF0gJiYgX2Zs YWdzPSItbCAtVSByb290IgorCWlmIGNoZWNreWVzbm8gX3YyOyB0aGVuCisJCVsgLXogIiR7 X2ZsYWdzfSIgXSAmJiBfZmxhZ3M9Ii1sIC1VIHJvb3QgLWMiCisJZWxzZQorCQlbIC16ICIk e19mbGFnc30iIF0gJiYgX2ZsYWdzPSItbCAtVSByb290IgorCWZpCiAJZXZhbCBfY29uc29s ZWxvZz1cIlwke2phaWxfJHtfan1fY29uc29sZWxvZzotJHtqYWlsX2NvbnNvbGVsb2d9fVwi CiAJWyAteiAiJHtfY29uc29sZWxvZ30iIF0gJiYgX2NvbnNvbGVsb2c9Ii92YXIvbG9nL2ph aWxfJHtfan1fY29uc29sZS5sb2ciCiAJZXZhbCBfZmliPVwiXCR7amFpbF8ke19qfV9maWI6 LSR7amFpbF9maWJ9fVwiCisJZXZhbCBfdm5ldD1cIlwke2phaWxfJHtfan1fdm5ldF9lbmFi bGU6LSJOTyJ9XCIKIAogCSMgRGVidWdnaW5nIGFpZAogCSMKKwlkZWJ1ZyAiJF9qIHYyIGVu YWJsZTogJF92MiIKIAlkZWJ1ZyAiJF9qIGRldmZzIGVuYWJsZTogJF9kZXZmcyIKIAlkZWJ1 ZyAiJF9qIGZkZXNjZnMgZW5hYmxlOiAkX2ZkZXNjZnMiCiAJZGVidWcgIiRfaiBwcm9jZnMg ZW5hYmxlOiAkX3Byb2NmcyIKIAlkZWJ1ZyAiJF9qIG1vdW50IGVuYWJsZTogJF9tb3VudCIK KwlkZWJ1ZyAiJF9qIHZuZXQgZW5hYmxlOiAkX3ZuZXQiCiAJZGVidWcgIiRfaiBob3N0bmFt ZTogJF9ob3N0bmFtZSIKKwlkZWJ1ZyAiJF9qIG5hbWU6ICRfbmFtZSIKIAlkZWJ1ZyAiJF9q IGlwOiAkX2lwIgogCWphaWxfc2hvd19hZGRyZXNzZXMgJHtfan0KIAlkZWJ1ZyAiJF9qIGlu dGVyZmFjZTogJF9pbnRlcmZhY2UiCkBAIC00ODEsNiArNDkzLDIwIEBACiAJCSopCTs7CiAJ CWVzYWMKIAorCQkKKwkJIyBBcHBlbmQgYWRkcmVzcyB0byBsaXN0IG9mIGFkZHJlc3NlcyBm b3IgdGhlIGphaWwgY29tbWFuZC4KKwkJY2FzZSAiJHtfdHlwZX0iIGluCisJCSJpbmV0IikJ Y2FzZSAiJHtfYWRkcmx2NH0iIGluCisJCQkiIikJX2FkZHJsdjQ9IiR7X2FkZHJ9IiA7Owor CQkJKikJX2FkZHJsdjQ9IiR7X2FkZHJsdjR9LCR7X2FkZHJ9IiA7OworCQkJZXNhYzs7CisJ CSJpbmV0NiIpIGNhc2UgIiR7X2FkZHJsdjZ9IiBpbgorCQkJIiIpCV9hZGRybHY2PSIke19h ZGRyfSIgOzsKKwkJCSopCV9hZGRybHY2PSIke19hZGRybHY2fSwke19hZGRyfSIgOzsKKwkJ CWVzYWM7OworCQllc2FjCisJCQorCQkKIAkJIyBBcHBlbmQgYWRkcmVzcyB0byBsaXN0IG9m IGFkZHJlc3NlcyBmb3IgdGhlIGphaWwgY29tbWFuZC4KIAkJY2FzZSAiJHtfYWRkcmx9IiBp bgogCQkiIikJX2FkZHJsPSIke19hZGRyfSIgOzsKQEAgLTU2Nyw2ICs1OTMsOCBAQAogCQkJ Y29udGludWU7CiAJCWZpCiAJCV9hZGRybD0iIgorCQlfYWRkcmx2ND0iIgorCQlfYWRkcmx2 Nj0iIgogCQlqYWlsX2lwcyAiYWRkIgogCQlpZiBbIC1uICIke19maWJ9IiBdOyB0aGVuCiAJ CQlfc2V0ZmliPSJzZXRmaWIgLUYgJyR7X2ZpYn0nIgpAQCAtNjM0LDEyICs2NjIsMjYgQEAK IAkJCSR7b3V0fQogCQkJaT0kKChpICsgMSkpCiAJCWRvbmUKLQotCQlldmFsICR7X3NldGZp Yn0gamFpbCAke19mbGFnc30gLWkgJHtfcm9vdGRpcn0gJHtfaG9zdG5hbWV9IFwKLQkJCVwi JHtfYWRkcmx9XCIgJHtfZXhlY19zdGFydH0gPiAke190bXBfamFpbH0gMj4mMQotCisJCWlm IGNoZWNreWVzbm8gX3YyOyB0aGVuCisJCQlfc3RhcnRfY21kPSIke19zZXRmaWJ9IGphaWwg LUogJHtfdG1wX2phaWx9ICR7X2ZsYWdzfSBwYXRoPSR7X3Jvb3RkaXJ9IGhvc3QuaG9zdG5h bWU9JHtfaG9zdG5hbWV9IFwKKwkJCQluYW1lPVwiJHtfbmFtZX1cIiIKKwkJCWlmIGNoZWNr eWVzbm8gX3ZuZXQ7IHRoZW4KKwkJCQlfc3RhcnRfY21kPSIke19zdGFydF9jbWR9IHZuZXQi CisJCQllbHNlCisJCQkJX3N0YXJ0X2NtZD0iJHtfc3RhcnRfY21kfSBpcDQuYWRkcj1cIiR7 X2FkZHJsdjR9XCIgaXA2LmFkZHI9XCIke19hZGRybHY2fVwiIgorCQkJZmkKKwkJCSBfc3Rh cnRfY21kPSIke19zdGFydF9jbWR9IGNvbW1hbmQ9JHtfZXhlY19zdGFydH0iCisJCQlldmFs ICR7X3N0YXJ0X2NtZH0gPiAvZGV2L251bGwgMj4mMQorCQllbHNlCisJCQlldmFsICR7X3Nl dGZpYn0gamFpbCAke19mbGFnc30gLWkgJHtfcm9vdGRpcn0gJHtfaG9zdG5hbWV9IFwKKwkJ CQlcIiR7X2FkZHJsfVwiICR7X2V4ZWNfc3RhcnR9ID4gJHtfdG1wX2phaWx9IDI+JjEKKwkJ ZmkKIAkJaWYgWyAiJD8iIC1lcSAwIF0gOyB0aGVuCi0JCQlfamFpbF9pZD0kKGhlYWQgLTEg JHtfdG1wX2phaWx9KQorCQkJaWYgY2hlY2t5ZXNubyBfdjI7IHRoZW4KKwkJCQlfamFpbF9p ZD0kKGF3ayAtRiAnPXwgJyAne3ByaW50ICQyfScgJHtfdG1wX2phaWx9KQorCQkJZWxzZQor CQkJCV9qYWlsX2lkPSQoaGVhZCAtMSAke190bXBfamFpbH0pCisJCQlmaQogCQkJaT0xCiAJ CQl3aGlsZSA6IDsgZG8KIAkJCQlldmFsIG91dD1cIlwke19leGVjX2FmdGVyc3RhcnQke2l9 Oi0nJ31cIgo= --------------020001070709060807020708-- --------------enig63BF9C8D2DF19443C3D812C4 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAktWyhAACgkQYIAREn/GjriZ7wCgl/nT0a5JlOZClGuJJgNn6pER aLEAnjgcSEbBzTzH0jS0SWMSvJz19ONm =2ezt -----END PGP SIGNATURE----- --------------enig63BF9C8D2DF19443C3D812C4-- From owner-freebsd-jail@FreeBSD.ORG Wed Jan 20 09:40:04 2010 Return-Path: Delivered-To: freebsd-jail@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8D6EC1065672 for ; Wed, 20 Jan 2010 09:40:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 780438FC13 for ; Wed, 20 Jan 2010 09:40:04 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id o0K9e4vg032468 for ; Wed, 20 Jan 2010 09:40:04 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id o0K9e4lO032467; Wed, 20 Jan 2010 09:40:04 GMT (envelope-from gnats) Date: Wed, 20 Jan 2010 09:40:04 GMT Message-Id: <201001200940.o0K9e4lO032467@freefall.freebsd.org> To: freebsd-jail@FreeBSD.org From: David BERARD Cc: Subject: Re: conf/142972: [jail] [patch] Support JAILv2 and vnet in rc.d/jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: David BERARD List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Jan 2010 09:40:04 -0000 The following reply was made to PR conf/142972; it has been noted by GNATS. From: David BERARD To: bug-followup@FreeBSD.org Cc: Subject: Re: conf/142972: [jail] [patch] Support JAILv2 and vnet in rc.d/jail Date: Wed, 20 Jan 2010 