From owner-freebsd-jail@FreeBSD.ORG Sun Jun 15 05:54:38 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 263EE1065672 for ; Sun, 15 Jun 2008 05:54:38 +0000 (UTC) (envelope-from edwin@mavetju.org) Received: from mail5out.barnet.com.au (mail5.barnet.com.au [202.83.178.78]) by mx1.freebsd.org (Postfix) with ESMTP id D077C8FC12 for ; Sun, 15 Jun 2008 05:54:37 +0000 (UTC) (envelope-from edwin@mavetju.org) Received: by mail5out.barnet.com.au (Postfix, from userid 1001) id EF03D2218A7C; Sun, 15 Jun 2008 15:34:57 +1000 (EST) X-Viruscan-Id: <4854AA010000960B339721@BarNet> Received: from mail5auth.barnet.com.au (mail5.barnet.com.au [202.83.178.78]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mail5auth.barnet.com.au", Issuer "*.barnet.com.au" (verified OK)) by mail5.barnet.com.au (Postfix) with ESMTP id B084421B2C80; Sun, 15 Jun 2008 15:34:57 +1000 (EST) Received: from k7.mavetju (k7.mavetju.org [10.251.1.18]) by mail5auth.barnet.com.au (Postfix) with ESMTP id 5E3D02218958; Sun, 15 Jun 2008 15:34:57 +1000 (EST) Received: by k7.mavetju (Postfix, from userid 1001) id 064A94DD; Sun, 15 Jun 2008 15:34:58 +1000 (EST) Date: Sun, 15 Jun 2008 15:34:58 +1000 From: Edwin Groothuis To: cco1817-0@yahoo.de, freebsd-jail@freebsd.org Message-ID: <20080615053457.GA33997@k7.mavetju> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <192473.80058.qm@web27606.mail.ukl.yahoo.com> User-Agent: Mutt/1.4.2.3i Cc: Subject: Re: Populating a jail with "make world"??? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Jun 2008 05:54:38 -0000 > I'm about to learn how to use jails and I've some confusions after > reading the handbook and some other ressources. > I've never used "make world" or "make buildworld" until now. I used > the install.sh scripts from RELEASE images to install a new machine > or to "update" (reason for this: I don't know what make **** is > doing). Can someone please explain me the disadvantages if I use > the install.sh scripts for my (service-) jails? If you want jails without the hassles of buildworld and friends, can I suggest to use sysutils/ezjail? See http://erdgeist.org/arts/software/ezjail/ for more details. Edwin -- Edwin Groothuis | Personal website: http://www.mavetju.org edwin@mavetju.org | Weblog: http://www.mavetju.org/weblog/ From owner-freebsd-jail@FreeBSD.ORG Mon Jun 16 11:06:58 2008 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2FC1C1065670 for ; Mon, 16 Jun 2008 11:06:58 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 201788FC25 for ; Mon, 16 Jun 2008 11:06:58 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m5GB6wdS036755 for ; Mon, 16 Jun 2008 11:06:58 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m5GB6vTN036751 for freebsd-jail@FreeBSD.org; Mon, 16 Jun 2008 11:06:57 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 16 Jun 2008 11:06:57 GMT Message-Id: <200806161106.m5GB6vTN036751@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jun 2008 11:06:58 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- s kern/89528 jail [jail] [patch] impossible to kill a jail o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail 2 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with o kern/68192 jail [quotas] [jail] Cannot use quotas on jailed systems o kern/72498 jail [libc] [jail] timestamp code on jailed SMP machine gen o kern/74314 jail [resolver] [jail] DNS resolver broken under certain ja o kern/84215 jail [jail] [patch] wildcard ip (INADDR_ANY) should not bin o kern/89989 jail [jail] [patch] Add option -I (ASCII 73) PID to specif o kern/97071 jail [jail] [patch] add security.jail.jid sysctl o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o kern/120753 jail [jail] Zombie jails (jailed child process exits while 9 problems total. From owner-freebsd-jail@FreeBSD.ORG Tue Jun 17 18:05:07 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EA112106564A for ; Tue, 17 Jun 2008 18:05:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id 9E4F28FC1D for ; Tue, 17 Jun 2008 18:05:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id E308F41C707 for ; Tue, 17 Jun 2008 20:05:05 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id QIzyLgBJhGmU for ; Tue, 17 Jun 2008 20:05:05 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 68A4941C72F; Tue, 17 Jun 2008 20:05:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 258F144487F for ; Tue, 17 Jun 2008 18:03:05 +0000 (UTC) Date: Tue, 17 Jun 2008 18:03:05 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: freebsd-jail@FreeBSD.org Message-ID: <20080617175607.B83875@maildrop.int.zabbadoz.net> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Subject: new set of multi-IPv4/v6/noIP jail patches X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Jun 2008 18:05:08 -0000 Hi, while for some stuff only infrastructure is there, there is more now. Any feedback would be welcome. I'll have to work on something else the next week so not going to implement the full set of "state", ... Get the diffs from: http://sources.zabbadoz.net/freebsd/jail.html Warning; I have basically tested them for 7-STABLE and HEAD, but no longer than 10 minutes each. Warning: you will have to recompile world and kernel Warning: input/output of tools like jls changed so ports or other tools might break. In case you want a noIP jail you have to give the mandatory "IP address" argument as empty string like "" . Warning: you'll find out yourself;) /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From owner-freebsd-jail@FreeBSD.ORG Thu Jun 19 10:09:04 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7ADD5106566B for ; Thu, 19 Jun 2008 10:09:04 +0000 (UTC) (envelope-from peter@pean.org) Received: from proxy2.bredband.net (proxy2.bredband.net [195.54.101.72]) by mx1.freebsd.org (Postfix) with ESMTP id 3A8E28FC26 for ; Thu, 19 Jun 2008 10:09:03 +0000 (UTC) (envelope-from peter@pean.org) Received: from ironport2.bredband.com (195.54.101.122) by proxy2.bredband.net (7.3.127) id 4811833301011BFF for freebsd-jail@freebsd.org; Thu, 19 Jun 2008 12:09:02 +0200 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Atc7AJPNWUhV4WGwPGdsb2JhbACBW4c9iSsBAQEBLZ1C Received: from c-b061e155.166-7-64736c14.cust.bredbandsbolaget.se (HELO pi.pean.org) ([85.225.97.176]) by ironport2.bredband.com with ESMTP; 19 Jun 2008 12:09:02 +0200 Message-Id: From: =?ISO-8859-1?Q?Peter_Ankerst=E5l?= To: freebsd-jail@FreeBSD.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed; delsp=yes Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Apple Message framework v924) Date: Thu, 19 Jun 2008 12:09:01 +0200 X-Mailer: Apple Mail (2.924) Cc: Subject: tun/gif interfaces inside jail. X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jun 2008 10:09:04 -0000 Is it possible to give root access to a certain tun-interface inside a =20= jail? In order to use OpenVPN or something like that? -- Peter Ankerst=E5l peter@pean.org From owner-freebsd-jail@FreeBSD.ORG Thu Jun 19 10:27:06 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 85B3A106568E for ; Thu, 19 Jun 2008 10:27:06 +0000 (UTC) (envelope-from jille@hexon.cx) Received: from mulgore.hexon-is.nl (mulgore.hexon-is.nl [82.94.237.14]) by mx1.freebsd.org (Postfix) with ESMTP id 0A0FF8FC2C for ; Thu, 19 Jun 2008 10:27:05 +0000 (UTC) (envelope-from jille@hexon.cx) Received: from [10.0.0.72] ([10.15.16.6]) (authenticated bits=0) by mulgore.hexon-is.nl (8.14.1/8.13.8) with ESMTP id m5JAB2jZ019318; Thu, 19 Jun 2008 12:11:02 +0200 Message-ID: <485A30DA.8080807@hexon.cx> Date: Thu, 19 Jun 2008 12:11:38 +0200 From: Jille Timmmermans User-Agent: Thunderbird 2.0.0.14 (Windows/20080421) MIME-Version: 1.0 To: =?ISO-8859-1?Q?Peter_Ankerst=E5l?= References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Hexon-MailScanner-Information: Please contact the ISP for more information X-Hexon-MailScanner: Found to be clean X-Hexon-MailScanner-From: jille@hexon.cx Cc: freebsd-jail@freebsd.org Subject: Re: tun/gif interfaces inside jail. X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jun 2008 10:27:06 -0000 No. You must run OpenVPN outside of your jail Peter Ankerstål wrote: > Is it possible to give root access to a certain tun-interface inside a > jail? > In order to use OpenVPN or something like that? > -- > Peter Ankerstål > peter@pean.org > > > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" From owner-freebsd-jail@FreeBSD.ORG Thu Jun 19 10:49:21 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1EA4A106571F for ; Thu, 19 Jun 2008 10:49:21 +0000 (UTC) (envelope-from scheidell@secnap.net) Received: from fl.us.spammertrap.net (fl.us.spammertrap.net [204.89.241.173]) by mx1.freebsd.org (Postfix) with ESMTP id C871C8FC21 for ; Thu, 19 Jun 2008 10:49:20 +0000 (UTC) (envelope-from scheidell@secnap.net) Received: from localhost (localhost [127.0.0.1]) by fl.us.spammertrap.net (Postfix) with ESMTP id 650EFE6040 for ; Thu, 19 Jun 2008 06:30:28 -0400 (EDT) X-Quarantine-ID: X-Virus-Scanned: SpammerTrap(r) SME-250 1.81 at secnap.com X-Amavis-Modified: Mail body modified (using disclaimer) by fl.us.spammertrap.net Received: from secnap3.secnap.com (secnap3.secnap.com [204.89.241.130]) by fl.us.spammertrap.net (Postfix) with ESMTP id 9DB0DE603C for ; Thu, 19 Jun 2008 06:30:27 -0400 (EDT) Received: from 3.sub-75-203-162.myvzw.com ([10.80.0.4]) by secnap3.secnap.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 19 Jun 2008 06:30:27 -0400 Message-ID: <485A359A.8010303@secnap.net> Date: Thu, 19 Jun 2008 06:31:54 -0400 From: Michael Scheidell User-Agent: Thunderbird 2.0.0.14 (Macintosh/20080421) MIME-Version: 1.0 To: Jille Timmmermans References: <485A30DA.8080807@hexon.cx> In-Reply-To: <485A30DA.8080807@hexon.cx> X-OriginalArrivalTime: 19 Jun 2008 10:30:27.0500 (UTC) FILETIME=[7DA2AEC0:01C8D1F7] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-jail@freebsd.org Subject: Re: tun/gif interfaces inside jail. X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jun 2008 10:49:21 -0000 Jille Timmmermans wrote: > No. > You must run OpenVPN outside of your jail > > Peter Ankerstål wrote: I have read RUMORS that you can have the jailed systems route through and access the jail which is outside the jail, but so far, have not sean any real 'cookbook' on how to do it. I tried it a couple of times and gave up. I wanted to get it to work, but with all the partial hints about routing, natd, pf rules with no real solution, I gave up and bought a $500 sonicwall firewall. -- Michael Scheidell, CTO Main: 561-999-5000, Office: 561-939-7259 > *| *SECNAP Network Security Corporation Winner 2008 Technosium hot company award. www.technosium.com/hotcompanies/ _________________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.spammertrap.com _________________________________________________________________________ From owner-freebsd-jail@FreeBSD.ORG Thu Jun 19 15:56:16 2008 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 42E6F106564A for ; Thu, 19 Jun 2008 15:56:16 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [91.103.162.4]) by mx1.freebsd.org (Postfix) with ESMTP id EA5318FC14 for ; Thu, 19 Jun 2008 15:56:15 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from localhost (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id F036519E023; Thu, 19 Jun 2008 17:56:13 +0200 (CEST) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 8292719E019; Thu, 19 Jun 2008 17:56:08 +0200 (CEST) Message-ID: <485A81AF.2090200@quip.cz> Date: Thu, 19 Jun 2008 17:56:31 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: cz, cs, en, en-us MIME-Version: 1.0 To: =?ISO-8859-1?Q?Peter_Ankerst=E5l?