10:30:13 +0100 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig17DF4DD3D8D95299AD818873 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Sorry for base64 encoded data --- jailv2rc_ip6.patch begins here --- --- /usr/src/etc/rc.d/jail 2009-10-25 02:10:29.000000000 +0100 +++ /usr/src/etc/rc.d/jail 2010-01-20 09:48:04.000000000 +0100 @@ -38,6 +38,7 @@ _fdescdir=3D"${_devdir}/fd" _procdir=3D"${_rootdir}/proc" eval _hostname=3D\"\$jail_${_j}_hostname\" + eval _name=3D\"\$jail_${_j}_name\" eval _ip=3D\"\$jail_${_j}_ip\" eval _interface=3D\"\${jail_${_j}_interface:-${jail_interface}}\"= eval _exec=3D\"\$jail_${_j}_exec\" @@ -95,6 +96,9 @@ fi fi + # JAIL new style + eval _v2=3D\"\${jail_v2_enable:-"NO"}\" + # The default jail ruleset will be used by rc.subr if none is spe= cified. eval _ruleset=3D\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_rules= et}}\" eval _devfs=3D\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}= \" @@ -110,18 +114,26 @@ eval _fstab=3D\"\${jail_${_j}_fstab:-${jail_fstab}}\" [ -z "${_fstab}" ] && _fstab=3D"/etc/fstab.${_j}" eval _flags=3D\"\${jail_${_j}_flags:-${jail_flags}}\" - [ -z "${_flags}" ] && _flags=3D"-l -U root" + if checkyesno _v2; then + [ -z "${_flags}" ] && _flags=3D"-l -U root -c" + else + [ -z "${_flags}" ] && _flags=3D"-l -U root" + fi eval _consolelog=3D\"\${jail_${_j}_consolelog:-${jail_consolelog}= }\" [ -z "${_consolelog}" ] && _consolelog=3D"/var/log/jail_${_j}_con= sole.log" eval _fib=3D\"\${jail_${_j}_fib:-${jail_fib}}\" + eval _vnet=3D\"\${jail_${_j}_vnet_enable:-"NO"}\" # Debugging aid # + debug "$_j v2 enable: $_v2" debug "$_j devfs enable: $_devfs" debug "$_j fdescfs enable: $_fdescfs" debug "$_j procfs enable: $_procfs" debug "$_j mount enable: $_mount" + debug "$_j vnet enable: $_vnet" debug "$_j hostname: $_hostname" + debug "$_j name: $_name" debug "$_j ip: $_ip" jail_show_addresses ${_j} debug "$_j interface: $_interface" @@ -481,6 +493,20 @@ *) ;; esac + + # Append address to list of addresses for the jail comman= d. + case "${_type}" in + "inet") case "${_addrlv4}" in + "") _addrlv4=3D"${_addr}" ;; + *) _addrlv4=3D"${_addrlv4},${_addr}" ;; + esac;; + "inet6") case "${_addrlv6}" in + "") _addrlv6=3D"${_addr}" ;; + *) _addrlv6=3D"${_addrlv6},${_addr}" ;; + esac;; + esac + + # Append address to list of addresses for the jail comman= d. case "${_addrl}" in "") _addrl=3D"${_addr}" ;; @@ -567,6 +593,8 @@ continue; fi _addrl=3D"" + _addrlv4=3D"" + _addrlv6=3D"" jail_ips "add" if [ -n "${_fib}" ]; then _setfib=3D"setfib -F '${_fib}'" @@ -634,12 +662,26 @@ ${out} i=3D$((i + 1)) done - - eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname= } \ - \"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1 - + if checkyesno _v2; then + _start_cmd=3D"${_setfib} jail -J ${_tmp_jail} ${_= flags} path=3D${_rootdir} host.hostname=3D${_hostname} \ + name=3D\"${_name}\"" + if checkyesno _vnet; then + _start_cmd=3D"${_start_cmd} vnet" + else + _start_cmd=3D"${_start_cmd} ip4.addr=3D\"= ${_addrlv4}\" ip6.addr=3D\"${_addrlv6}\"" + fi + _start_cmd=3D"${_start_cmd} command=3D${_exec_st= art}" + eval ${_start_cmd} > /dev/null 2>&1 + else + eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_= hostname} \ + \"${_addrl}\" ${_exec_start} > ${_tmp_jai= l} 2>&1 + fi if [ "$?" -eq 0 ] ; then - _jail_id=3D$(head -1 ${_tmp_jail}) + if checkyesno _v2; then + _jail_id=3D$(awk -F '=3D| ' '{print $2}' = ${_tmp_jail}) + else + _jail_id=3D$(head -1 ${_tmp_jail}) + fi i=3D1 while : ; do eval out=3D\"\${_exec_afterstart${i}:-''}= \" --- jailv2rc_ip6.patch ends here --- --------------enig17DF4DD3D8D95299AD818873 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAktWzSUACgkQYIAREn/Gjrj/7ACgw+LGIJyA4YZ2uXeKx+6+8wYb HsgAnAj60qPyGyfwTSUUtR+9yQv4U9oY =iskM -----END PGP SIGNATURE----- --------------enig17DF4DD3D8D95299AD818873-- From owner-freebsd-jail@FreeBSD.ORG Thu Jan 21 09:12:25 2010 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C70B5106568B; Thu, 21 Jan 2010 09:12:25 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) by mx1.freebsd.org (Postfix) with ESMTP id 847E18FC08; Thu, 21 Jan 2010 09:12:25 +0000 (UTC) Received: from elsa.codelab.cz (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 97D0C19E023; Thu, 21 Jan 2010 10:12:23 +0100 (CET) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 7846319E019; Thu, 21 Jan 2010 10:12:21 +0100 (CET) Message-ID: <4B581A74.5060000@quip.cz> Date: Thu, 21 Jan 2010 10:12:20 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9.1.7) Gecko/20100104 SeaMonkey/2.0.2 MIME-Version: 1.0 To: Charles Sprickman References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@FreeBSD.org, freebsd-stable@freebsd.org Subject: Re: 32-bit jails on a 64-bit system? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jan 2010 09:12:25 -0000 Charles Sprickman wrote: > Howdy, > > I saw this little tidbit in the 8.0 Release Notes... > > ---- > The jail(8) subsystem has been updated. Changes include: > > Compatibility support which permits 32-bit jail binaries to be used on > 64-bit systems to manage jails has been added. > ---- > > I know prior to 8.0 with some fancy footwork you could do some > interesting things (for example, I have a jail running a bunch of 32-bit > 4.11 stuff on a 7.2 amd64 box), but it was not easy. > > Looking at the jail manpage and handbook entries, I'm not seeing > anything that further explains the changes. I've been able to get some > things working in a test setup, but not everything. Any pointers to what > exactly that blurb in the release notes actually means? Google is > getting me nowhere. > > My current scenario is this... I have a backups server with a ton of > space. Nightly backups run to this and get zfs-snapshotted each night. I > also have created jails for a number of important hosts so that should I > lose a host, I can bring up a jail on this box to replace it while I > repair things. One host is a 7.2/i386 box. The backups host is > 8.0/amd64. Ideally I'd like to copy everything, including the base OS > into this jail, except for perhaps "ps", "top" and other utilities that > might have issues. (freebsd-jail@ was added in to Cc:) I think it is nothing new to 8.0, it is the same as release note for 7.2. I didn't test it, but I think you can install (copy) i386 jail (or whole system) in to amd64 host and just run it as any other jail. Miroslav Lachman From owner-freebsd-jail@FreeBSD.ORG Thu Jan 21 13:44:12 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7B08A106566B for ; Thu, 21 Jan 2010 13:44:12 +0000 (UTC) (envelope-from andrew.hotlab@hotmail.com) Received: from blu0-omc1-s25.blu0.hotmail.com (blu0-omc1-s25.blu0.hotmail.com [65.55.116.36]) by mx1.freebsd.org (Postfix) with ESMTP id 469C78FC13 for ; Thu, 21 Jan 2010 13:44:12 +0000 (UTC) Received: from BLU138-W12 ([65.55.116.8]) by blu0-omc1-s25.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 21 Jan 2010 05:44:11 -0800 Message-ID: X-Originating-IP: [81.174.54.98] From: Andrew Hotlab To: <000.fbsd@quip.cz>, Date: Thu, 21 Jan 2010 13:44:11 +0000 Importance: Normal In-Reply-To: <4B581A74.5060000@quip.cz> References: , <4B581A74.5060000@quip.cz> Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginalArrivalTime: 21 Jan 2010 13:44:11.0713 (UTC) FILETIME=[D0359310:01CA9A9F] Cc: freebsd-jail@freebsd.org, freebsd-stable@freebsd.org Subject: RE: 32-bit jails on a 64-bit system? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jan 2010 13:44:12 -0000 ---------------------------------------- > Date: Thu=2C 21 Jan 2010 10:12:20 +0100 > From: 000.fbsd@quip.cz > To: spork@bway.net > CC: freebsd-jail@FreeBSD.org=3B freebsd-stable@freebsd.org > Subject: Re: 32-bit jails on a 64-bit system? > >> The jail(8) subsystem has been updated. Changes include: >> >> Compatibility support which permits 32-bit jail binaries to be used on >> 64-bit systems to manage jails has been added. >> ---- >> >> I know prior to 8.0 with some fancy footwork you could do some >> interesting things (for example=2C I have a jail running a bunch of 32-b= it >> 4.11 stuff on a 7.2 amd64 box)=2C but it was not easy. >> >> Looking at the jail manpage and handbook entries=2C I'm not seeing >> anything that further explains the changes. I've been able to get some >> things working in a test setup=2C but not everything. Any pointers to wh= at >> exactly that blurb in the release notes actually means? Google is >> getting me nowhere. >> > > (freebsd-jail@ was added in to Cc:) > > I think it is nothing new to 8.0=2C it is the same as release note for 7.= 2. > > I didn't test it=2C but I think you can install (copy) i386 jail (or whol= e > system) in to amd64 host and just run it as any other jail. > It might be useful this thread about 32-bit jail on 64-bit host: http://lists.freebsd.org/pipermail/freebsd-i386/2009-January/007553.html Regards. Andrew =20 _________________________________________________________________ Windows Live Hotmail: Your friends can get your Facebook updates=2C right f= rom Hotmail=AE. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/so= cial-network-basics.aspx?ocid=3DPID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092= 009= From owner-freebsd-jail@FreeBSD.ORG Thu Jan 21 14:11:36 2010 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CD7201065670 for ; Thu, 21 Jan 2010 14:11:36 +0000 (UTC) (envelope-from cryx-freebsd@h3q.com) Received: from mail.h3q.com (mail.h3q.com [213.73.89.199]) by mx1.freebsd.org (Postfix) with ESMTP id 1A5848FC15 for ; Thu, 21 Jan 2010 14:11:35 +0000 (UTC) Received: (qmail 70773 invoked from network); 21 Jan 2010 14:11:33 -0000 Received: from mail.h3q.com (HELO mail.h3q.com) (cryx) by mail.h3q.com with AES256-SHA encrypted SMTP; 21 Jan 2010 14:11:33 -0000 Message-ID: <4B586095.8020109@h3q.com> Date: Thu, 21 Jan 2010 15:11:33 +0100 From: Philipp Wuensche User-Agent: Postbox 1.1.0 (Macintosh/20091201) MIME-Version: 1.0 To: David BERARD References: <201001200940.o0K9e4lO032467@freefall.freebsd.org> In-Reply-To: <201001200940.o0K9e4lO032467@freefall.freebsd.org> Content-Type: multipart/mixed; boundary="------------050408000308000102080304" Cc: freebsd-jail@FreeBSD.org Subject: Re: conf/142972: [jail] [patch] Support JAILv2 and vnet in rc.d/jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jan 2010 14:11:36 -0000 This is a multi-part message in MIME format. --------------050408000308000102080304 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit David BERARD wrote: > + > + # Append address to list of addresses for the jail comman= > d. > + case "${_type}" in > + "inet") case "${_addrlv4}" in > + "") _addrlv4=3D"${_addr}" ;; > + *) _addrlv4=3D"${_addrlv4},${_addr}" ;; > + esac;; > + "inet6") case "${_addrlv6}" in > + "") _addrlv6=3D"${_addr}" ;; > + *) _addrlv6=3D"${_addrlv6},${_addr}" ;; > + esac;; > + esac > + If you are converting the old-style ip-addresses into the new-style format, why not ditch old-style jail stuff at all and do everything in new-style? And shouldn't we implement all the new-style features while we at it? All the allow.* stuff, cpuset etc. greeting, philipp --------------050408000308000102080304 Content-Type: text/plain; x-mac-type="0"; x-mac-creator="0"; name="newjail.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="newjail.patch" --- /usr/src/etc/jail 2010-01-21 14:55:57.907587199 +0100 +++ /sur/src/etc/jail 2010-01-21 15:05:10.108010157 +0100 @@ -38,6 +38,7 @@ _fdescdir="${_devdir}/fd" _procdir="${_rootdir}/proc" eval _hostname=\"\$jail_${_j}_hostname\" + eval _name=\"\$jail_${_j}_name\" eval _ip=\"\$jail_${_j}_ip\" eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\" eval _exec=\"\$jail_${_j}_exec\" @@ -110,10 +111,11 @@ eval _fstab=\"\${jail_${_j}_fstab:-${jail_fstab}}\" [ -z "${_fstab}" ] && _fstab="/etc/fstab.${_j}" eval _flags=\"\${jail_${_j}_flags:-${jail_flags}}\" - [ -z "${_flags}" ] && _flags="-l -U root" + [ -z "${_flags}" ] && _flags="-l -U root -c" eval _consolelog=\"\${jail_${_j}_consolelog:-${jail_consolelog}}\" [ -z "${_consolelog}" ] && _consolelog="/var/log/jail_${_j}_console.log" eval _fib=\"\${jail_${_j}_fib:-${jail_fib}}\" + eval _vnet=\"\${jail_${_j}_vnet_enable:-"NO"}\" # Debugging aid # @@ -121,7 +123,9 @@ debug "$_j fdescfs enable: $_fdescfs" debug "$_j procfs enable: $_procfs" debug "$_j mount enable: $_mount" + debug "$_j vnet enable: $_vnet" debug "$_j hostname: $_hostname" + debug "$_j name: $_name" debug "$_j ip: $_ip" jail_show_addresses ${_j} debug "$_j interface: $_interface" @@ -481,10 +485,16 @@ *) ;; esac - # Append address to list of addresses for the jail command. - case "${_addrl}" in - "") _addrl="${_addr}" ;; - *) _addrl="${_addrl},${_addr}" ;; + # Append address to list of addresses for the jail command. + case "${_type}" in + "inet") case "${_addrlv4}" in + "") _addrlv4="${_addr}" ;; + *) _addrlv4="${_addrlv4},${_addr}" ;; + esac;; + "inet6") case "${_addrlv6}" in + "") _addrlv6="${_addr}" ;; + *) _addrlv6="${_addrlv6},${_addr}" ;; + esac;; esac # Configure interface alias if requested by a given interface @@ -566,7 +576,8 @@ echo -n " [${_hostname} already running (/var/run/jail_${_jail}.id exists)]" continue; fi - _addrl="" + _addrlv4="" + _addrlv6="" jail_ips "add" if [ -n "${_fib}" ]; then _setfib="setfib -F '${_fib}'" @@ -635,11 +646,19 @@ i=$((i + 1)) done - eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname} \ - \"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1 + _start_cmd="${_setfib} jail -J ${_tmp_jail} ${_flags} path=${_rootdir} host.hostname=${_hostname} \ + name=\"${_name}\"" + if checkyesno _vnet; then + _start_cmd="${_start_cmd} vnet" + else + _start_cmd="${_start_cmd} ip4.addr=\"${_addrlv4}\" ip6.addr=\"${_addrlv6}\"" + fi + _start_cmd="${_start_cmd} command=${_exec_start}" + eval ${_start_cmd} > /dev/null 2>&1 + if [ "$?" -eq 0 ] ; then - _jail_id=$(head -1 ${_tmp_jail}) + _jail_id=$(awk -F '=| ' '{print $2}' ${_tmp_jail}) i=1 while : ; do eval out=\"\${_exec_afterstart${i}:-''}\" --------------050408000308000102080304-- From owner-freebsd-jail@FreeBSD.ORG Thu Jan 21 16:43:27 2010 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A2C0A1065692 for ; Thu, 21 Jan 2010 16:43:27 +0000 (UTC) (envelope-from cryx-freebsd@h3q.com) Received: from mail.h3q.com (mail.h3q.com [213.73.89.199]) by mx1.freebsd.org (Postfix) with ESMTP id 0FC838FC12 for ; Thu, 21 Jan 2010 16:43:26 +0000 (UTC) Received: (qmail 9461 invoked from network); 21 Jan 2010 16:43:25 -0000 Received: from mail.h3q.com (HELO mail.h3q.com) (cryx) by mail.h3q.com with AES256-SHA encrypted SMTP; 21 Jan 2010 16:43:25 -0000 Message-ID: <4B58842C.6080106@h3q.com> Date: Thu, 21 Jan 2010 17:43:24 +0100 From: Philipp Wuensche User-Agent: Postbox 1.1.0 (Macintosh/20091201) MIME-Version: 1.0 To: freebsd-jail@FreeBSD.org References: <201001200940.o0K9e4lO032467@freefall.freebsd.org> <4B586095.8020109@h3q.com> In-Reply-To: <4B586095.8020109@h3q.