= References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Cc: freebsd-jail@FreeBSD.org Subject: Re: tun/gif interfaces inside jail. X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jun 2008 15:56:16 -0000 Peter Ankerstål wrote: > Is it possible to give root access to a certain tun-interface inside a > jail? > In order to use OpenVPN or something like that? > -- Jail can use only 1 IP address (currently). If you need to use only some ports on VPN, you can use port redirect by firewall. I am using it to access MSSQL server throught VPN from jail. See my message in this list from 2008-04-22 with subject "Re: routing" Miroslav Lachman From owner-freebsd-jail@FreeBSD.ORG Thu Jun 19 15:57:44 2008 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1E05A1065676 for ; Thu, 19 Jun 2008 15:57:44 +0000 (UTC) (envelope-from jas@pcjas.obspm.fr) Received: from blade2-ext.obspm.fr (blade2-ext.obspm.fr [145.238.186.8]) by mx1.freebsd.org (Postfix) with ESMTP id 839C68FC0C for ; Thu, 19 Jun 2008 15:57:43 +0000 (UTC) (envelope-from jas@pcjas.obspm.fr) Received: from pcjas.obspm.fr (pcjas.obspm.fr [145.238.184.233]) by blade2-ext.obspm.fr (8.13.8/8.13.8/SIO Observatoire de Paris - 15/11/07) with ESMTP id m5JFl4PN013285 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Thu, 19 Jun 2008 17:47:04 +0200 Received: from pcjas.obspm.fr (localhost [127.0.0.1]) by pcjas.obspm.fr (8.14.2/8.14.2) with ESMTP id m5JFl4vA089642 for ; Thu, 19 Jun 2008 17:47:04 +0200 (CEST) (envelope-from jas@pcjas.obspm.fr) Received: (from jas@localhost) by pcjas.obspm.fr (8.14.2/8.14.2/Submit) id m5JFl4Y1089641 for freebsd-jail@FreeBSD.org; Thu, 19 Jun 2008 17:47:04 +0200 (CEST) (envelope-from jas) Date: Thu, 19 Jun 2008 17:47:04 +0200 From: Albert Shih To: freebsd-jail@FreeBSD.org Message-ID: <20080619154704.GA89585@pcjas.obspm.fr> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.18 (2008-05-17) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0 (blade2-ext.obspm.fr [145.238.186.20]); Thu, 19 Jun 2008 17:47:04 +0200 (CEST) X-Virus-Scanned: ClamAV 0.93.1/7505/Thu Jun 19 08:25:19 2008 on blade2-ext.obspm.fr X-Virus-Status: Clean Cc: Subject: Acces to apache log. X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Albert.Shih@obspm.fr List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jun 2008 15:57:44 -0000 Hi all I'm using FreeBSD with jail. On those jail I'm running apache and tomcat (not apache/tomcat, but apache and tomcat not in same jail of course). Now my user (developper team) want to have access to tomcat log and apache log for debugging. I really prefer to not grant ssh access to my developper (the code is push with subversion). How can I do that ? Make the acces to apache-log and tomcat-log (or anything log) to my users ? Regards. -- Albert SHIH SIO batiment 15 Observatoire de Paris Meudon 5 Place Jules Janssen 92195 Meudon Cedex Heure local/Local time: Jeu 19 jui 2008 17:44:04 CEST From owner-freebsd-jail@FreeBSD.ORG Thu Jun 19 16:50:59 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5B4E3106567A for ; Thu, 19 Jun 2008 16:50:59 +0000 (UTC) (envelope-from albinootje@gmail.com) Received: from yx-out-2324.google.com (yx-out-2324.google.com [74.125.44.30]) by mx1.freebsd.org (Postfix) with ESMTP id F097E8FC1E for ; Thu, 19 Jun 2008 16:50:58 +0000 (UTC) (envelope-from albinootje@gmail.com) Received: by yx-out-2324.google.com with SMTP id 31so143248yxl.13 for ; Thu, 19 Jun 2008 09:50:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=g4oYoJsjRRAcOS7LM23pZgAZil+Q062fOP7YzDaNIZo=; b=G/rmC1tHdUVczFCJ/gVn74hLzViK3PDF0FntQfi/Ia/HsWOG3hUpNM58yfP+weZz/W 9Mo5apE31JfEyl6pnJOIVfh2G0Y0HuZ/vWYmHPN7Fl0bfennne/7rJY3GLKVfKyvYEif s9ooCWBb9M+QbNgHQeK5hNTKDn+sirdvOhdVA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=UtGwTsHEDI5IREGquY6er7F6HDYZsYDs6hBGz1cg8hcuDo/uXXxFfgj7vFAzUPJKfH gDn8XZo6OYT99i/mgMtS5fo96qFHWhgMQfMaqwNIkkl44KBAgQ1SHgSoAecmOAHNE0zS 3lF60UBl1xbcZPhpr2QhwzNPcD9XqOhqH0F0Q= Received: by 10.115.49.11 with SMTP id b11mr2864806wak.117.1213892533232; Thu, 19 Jun 2008 09:22:13 -0700 (PDT) Received: from ?192.168.0.178? ( [217.19.30.147]) by mx.google.com with ESMTPS id l22sm1008010wrl.23.2008.06.19.09.22.11 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 19 Jun 2008 09:22:12 -0700 (PDT) Message-ID: <485A87B1.7020509@gmail.com> Date: Thu, 19 Jun 2008 18:22:09 +0200 From: albinootje User-Agent: Thunderbird 2.0.0.14 (X11/20080502) MIME-Version: 1.0 To: Albert.Shih@obspm.fr References: <20080619154704.GA89585@pcjas.obspm.fr> In-Reply-To: <20080619154704.GA89585@pcjas.obspm.fr> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-jail@FreeBSD.org Subject: Re: Acces to apache log. X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jun 2008 16:50:59 -0000 Albert Shih wrote: Hi, > I'm using FreeBSD with jail. On those jail I'm running apache and tomcat > (not apache/tomcat, but apache and tomcat not in same jail of course). > > Now my user (developper team) want to have access to tomcat log and apache > log for debugging. > > I really prefer to not grant ssh access to my developper (the code is push > with subversion). > > How can I do that ? Make the acces to apache-log and tomcat-log (or anything log) > to my users ? If I was in the same situation i would make another jail just to provide the log-files with read-only "nullfs" mounts for that person. Or use for that user scponly with chroot option as shell, which is a little bit more work, and then again use nullfs to mount the logfile directories for that user. Good luck! Kind regards, Albi. From owner-freebsd-jail@FreeBSD.ORG Thu Jun 19 17:21:09 2008 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9A6C8106564A for ; Thu, 19 Jun 2008 17:21:09 +0000 (UTC) (envelope-from lists@mschuette.name) Received: from mail.asta.uni-potsdam.de (mail.asta.uni-potsdam.de [141.89.58.198]) by mx1.freebsd.org (Postfix) with ESMTP id 44FB88FC22 for ; Thu, 19 Jun 2008 17:21:09 +0000 (UTC) (envelope-from lists@mschuette.name) Received: from localhost (mail.asta.uni-potsdam.de [141.89.58.198]) by mail.asta.uni-potsdam.de (Postfix) with ESMTP id 66FAB35522C for ; Thu, 19 Jun 2008 19:04:36 +0200 (CEST) X-Virus-Scanned: on mail at asta.uni-potsdam.de Received: from mail.asta.uni-potsdam.de ([141.89.58.198]) by localhost (mail.asta.uni-potsdam.de [141.89.58.198]) (amavisd-new, port 10024) with ESMTP id mxqKOEZ6qb5A for ; Thu, 19 Jun 2008 19:04:27 +0200 (CEST) Received: from [192.168.178.21] (BAA2e14.baa.pppool.de [77.128.46.20]) (using SSLv3 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "Martin Schuette", Issuer "AStA-CA" (verified OK)) by mail.asta.uni-potsdam.de (Postfix) with ESMTP id 0FDAB355222 for ; Thu, 19 Jun 2008 19:04:26 +0200 (CEST) Message-ID: <485A91AD.2070006@mschuette.name> Date: Thu, 19 Jun 2008 19:04:45 +0200 From: =?ISO-8859-1?Q?Martin_Sch=FCtte?= User-Agent: Thunderbird 2.0.0.14 (X11/20080511) MIME-Version: 1.0 To: freebsd-jail@FreeBSD.org References: <20080619154704.GA89585@pcjas.obspm.fr> In-Reply-To: <20080619154704.GA89585@pcjas.obspm.fr> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: Acces to apache log. X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jun 2008 17:21:09 -0000 Albert Shih schrieb: > How can I do that ? Make the acces to apache-log and tomcat-log (or anything log) > to my users ? Maybe some unconventional approach: use syslog to write all logs to a user-accessible location. (If they have no shell account at all, then to a file on the Apache server they cann access by HTTPS.) Example from httpd.conf: CustomLog /var/log/apache/access.log combined CustomLog "|/usr/bin/logger -p local1.info -t apache" complete Then in syslog.conf on the apache server: local1.info /usr/local/www/userdata/access.log and on backend-servers: local1.info @other-server Oh, and make sure the syslogd is portfiltered so it is not accessible from the internat but only from your backend servers. I do not know about Tomcat, but it should be able to log to syslog as well. -- Martin From owner-freebsd-jail@FreeBSD.ORG Thu Jun 19 18:23:33 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 431B21065682 for ; Thu, 19 Jun 2008 18:23:33 +0000 (UTC) (envelope-from alexus@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.183]) by mx1.freebsd.org (Postfix) with ESMTP id 06F6A8FC0A for ; Thu, 19 Jun 2008 18:23:32 +0000 (UTC) (envelope-from alexus@gmail.com) Received: by wa-out-1112.google.com with SMTP id j4so726665wah.3 for ; Thu, 19 Jun 2008 11:23:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=ZHiDwFY6itfSjQrHoyTuQHeNn5KWv36A1HBbOt7z8h8=; b=OCDTuznb8s0v5BfVxZX2FtBvFTZy+3RQ0l7DJnZ3sazmvFTOLTr4fZIKTvMWMtqiKy kclRakwqnCySi5ftJ03ErG/TLX3wKsMW0WUvqZGNL6XyWQFjIfEC8nMTUoVEePUWsbmW Xe9WbOsIYcEQiXpbjuzjHdXaFsH4D2SEYgyo4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=fhXB9Rl3H0eTpxyvDf7eDhom3UEXGZDK/BMLlUBmvWd+aC0dBWBC3P/4WkGaNq/hhf ovxvLdYG+BiNDEfX8Otwzt7fvTjj9BNlYCmZItuWXI6UskpdenKctKzGIUvnON23UDkn w0ouaN4jWtdVsrBdeJg4uMUWBoqkUCA9hDWyk= Received: by 10.114.193.1 with SMTP id q1mr3080965waf.70.1213899812629; Thu, 19 Jun 2008 11:23:32 -0700 (PDT) Received: by 10.114.67.7 with HTTP; Thu, 19 Jun 2008 11:23:32 -0700 (PDT) Message-ID: <6ae50c2d0806191123v1794d682rcae256d3a22625ed@mail.gmail.com> Date: Thu, 19 Jun 2008 14:23:32 -0400 From: alexus To: "Bjoern A. Zeeb" In-Reply-To: <20080617175607.B83875@maildrop.int.zabbadoz.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20080617175607.B83875@maildrop.int.zabbadoz.net> Cc: freebsd-jail@freebsd.org Subject: Re: new set of multi-IPv4/v6/noIP jail patches X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jun 2008 18:23:33 -0000 I'm about to try out your latest patch http://sources.zabbadoz.net/freebsd/jail/20080617-01-jail-7.0R.diff i didn't find any instructions, did I missed them or they just don't exists at all? can you give us some short cheat sheet on what needs to be done in order to install and use it correctly? On Tue, Jun 17, 2008 at 2:03 PM, Bjoern A. Zeeb wrote: > Hi, > > while for some stuff only infrastructure is there, there is more now. > Any feedback would be welcome. I'll have to work on something else the > next week so not going to implement the full set of "state", ... > > Get the diffs from: http://sources.zabbadoz.net/freebsd/jail.html > > Warning; I have basically tested them for 7-STABLE and HEAD, but no > longer than 10 minutes each. > > Warning: you will have to recompile world and kernel > > Warning: input/output of tools like jls changed so ports or > other tools might break. In case you want a noIP jail you have > to give the mandatory "IP address" argument as empty string like > "" . > > Warning: you'll find out yourself;) > > > /bz > > -- > Bjoern A. Zeeb Stop bit received. Insert coin for new game. > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > -- http://alexus.org/ From owner-freebsd-jail@FreeBSD.ORG Thu Jun 19 18:30:31 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 625D71065684 for ; Thu, 19 Jun 2008 18:30:31 +0000 (UTC) (envelope-from peter@pean.org) Received: from proxy1.bredband.net (proxy1.bredband.net [195.54.101.71]) by mx1.freebsd.org (Postfix) with ESMTP id 0FB228FC20 for ; Thu, 19 Jun 2008 18:30:30 +0000 (UTC) (envelope-from peter@pean.org) Received: from ironport.bredband.com (195.54.101.120) by proxy1.bredband.net (7.3.127) id 4811823A01089439 for freebsd-jail@freebsd.org; Thu, 19 Jun 2008 20:30:29 +0200 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AtE6AFY9WkhV4WGwPGdsb2JhbACBW5BoAQEBAS2eCA Received: from c-b061e155.166-7-64736c14.cust.bredbandsbolaget.se (HELO pi.pean.org) ([85.225.97.176]) by ironport1.bredband.com with ESMTP; 19 Jun 2008 20:30:29 +0200 Message-Id: <35EA21CD-E643-41CA-B7F9-875AB9F4B092@pean.org> From: =?ISO-8859-1?Q?Peter_Ankerst=E5l?