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Subject: Re: conf/142972: [jail] [patch] Support JAILv2 and vnet in rc.d/jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jan 2010 16:43:27 -0000 Philipp Wuensche wrote: > > And shouldn't we implement all the new-style features while we at it? > All the allow.* stuff, cpuset etc. I did some testing with vnet and I find the way of using _poststart and _afterstart to configure ip-addr. inside a vimage jail very impractical. First we loose all the nice features of configuring ipaddrs. via ipv4_addrs_if in rc.conf from inside the jail and second, more important, the jail will be fully bootet before any ipaddr. is configured or even interfaces are configured. This will result in services not starting correctly, firewalling going nuts, routing-daemons not working etc.pp. A way to solve this would be to create the jail with "jail -c" and not setting "command=" but persist, resulting in /etc/rc not being run yet. This will give us a jail without any processes but already in a state to be manipulated. In this state we could attach interfaces, zfs-datasets, configure the cpuset etc.pp. After manipulating the jail, it can be really bootet up by "jail -m jid=${_jail_id} command=${_exec_start}" which will configure all the networking and services correctly from within the jail. For this, there need to be some changes: - due to the "persist" flag, we need to delete the jail via "jail -r ${_jail_id}" when stopping it - the changes above are meant for vnet, so we need to make them work with non-vnet jails too - this creates the need for a command between creating the jail and fully booting it as _prestart is to early and _poststart is too late. - a lot of rc.d script have the KEYWORD nojail, e.g. netif. Some of them will be needed to run inside vnet jails. Is there a way to distinguish a vimage-jail from a non vimage-jail inside the jail? Couldn't find a sysctl, maybe security.jail.jailed should be set to 2 instead of 1? greetings, Philipp From owner-freebsd-jail@FreeBSD.ORG Thu Jan 21 18:00:23 2010 Return-Path: Delivered-To: freebsd-jail@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BB38D1065676 for ; Thu, 21 Jan 2010 18:00:23 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 906FD8FC13 for ; Thu, 21 Jan 2010 18:00:23 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id o0LI0NsI048838 for ; Thu, 21 Jan 2010 18:00:23 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id o0LI0NQv048837; Thu, 21 Jan 2010 18:00:23 GMT (envelope-from gnats) Date: Thu, 21 Jan 2010 18:00:23 GMT Message-Id: <201001211800.o0LI0NQv048837@freefall.freebsd.org> To: freebsd-jail@FreeBSD.org From: David BERARD Cc: Subject: Re: conf/142972: [jail] [patch] Support JAILv2 and vnet in rc.d/jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: David BERARD List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jan 2010 18:00:23 -0000 The following reply was made to PR conf/142972; it has been noted by GNATS. From: David BERARD To: bug-followup@FreeBSD.org Cc: Philipp Wuensche Subject: Re: conf/142972: [jail] [patch] Support JAILv2 and vnet in rc.d/jail Date: Thu, 21 Jan 2010 18:55:10 +0100 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig5C8C54383CDA0037FC28999C Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable > I did some testing with vnet and I find the way of using _poststart and= > _afterstart to configure ip-addr. inside a vimage jail very impractical= =2E > First we loose all the nice features of configuring ipaddrs. via > ipv4_addrs_if in rc.conf from inside the jail and second, more > important, the jail will be fully bootet before any ipaddr. is > configured or even interfaces are configured. This will result in > services not starting correctly, firewalling going nuts, routing-daemon= s > not working etc.pp. >=20 I had to patch rc to support this, and use this in rc.conf jail_example_exec_earlypoststart0=3D"ifconfig epair0b vnet example" jail_example_exec_afterstart0=3D"ifconfig epair0b x.x.x.x" --- jailv2rc_earlypoststart.patch begins here --- --- /usr/src/etc/rc.d/jail 2009-10-25 02:10:29.000000000 +0100 +++ /etc/rc.d/jail 2010-01-20 10:40:57.000000000 +0100 @@ -38,6 +38,7 @@ _fdescdir=3D"${_devdir}/fd" _procdir=3D"${_rootdir}/proc" eval _hostname=3D\"\$jail_${_j}_hostname\" + eval _name=3D\"\$jail_${_j}_name\" eval _ip=3D\"\$jail_${_j}_ip\" eval _interface=3D\"\${jail_${_j}_interface:-${jail_interface}}\"= eval _exec=3D\"\$jail_${_j}_exec\" @@ -51,12 +52,19 @@ eval _exec_start=3D\"\${jail_${_j}_exec_start:-${jail_exec_start}= }\" - i=3D1 + i=3D0 while : ; do eval _exec_afterstart${i}=3D\"\${jail_${_j}_exec_aftersta= rt${i}:-\${jail_exec_afterstart${i}}}\" [ -z "$(eval echo \"\$_exec_afterstart${i}\")" ] && brea= k i=3D$((i + 1)) done + + i=3D0 + while : ; do + eval _exec_earlypoststart${i}=3D\"\${jail_${_j}_exec_earl= ypoststart${i}:-\${jail_exec_earlypoststart${i}}}\" + [ -z "$(eval echo \"\$_exec_poststart${i}\")" ] && break + i=3D$((i + 1)) + done i=3D0 while : ; do @@ -95,6 +103,9 @@ fi fi + # JAIL new style + eval _v2=3D\"\${jail_v2_enable:-"NO"}\" + # The default jail ruleset will be used by rc.subr if none is spe= cified. eval _ruleset=3D\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_rules= et}}\" eval _devfs=3D\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}= \" @@ -110,18 +121,26 @@ eval _fstab=3D\"\${jail_${_j}_fstab:-${jail_fstab}}\" [ -z "${_fstab}" ] && _fstab=3D"/etc/fstab.${_j}" eval _flags=3D\"\${jail_${_j}_flags:-${jail_flags}}\" - [ -z "${_flags}" ] && _flags=3D"-l -U root" + if checkyesno _v2; then + [ -z "${_flags}" ] && _flags=3D"-l -U root -c" + else + [ -z "${_flags}" ] && _flags=3D"-l -U root" + fi eval _consolelog=3D\"\${jail_${_j}_consolelog:-${jail_consolelog}= }\" [ -z "${_consolelog}" ] && _consolelog=3D"/var/log/jail_${_j}_con= sole.log" eval _fib=3D\"\${jail_${_j}_fib:-${jail_fib}}\" + eval _vnet=3D\"\${jail_${_j}_vnet_enable:-"NO"}\" # Debugging aid # + debug "$_j v2 enable: $_v2" debug "$_j devfs enable: $_devfs" debug "$_j fdescfs enable: $_fdescfs" debug "$_j procfs enable: $_procfs" debug "$_j mount enable: $_mount" + debug "$_j vnet enable: $_vnet" debug "$_j hostname: $_hostname" + debug "$_j name: $_name" debug "$_j ip: $_ip" jail_show_addresses ${_j} debug "$_j interface: $_interface" @@ -145,7 +164,7 @@ debug "$_j exec start: $_exec_start" - i=3D1 + i=3D0 while : ; do eval out=3D\"\${_exec_afterstart${i}:-''}\" @@ -481,6 +500,20 @@ *) ;; esac + + # Append address to list of addresses for the jail comman= d. + case "${_type}" in + "inet") case "${_addrlv4}" in + "") _addrlv4=3D"${_addr}" ;; + *) _addrlv4=3D"${_addrlv4},${_addr}" ;; + esac;; + "inet6") case "${_addrlv6}" in + "") _addrlv6=3D"${_addr}" ;; + *) _addrlv6=3D"${_addrlv6},${_addr}" ;; + esac;; + esac + + # Append address to list of addresses for the jail comman= d. case "${_addrl}" in "") _addrl=3D"${_addr}" ;; @@ -567,6 +600,8 @@ continue; fi _addrl=3D"" + _addrlv4=3D"" + _addrlv6=3D"" jail_ips "add" if [ -n "${_fib}" ]; then _setfib=3D"setfib -F '${_fib}'" @@ -634,13 +669,36 @@ ${out} i=3D$((i + 1)) done - - eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname= } \ - \"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1 - + if checkyesno _v2; then + _start_cmd=3D"${_setfib} jail -J ${_tmp_jail} ${_= flags} path=3D${_rootdir} host.hostname=3D${_hostname} \ + name=3D\"${_name}\"" + if checkyesno _vnet; then + _start_cmd=3D"${_start_cmd} vnet" + else + _start_cmd=3D"${_start_cmd} ip4.addr=3D\"= ${_addrlv4}\" ip6.addr=3D\"${_addrlv6}\"" + fi + _start_cmd=3D"${_start_cmd} command=3D${_exec_st= art}" + eval ${_start_cmd} > /dev/null 2>&1 + else + eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_= hostname} \ + \"${_addrl}\" ${_exec_start} > ${_tmp_jai= l} 2>&1 + fi if [ "$?" -eq 0 ] ; then - _jail_id=3D$(head -1 ${_tmp_jail}) - i=3D1 + if checkyesno _v2; then + _jail_id=3D$(awk -F '=3D| ' '{print $2}' = ${_tmp_jail}) + else + _jail_id=3D$(head -1 ${_tmp_jail}) + fi + + i=3D0 + while : ; do + eval out=3D\"\${_exec_earlypoststart${i}:= -''}\" + [ -z "$out" ] && break + ${out} + i=3D$((i + 1)) + done + + i=3D0 while : ; do eval out=3D\"\${_exec_afterstart${i}:-''}= \" --- jailv2rc_earlypoststart.patch ends here --- --=20 David BERARD --------------------------------------- NFrance Conseil david(at)nfrance.com GPG|PGP KeyId 0x7FC68EB8 GPG|PGP Key http://tinyurl.com/gpgdavid --------------------------------------- * No electrons were harmed in * * the transmission of this email * --------------enig5C8C54383CDA0037FC28999C Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAktYlP4ACgkQYIAREn/GjriIIgCfdy6Zj9reUcNRypeqlV9Iy/20 D7UAoIHOBP+qlHy6R5rBLPBC5c72xGjH =6y/A -----END PGP SIGNATURE----- --------------enig5C8C54383CDA0037FC28999C-- From