= To: alexus In-Reply-To: <6ae50c2d0806191123v1794d682rcae256d3a22625ed@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed; delsp=yes Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Apple Message framework v924) Date: Thu, 19 Jun 2008 20:30:29 +0200 References: <20080617175607.B83875@maildrop.int.zabbadoz.net> <6ae50c2d0806191123v1794d682rcae256d3a22625ed@mail.gmail.com> X-Mailer: Apple Mail (2.924) Cc: freebsd-jail@freebsd.org Subject: Re: new set of multi-IPv4/v6/noIP jail patches X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jun 2008 18:30:31 -0000 On Jun 19, 2008, at 8:23 PM, alexus wrote: > I'm about to try out your latest patch > http://sources.zabbadoz.net/freebsd/jail/20080617-01-jail-7.0R.diff > > i didn't find any instructions, did I missed them or they just don't > exists at all? > can you give us some short cheat sheet on what needs to be done in > order to install and use it correctly? > > I guess its just to put it in /usr/src and run patch < 20080617-01-=20 jail-7.0R.diff and recompile. Then there is some changes to the jail manual so I guess it can be =20 read there. -- Peter Ankerst=E5l peter@pean.org From owner-freebsd-jail@FreeBSD.ORG Thu Jun 19 19:05:08 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 548501065670 for ; Thu, 19 Jun 2008 19:05:08 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id F2E608FC14 for ; Thu, 19 Jun 2008 19:05:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 5B39A41C732; Thu, 19 Jun 2008 21:05:06 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id KGFv2BBIURkE; Thu, 19 Jun 2008 21:05:05 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id DFCF241C72F; Thu, 19 Jun 2008 21:05:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 6A0EE44487F; Thu, 19 Jun 2008 19:03:45 +0000 (UTC) Date: Thu, 19 Jun 2008 19:03:45 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: alexus In-Reply-To: <6ae50c2d0806191123v1794d682rcae256d3a22625ed@mail.gmail.com> Message-ID: <20080619185834.E83875@maildrop.int.zabbadoz.net> References: <20080617175607.B83875@maildrop.int.zabbadoz.net> <6ae50c2d0806191123v1794d682rcae256d3a22625ed@mail.gmail.com> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-jail@freebsd.org Subject: Re: new set of multi-IPv4/v6/noIP jail patches X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jun 2008 19:05:08 -0000 On Thu, 19 Jun 2008, alexus wrote: Hi, > I'm about to try out your latest patch > http://sources.zabbadoz.net/freebsd/jail/20080617-01-jail-7.0R.diff be aware that this one will be updated again soonish (as some things do not yet work [raw ipv6 sockets to be precise is what I am aware of so far]). > i didn't find any instructions, did I missed them or they just don't > exists at all? > can you give us some short cheat sheet on what needs to be done in > order to install and use it correctly? cd /usr/src fetch http://sources.zabbadoz.net/freebsd/jail/20080617-01-jail-7.0R.diff patch -C < 20080617-01-jail-7.0R.diff echo $? if it says "0" patch < 20080617-01-jail-7.0R.diff if it says anything else, the patch would not apply cleanly. Tell me along with the CVS checkout date of your sources. [ consult the apropriate docs for all those following steps. The handbook might help ] make buildworld make buildkernel su make installworld make installkernel mergemaster reboot be prepared for panics, reboots, ... ;-) Read the man pages on jail, jls and jexec. I hope that short summary helps. Bjoern PS: if you are staying with 7.0-RELEASE be sure to get the sources for -p2 as an Errata Notice just went in (which my patch isn't aware of yet but should still apply). -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From owner-freebsd-jail@FreeBSD.ORG Thu Jun 19 19:45:28 2008 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 212A1106566B for ; Thu, 19 Jun 2008 19:45:28 +0000 (UTC) (envelope-from cloud@madpowah.org) Received: from smtp20.orange.fr (smtp20.orange.fr [193.252.22.29]) by mx1.freebsd.org (Postfix) with ESMTP id C768C8FC15 for ; Thu, 19 Jun 2008 19:45:27 +0000 (UTC) (envelope-from cloud@madpowah.org) Received: from smtp20.orange.fr (mwinf2017 [172.22.130.117]) by mwinf2015.orange.fr (SMTP Server) with ESMTP id 8E8131C1F2FB for ; Thu, 19 Jun 2008 19:23:30 +0200 (CEST) Received: from me-wanadoo.net (localhost [127.0.0.1]) by mwinf2017.orange.fr (SMTP Server) with ESMTP id 798C61C000A5 for ; Thu, 19 Jun 2008 19:23:29 +0200 (CEST) Received: from [192.168.1.10] (ABayonne-257-1-32-192.w90-55.abo.wanadoo.fr [90.55.255.192]) by mwinf2017.orange.fr (SMTP Server) with ESMTP id 3F1101C0009F for ; Thu, 19 Jun 2008 19:23:29 +0200 (CEST) X-ME-UUID: 20080619172329258.3F1101C0009F@mwinf2017.orange.fr Message-ID: <485A961D.3060701@madpowah.org> Date: Thu, 19 Jun 2008 19:23:41 +0200 From: cloud User-Agent: Thunderbird 2.0.0.14 (X11/20080617) MIME-Version: 1.0 To: freebsd-jail@FreeBSD.org References: <20080619154704.GA89585@pcjas.obspm.fr> <485A87B1.7020509@gmail.com> In-Reply-To: <485A87B1.7020509@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: Acces to apache log. X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jun 2008 19:45:28 -0000 On my server with jails, I have changed the error-log directive of Apache to send logs in an other jail which is listening with syslog and it works fine. Then you have just to create an acces in this jail. albinootje wrote: > Albert Shih wrote: > > Hi, > > >> I'm using FreeBSD with jail. On those jail I'm running apache and tomcat >> (not apache/tomcat, but apache and tomcat not in same jail of course). >> >> Now my user (developper team) want to have access to tomcat log and apache >> log for debugging. >> >> I really prefer to not grant ssh access to my developper (the code is push >> with subversion). >> >> How can I do that ? Make the acces to apache-log and tomcat-log (or anything log) >> to my users ? >> > > If I was in the same situation i would make another jail just to provide > the log-files > with read-only "nullfs" mounts for that person. > > Or use for that user scponly with chroot option as shell, which is a > little bit more work, > and then again use nullfs to mount the logfile directories for that user. > > Good luck! > > Kind regards, > Albi. > > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > From owner-freebsd-jail@FreeBSD.ORG Fri Jun 20 03:18:12 2008 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 27B621065672 for ; Fri, 20 Jun 2008 03:18:12 +0000 (UTC) (envelope-from wolf@k18.ch) Received: from mail.k18.ch (mail.k18.ch [62.2.143.37]) by mx1.freebsd.org (Postfix) with ESMTP id 788D68FC16 for ; Fri, 20 Jun 2008 03:18:11 +0000 (UTC) (envelope-from wolf@k18.ch) Received: (qmail 92012 invoked from network); 20 Jun 2008 02:51:52 -0000 Received: (simscan 1.3.1 ppid 92006 pid 92009 t 0.1226s) (scanners: attach: 1.3.1 clamav: 0.93.1/m:46/d:6806); 20 Jun 0108 02:51:52 -0000 Received: from 161-196.5-85.cust.bluewin.ch (HELO [192.168.1.58]) (Authenticated_MSA:wolf@[85.5.196.161]) (envelope-sender ) by mail.k18.ch (qmail-ldap-1.03) with AES256-SHA encrypted SMTP for ; 20 Jun 2008 02:51:52 -0000 Message-ID: <485B1B2F.90909@k18.ch> Date: Fri, 20 Jun 2008 04:51:27 +0200 From: Alain Wolf User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.12) Gecko/20080227 Lightning/0.8 Thunderbird/2.0.0.12 Mnenhy/0.7.5.0 MIME-Version: 1.0 To: freebsd-jail@FreeBSD.org References: <20080619154704.GA89585@pcjas.obspm.fr> In-Reply-To: <20080619154704.GA89585@pcjas.obspm.fr> X-Enigmail-Version: 0.95.6 OpenPGP: id=6CB1BC68 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: Acces to apache log. X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jun 2008 03:18:12 -0000 On 19.06.2008 17:47, Albert Shih wrote: > Hi all > > I'm using FreeBSD with jail. On those jail I'm running apache and tomcat > (not apache/tomcat, but apache and tomcat not in same jail of course). > > Now my user (developper team) want to have access to tomcat log and apache > log for debugging. > > I really prefer to not grant ssh access to my developper (the code is push > with subversion). > > How can I do that ? Make the acces to apache-log and tomcat-log (or anything log) > to my users ? > > Regards. > Ours access log-files trough a protected website. From owner-freebsd-jail@FreeBSD.ORG Fri Jun 20 12:32:56 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 62CF71065674 for ; Fri, 20 Jun 2008 12:32:56 +0000 (UTC) (envelope-from peter@pean.org) Received: from proxy1.bredband.net (proxy1.bredband.net [195.54.101.71]) by mx1.freebsd.org (Postfix) with ESMTP id 249798FC22 for ; Fri, 20 Jun 2008 12:32:55 +0000 (UTC) (envelope-from peter@pean.org) Received: from ironport.bredband.com (195.54.101.120) by proxy1.bredband.net (7.3.127) id 4811823A010AEB42 for freebsd-jail@freebsd.org; Fri, 20 Jun 2008 14:32:54 +0200 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ArwxAJhAW0hV4WGwPGdsb2JhbACBW5B/AQEBAS2cXA Received: from c-b061e155.166-7-64736c14.cust.bredbandsbolaget.se (HELO pi.pean.org) ([85.225.97.176]) by ironport1.bredband.com with ESMTP; 20 Jun 2008 14:32:54 +0200 Message-Id: From: =?ISO-8859-1?Q?Peter_Ankerst=E5l?= To: Bjoern A. Zeeb In-Reply-To: <20080617175607.B83875@maildrop.int.zabbadoz.net> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v924) Date: Fri, 20 Jun 2008 14:32:54 +0200 References: <20080617175607.B83875@maildrop.int.zabbadoz.net> X-Mailer: Apple Mail (2.924) Cc: freebsd-jail@FreeBSD.org Subject: Re: new set of multi-IPv4/v6/noIP jail patches X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jun 2008 12:32:56 -0000 On Jun 17, 2008, at 8:03 PM, Bjoern A. Zeeb wrote: > Hi, > > while for some stuff only infrastructure is there, there is more now. > Any feedback would be welcome. I'll have to work on something else the > next week so not going to implement the full set of "state", ... > > Get the diffs from: http://sources.zabbadoz.net/freebsd/jail.html > > Warning; I have basically tested them for 7-STABLE and HEAD, but no > longer than 10 minutes each. > > Warning: you will have to recompile world and kernel > > Warning: input/output of tools like jls changed so ports or > other tools might break. In case you want a noIP jail you have > to give the mandatory "IP address" argument as empty string like > "" . > > Warning: you'll find out yourself;) Maybe Im stupid, but I cant figure out the syntax in rc.conf for multiple ips. From owner-freebsd-jail@FreeBSD.ORG Fri Jun 20 12:45:06 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B6013106566C for ; Fri, 20 Jun 2008 12:45:06 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id 7082D8FC0C for ; Fri, 20 Jun 2008 12:45:06 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 9FCBE41C795; Fri, 20 Jun 2008 14:45:05 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id ZIda2a9xqh5P; Fri, 20 Jun 2008 14:45:05 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 2F66541C798; Fri, 20 Jun 2008 14:45:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id F09C544487F; Fri, 20 Jun 2008 12:40:09 +0000 (UTC) Date: Fri, 20 Jun 2008 12:40:09 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: =?ISO-8859-1?Q?Peter_Ankerst=E5l?