owner-freebsd-jail@FreeBSD.ORG Thu Jan 21 20:50:59 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0300F106568D for ; Thu, 21 Jan 2010 20:50:59 +0000 (UTC) (envelope-from cryx-freebsd@h3q.com) Received: from mail.h3q.com (mail.h3q.com [213.73.89.199]) by mx1.freebsd.org (Postfix) with ESMTP id 4750F8FC21 for ; Thu, 21 Jan 2010 20:50:58 +0000 (UTC) Received: (qmail 76079 invoked from network); 21 Jan 2010 20:50:57 -0000 Received: from mail.h3q.com (HELO mail.h3q.com) (cryx) by mail.h3q.com with AES256-SHA encrypted SMTP; 21 Jan 2010 20:50:57 -0000 Message-ID: <4B58BE30.2050402@h3q.com> Date: Thu, 21 Jan 2010 21:50:56 +0100 From: Philipp Wuensche User-Agent: Postbox 1.1.0 (Macintosh/20091201) MIME-Version: 1.0 To: David BERARD References: <201001200940.o0K9e4lO032467@freefall.freebsd.org> <4B586095.8020109@h3q.com> <4B58842C.6080106@h3q.com> <4B5894FE.1000506@nfrance.com> In-Reply-To: <4B5894FE.1000506@nfrance.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org Subject: Re: conf/142972: [jail] [patch] Support JAILv2 and vnet in rc.d/jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jan 2010 20:50:59 -0000 I'm taking this off bug-followup for now. David BERARD wrote: >> I did some testing with vnet and I find the way of using _poststart and >> _afterstart to configure ip-addr. inside a vimage jail very impractical. >> First we loose all the nice features of configuring ipaddrs. via >> ipv4_addrs_if in rc.conf from inside the jail and second, more >> important, the jail will be fully bootet before any ipaddr. is >> configured or even interfaces are configured. This will result in >> services not starting correctly, firewalling going nuts, routing-daemons >> not working etc.pp. >> > > > I had to patch rc to support this, and use this in rc.conf > jail_example_exec_earlypoststart0="ifconfig epair0b vnet example" > jail_example_exec_afterstart0="ifconfig epair0b x.x.x.x" I'm not sure I do understand this correct, but this doesn't solve the problem I described. With this patch, the ipaddr. configuration of the vnet jail is still done from outside and not by the rc scripts inside the jail! _afterstart is way too late for doing the ip-configuration because services inside the jail are already started. _earlypoststart makes no sense to me, it is still run during the wrong time. greetings, philipp From owner-freebsd-jail@FreeBSD.ORG Thu Jan 21 21:43:03 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1670F106568D for ; Thu, 21 Jan 2010 21:43:03 +0000 (UTC) (envelope-from cryx-freebsd@h3q.com) Received: from mail.h3q.com (mail.h3q.com [213.73.89.199]) by mx1.freebsd.org (Postfix) with ESMTP id 339D28FC18 for ; Thu, 21 Jan 2010 21:43:01 +0000 (UTC) Received: (qmail 90358 invoked from network); 21 Jan 2010 21:43:00 -0000 Received: from mail.h3q.com (HELO mail.h3q.com) (cryx) by mail.h3q.com with AES256-SHA encrypted SMTP; 21 Jan 2010 21:43:00 -0000 Message-ID: <4B58CA63.2070307@h3q.com> Date: Thu, 21 Jan 2010 22:42:59 +0100 From: Philipp Wuensche User-Agent: Postbox 1.1.0 (Macintosh/20091201) MIME-Version: 1.0 To: David BERARD References: <201001200940.o0K9e4lO032467@freefall.freebsd.org> <4B586095.8020109@h3q.com> <4B58842C.6080106@h3q.com> <4B5894FE.1000506@nfrance.com> <4B58BE30.2050402@h3q.com> In-Reply-To: <4B58BE30.2050402@h3q.com> Content-Type: multipart/mixed; boundary="------------020805010102090300070906" Cc: freebsd-jail@freebsd.org Subject: Re: conf/142972: [jail] [patch] Support JAILv2 and vnet in rc.d/jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jan 2010 21:43:03 -0000 This is a multi-part message in MIME format. --------------020805010102090300070906 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Philipp Wuensche wrote: > I'm taking this off bug-followup for now. > > David BERARD wrote: >>> I did some testing with vnet and I find the way of using _poststart and >>> _afterstart to configure ip-addr. inside a vimage jail very impractical. >>> First we loose all the nice features of configuring ipaddrs. via >>> ipv4_addrs_if in rc.conf from inside the jail and second, more >>> important, the jail will be fully bootet before any ipaddr. is >>> configured or even interfaces are configured. This will result in >>> services not starting correctly, firewalling going nuts, routing-daemons >>> not working etc.pp. >>> >> >> I had to patch rc to support this, and use this in rc.conf >> jail_example_exec_earlypoststart0="ifconfig epair0b vnet example" >> jail_example_exec_afterstart0="ifconfig epair0b x.x.x.x" > > I'm not sure I do understand this correct, but this doesn't solve the > problem I described. My idea would be something like: jail_myjail_exec_prestart0="ifconfig epair0 create" jail_myjail_exec_prestart1="ifconfig epair0b name jailif_myjail" jail_myjail_exec_pre_rcrun0="ifconfig jailif_myjail vnet myjail" jail_myjail_exec_poststop0="ifconfig epair0a destroy" jail_myjail_cpuset="0,1" _pre_rcrun (just an example name) is run between creating the jail dummy and booting it fully via /etc/rc. cpuset could be applied in the same step Inside the jail the jailif_myjail interface is configured via ifconfig_jailif_myjail="" in rc.conf, loopback is configured by /etc/rc.d/netif in the exact same way as a non-jail freebsd. greetings, philipp --------------020805010102090300070906 Content-Type: text/plain; x-mac-type="0"; x-mac-creator="0"; name="jail_newjail.