= In-Reply-To: Message-ID: <20080620123721.V83875@maildrop.int.zabbadoz.net> References: <20080617175607.B83875@maildrop.int.zabbadoz.net> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-103916182-1213965609=:83875" Cc: freebsd-jail@FreeBSD.org Subject: Re: new set of multi-IPv4/v6/noIP jail patches X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jun 2008 12:45:06 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-103916182-1213965609=:83875 Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: QUOTED-PRINTABLE On Fri, 20 Jun 2008, Peter Ankerst=E5l wrote: > > On Jun 17, 2008, at 8:03 PM, Bjoern A. Zeeb wrote: > >> Hi, >>=20 >> while for some stuff only infrastructure is there, there is more now. >> Any feedback would be welcome. I'll have to work on something else the >> next week so not going to implement the full set of "state", ... >>=20 >> Get the diffs from: http://sources.zabbadoz.net/freebsd/jail.html >>=20 >> Warning; I have basically tested them for 7-STABLE and HEAD, but no >> longer than 10 minutes each. >>=20 >> Warning: you will have to recompile world and kernel >>=20 >> Warning: input/output of tools like jls changed so ports or >> other tools might break. In case you want a noIP jail you have >> to give the mandatory "IP address" argument as empty string like >> "" . >>=20 >> Warning: you'll find out yourself;) > > Maybe Im stupid, but I cant figure out the syntax in rc.conf for multiple= =20 > ips. "a,b,c,d,f,g" like you would give it on the command line. jail_a_ip=3D"192.0.2.2,2001:db8:13:68::2,2001:db8:13:68::1,2001:db8:13:68::= 4,2001:db8:13:68::13,192.0.2.3" If you use the ifconfig stuff (jail_x_interface=3D...) from the jail startup script someone else has a patch for that... I don't care about it as I never liked it. /bz --=20 Bjoern A. Zeeb Stop bit received. Insert coin for new game. --0-103916182-1213965609=:83875-- From owner-freebsd-jail@FreeBSD.ORG Fri Jun 20 14:26:39 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 73C561065670 for ; Fri, 20 Jun 2008 14:26:39 +0000 (UTC) (envelope-from ruben@verweg.com) Received: from erg.verweg.com (erg.verweg.com [217.77.141.129]) by mx1.freebsd.org (Postfix) with ESMTP id E6EA18FC0A for ; Fri, 20 Jun 2008 14:26:38 +0000 (UTC) (envelope-from ruben@verweg.com) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verweg.com; s=verweg; t=1213971051; bh=JoWnMu/Y/iaj2rzDbdGDXcTPdqRW4wcIquU+KhluEts=; h=Message-Id:From:To:Content-Type:Mime-Version:Subject:Date:Cc: X-Pgp-Agent:Content-Transfer-Encoding:X-Mailer; b=BNIdOk9lwgqVU6Ro pVLjgWP/r2kr7nX+af02M2T9+RjgUOVSQry9RlBI8D7s/TMzh4ax5oTp46BJlKWJ7Gd xV2Of0eGFB1iyxJ+kA8lsvBg6DOjO0WEmAtQGCZDDHrq1jfFIzXoODk055uLXMXemaU 8kfLY7E4/I2M2pLje+Uz0= Received: from [IPv6:::1] (chimp.ripe.net [193.0.1.199]) (authenticated bits=0) by erg.verweg.com (8.14.2/8.14.2) with ESMTP id m5KEAkOi008719 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Fri, 20 Jun 2008 14:10:51 GMT (envelope-from ruben@verweg.com) X-Authentication-Warning: erg.verweg.com: Host chimp.ripe.net [193.0.1.199] claimed to be [IPv6:::1] Message-Id: <78553FE8-BB3A-4AD5-9926-7B095260741D@verweg.com> From: Ruben van Staveren To: peter@pean.org Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-94--559366149" Mime-Version: 1.0 (Apple Message framework v924) Date: Fri, 20 Jun 2008 16:10:34 +0200 X-Pgp-Agent: GPGMail d52 (v52, Leopard) Content-Transfer-Encoding: 7bit X-Mailer: Apple Mail (2.924) X-Virus-Scanned: ClamAV 0.93/6805/Wed Apr 16 19:57:54 2008 on erg.verweg.com X-Virus-Status: Clean X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by milter-greylist-3.0 (erg.verweg.com [217.77.141.129]); Fri, 20 Jun 2008 14:10:52 +0000 (UTC) Cc: freebsd-jail@freebsd.org Subject: Re: new set of multi-IPv4/v6/noIP jail patches X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jun 2008 14:26:39 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --Apple-Mail-94--559366149 Content-Type: multipart/mixed; boundary=Apple-Mail-93--559366394 --Apple-Mail-93--559366394 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit > Maybe Im stupid, but I cant figure out the syntax in rc.conf for > multiple ips. You might try this patch against /etc/rc.d/jail to help starting multi- IPv4/v6/no-IP jails Just the 1st iteration open issues * add support for no-IP jails * handle ipv6 addresses more cleanly (support notations like 2001:888:1029::10.1.1.1, 2001:888:1029:0:0:0:0:1) this is because you'll get "address not assigned" errors because ifconfig doesn't seem to make the v6 address canonical. This only happens when you stop the jail btw. you'll need to stuff v6 stuff in _ipv6 variables though. --Apple-Mail-93--559366394 Content-Disposition: attachment; filename=rc.d-jail.diff Content-Type: text/x-diff; x-unix-mode=0644; name="rc.d-jail.diff" Content-Transfer-Encoding: 7bit --- /etc/rc.d/jail 2008-06-20 12:48:19.000000000 +0200 +++ /usr/src/etc/rc.d/jail 2008-02-12 22:08:20.000000000 +0100 @@ -39,7 +39,6 @@ _procdir="${_rootdir}/proc" eval _hostname=\"\$jail_${_j}_hostname\" eval _ip=\"\$jail_${_j}_ip\" - eval _ipv6=\"\$jail_${_j}_ipv6\" eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\" eval _exec=\"\$jail_${_j}_exec\" eval _exec_start=\"\${jail_${_j}_exec_start:-${jail_exec_start}}\" @@ -93,7 +92,6 @@ debug "$_j mount enable: $_mount" debug "$_j hostname: $_hostname" debug "$_j ip: $_ip" - debug "$_j ipv6: $_ipv6" debug "$_j interface: $_interface" debug "$_j root: $_rootdir" debug "$_j devdir: $_devdir" @@ -297,12 +295,7 @@ continue; fi if [ -n "${_interface}" ]; then - for __ip in ${_ip}; do - ifconfig ${_interface} alias ${__ip} netmask 255.255.255.255 - done - for __ipv6 in ${_ipv6}; do - ifconfig ${_interface} inet6 alias ${__ipv6} prefixlen 128 - done + ifconfig ${_interface} alias ${_ip} netmask 255.255.255.255 fi if checkyesno _mount; then info "Mounting fstab for jail ${_jail} (${_fstab})" @@ -358,7 +351,7 @@ fi _tmp_jail=${_tmp_dir}/jail.