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="jail_newjail.patch" --- jail.orig 2010-01-21 14:55:57.907587199 +0100 +++ jail 2010-01-21 22:33:18.361193803 +0100 @@ -38,6 +38,7 @@ _fdescdir="${_devdir}/fd" _procdir="${_rootdir}/proc" eval _hostname=\"\$jail_${_j}_hostname\" + eval _name=\"\$jail_${_j}_name\" eval _ip=\"\$jail_${_j}_ip\" eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\" eval _exec=\"\$jail_${_j}_exec\" @@ -51,7 +52,14 @@ eval _exec_start=\"\${jail_${_j}_exec_start:-${jail_exec_start}}\" - i=1 + i=0 + while : ; do + eval _exec_pre_rcrun${i}=\"\${jail_${_j}_exec_pre_rcrun${i}:-\${jail_exec_pre_rcrun${i}}}\" + [ -z "$(eval echo \"\$_exec_pre_rcrun${i}\")" ] && break + i=$((i + 1)) + done + + i=0 while : ; do eval _exec_afterstart${i}=\"\${jail_${_j}_exec_afterstart${i}:-\${jail_exec_afterstart${i}}}\" [ -z "$(eval echo \"\$_exec_afterstart${i}\")" ] && break @@ -110,10 +118,12 @@ eval _fstab=\"\${jail_${_j}_fstab:-${jail_fstab}}\" [ -z "${_fstab}" ] && _fstab="/etc/fstab.${_j}" eval _flags=\"\${jail_${_j}_flags:-${jail_flags}}\" - [ -z "${_flags}" ] && _flags="-l -U root" + [ -z "${_flags}" ] && _flags="-l -U root -c" eval _consolelog=\"\${jail_${_j}_consolelog:-${jail_consolelog}}\" [ -z "${_consolelog}" ] && _consolelog="/var/log/jail_${_j}_console.log" eval _fib=\"\${jail_${_j}_fib:-${jail_fib}}\" + eval _cpuset=\"\${jail_${_j}_cpuset:-${jail_cpuset}}\" + eval _vnet=\"\${jail_${_j}_vnet_enable:-"NO"}\" # Debugging aid # @@ -121,11 +131,14 @@ debug "$_j fdescfs enable: $_fdescfs" debug "$_j procfs enable: $_procfs" debug "$_j mount enable: $_mount" + debug "$_j vnet enable: $_vnet" debug "$_j hostname: $_hostname" + debug "$_j name: $_name" debug "$_j ip: $_ip" jail_show_addresses ${_j} debug "$_j interface: $_interface" debug "$_j fib: $_fib" + debug "$_j cpuset: $_cpuset" debug "$_j root: $_rootdir" debug "$_j devdir: $_devdir" debug "$_j fdescdir: $_fdescdir" @@ -145,7 +158,7 @@ debug "$_j exec start: $_exec_start" - i=1 + i=0 while : ; do eval out=\"\${_exec_afterstart${i}:-''}\" @@ -481,10 +494,16 @@ *) ;; esac - # Append address to list of addresses for the jail command. - case "${_addrl}" in - "") _addrl="${_addr}" ;; - *) _addrl="${_addrl},${_addr}" ;; + # Append address to list of addresses for the jail command. + case "${_type}" in + "inet") case "${_addrlv4}" in + "") _addrlv4="${_addr}" ;; + *) _addrlv4="${_addrlv4},${_addr}" ;; + esac;; + "inet6") case "${_addrlv6}" in + "") _addrlv6="${_addr}" ;; + *) _addrlv6="${_addrlv6},${_addr}" ;; + esac;; esac # Configure interface alias if requested by a given interface @@ -566,7 +585,8 @@ echo -n " [${_hostname} already running (/var/run/jail_${_jail}.id exists)]" continue; fi - _addrl="" + _addrlv4="" + _addrlv6="" jail_ips "add" if [ -n "${_fib}" ]; then _setfib="setfib -F '${_fib}'" @@ -635,12 +655,36 @@ i=$((i + 1)) done - eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname} \ - \"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1 + _start_cmd="${_setfib} jail -J ${_tmp_jail} ${_flags} path=${_rootdir} host.hostname=${_hostname} \ + name=\"${_name}\"" + if checkyesno _vnet; then + _start_cmd="${_start_cmd} vnet" + else + _start_cmd="${_start_cmd} ip4.addr=\"${_addrlv4}\" ip6.addr=\"${_addrlv6}\"" + fi + _start_cmd="${_start_cmd} persist" + + # create a jail dummy without running /etc/rc + eval ${_start_cmd} > /dev/null 2>&1 + if [ "$?" -eq 0 ] ; then - _jail_id=$(head -1 ${_tmp_jail}) - i=1 + _jail_id=$(awk -F '=| ' '{print $2}' ${_tmp_jail}) + + + i=0 + while : ; do + eval out=\"\${_exec_pre_rcrun${i}:-''}\" + [ -z "$out" ] && break + ${out} + i=$((i + 1)) + done + + # boot the jail into multiuser by running /etc/rc + jail -m jid=${_jail_id} command=${_exec_start} > /dev/null 2>&1 + [ "${_cpuset}" ] && cpuset -l ${_cpuset} -j ${_jail_id} + + i=0 while : ; do eval out=\"\${_exec_afterstart${i}:-''}\" @@ -700,6 +744,7 @@ killall -j ${_jail_id} -TERM > /dev/null 2>&1 sleep 1 killall -j ${_jail_id} -KILL > /dev/null 2>&1 + jail -r ${_jail_id} jail_umount_fs echo -n " $_hostname" --------------020805010102090300070906--