$$ eval jail ${_flags} -i ${_rootdir} ${_hostname} \ - $(echo ${_ip} ${_ipv6} | tr ' ' ',') ${_exec_start} > ${_tmp_jail} 2>&1 + ${_ip} ${_exec_start} > ${_tmp_jail} 2>&1 if [ "$?" -eq 0 ] ; then _jail_id=$(head -1 ${_tmp_jail}) @@ -380,12 +373,7 @@ else jail_umount_fs if [ -n "${_interface}" ]; then - for __ip in ${_ip}; do - ifconfig ${_interface} -alias ${_ip} - done - for __ipv6 in ${_ipv6}; do - ifconfig ${_interface} inet6 ${_ipv6} -alias - done + ifconfig ${_interface} -alias ${_ip} fi echo " cannot start jail \"${_jail}\": " tail +2 ${_tmp_jail} @@ -416,12 +404,7 @@ echo -n " $_hostname" fi if [ -n "${_interface}" ]; then - for __ip in ${_ip}; do - ifconfig ${_interface} -alias ${_ip} - done - for __ipv6 in ${_ipv6}; do - ifconfig ${_interface} inet6 ${_ipv6} -alias - done + ifconfig ${_interface} -alias ${_ip} fi rm /var/run/jail_${_jail}.id else --Apple-Mail-93--559366394 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Regards, Ruben --Apple-Mail-93--559366394-- --Apple-Mail-94--559366149 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (Darwin) iD8DBQFIW7pgZ88+mcQxRw0RAnAsAJ9fqPTf2McK4Skveus0NeegBE5W/gCfcaf9 K4uA0kMaEp1GXQJB2Qs1NB8= =/WKT -----END PGP SIGNATURE----- --Apple-Mail-94--559366149-- From owner-freebsd-jail@FreeBSD.ORG Sat Jun 21 17:35:05 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1A8EF1065671 for ; Sat, 21 Jun 2008 17:35:05 +0000 (UTC) (envelope-from alexus@gmail.com) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.239]) by mx1.freebsd.org (Postfix) with ESMTP id E973C8FC13 for ; Sat, 21 Jun 2008 17:35:04 +0000 (UTC) (envelope-from alexus@gmail.com) Received: by rv-out-0506.google.com with SMTP id b25so8521348rvf.43 for ; Sat, 21 Jun 2008 10:35:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=bFje3KwpGnNUaunLoLwDG25h24UG7kV9utiCSj3BRrY=; b=XNv3+yxnAv2j+yg7Yh9ZJWI0ZfaaP9t3x+NZKoX4XKqyoh82EuSH81J34ELV0SQcfg I4kBCbPqQLcYSQotFQea45nFCOBv8bW/Bc0+LoDyjiLxOkaNDIwj+6is/dn5GfUdOlFn BR3gv3KHgAjvzfv/iDH+O3OmxLGejOMyzelGc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=WBXtkwmfwT5KnB/kTBjuaflGOdRj/HJLKWDyx4fU3+RU6wvIB15O3w3lzmuF2VIcjn swndMzK2w9FcI7jGzqgoU06prW9WrAhlspLGTKnBu9QUOMU88GMg6kJh0m8U1oYmX01E kMMTQJsPZQkVSPXC9KitaIF1XutGFZsPlANPQ= Received: by 10.141.202.12 with SMTP id e12mr9629433rvq.273.1214069704458; Sat, 21 Jun 2008 10:35:04 -0700 (PDT) Received: by 10.114.67.7 with HTTP; Sat, 21 Jun 2008 10:35:04 -0700 (PDT) Message-ID: <6ae50c2d0806211035y73e09f15xde28403b824eb421@mail.gmail.com> Date: Sat, 21 Jun 2008 13:35:04 -0400 From: alexus To: "Ruben van Staveren" In-Reply-To: <78553FE8-BB3A-4AD5-9926-7B095260741D@verweg.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <78553FE8-BB3A-4AD5-9926-7B095260741D@verweg.com> Cc: freebsd-jail@freebsd.org Subject: Re: new set of multi-IPv4/v6/noIP jail patches X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Jun 2008 17:35:05 -0000 cc -c -O -pipe -std=c99 -g -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -Wundef -Wno-pointer-sign -fformat-extensions -nostdinc -I. -I/usr/src/sys -I/usr/src/sys/contrib/altq -D_KERNEL -DHAVE_KERNEL_OPTION_HEADERS -include opt_global.h -fno-common -finline-limit=8000 --param inline-unit-growth=100 --param large-function-growth=1000 -mno-align-long-strings -mpreferred-stack-boundary=2 -mno-mmx -mno-3dnow -mno-sse -mno-sse2 -mno-sse3 -ffreestanding -Werror /usr/src/sys/kern/kern_jail.c cc1: warnings being treated as errors /usr/src/sys/kern/kern_jail.c: In function 'prison_if': /usr/src/sys/kern/kern_jail.c:876: warning: unused variable 'sai6' *** Error code 1 Stop in /usr/obj/usr/src/sys/t. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. bash-3.2# On Fri, Jun 20, 2008 at 10:10 AM, Ruben van Staveren wrote: > >> Maybe Im stupid, but I cant figure out the syntax in rc.conf for multiple >> ips. > > > You might try this patch against /etc/rc.d/jail to help starting > multi-IPv4/v6/no-IP jails > > Just the 1st iteration > > open issues > > * add support for no-IP jails > * handle ipv6 addresses more cleanly (support notations like > 2001:888:1029::10.1.1.1, 2001:888:1029:0:0:0:0:1) > > this is because you'll get "address not assigned" errors because ifconfig > doesn't seem to make the v6 address canonical. This only happens when you > stop the jail btw. > > you'll need to stuff v6 stuff in _ipv6 variables though. > > > > > > > Regards, > Ruben > > > -- http://alexus.org/ From owner-freebsd-jail@FreeBSD.ORG Sat Jun 21 17:37:08 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5CD661065670 for ; Sat, 21 Jun 2008 17:37:08 +0000 (UTC) (envelope-from alexus@gmail.com) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.235]) by mx1.freebsd.org (Postfix) with ESMTP id 37BFD8FC13 for ; Sat, 21 Jun 2008 17:37:08 +0000 (UTC) (envelope-from alexus@gmail.com) Received: by rv-out-0506.google.com with SMTP id b25so8522061rvf.43 for ; Sat, 21 Jun 2008 10:37:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=QeYyLIvA8jH/z2PRUd+367uyg9madQPuifsz5gE8Gcw=; b=GcgS8lNO9J9P2rtRgp9x4w9BT4JjxKYlp1ipXzvkoMi8ieMFoXix1ogupPsfA0Jpwn YsqF7KbW8qry33cE3KUvOa8mHyhZRsA2ZQAlZBUUrHB2u8dkca05Vbf4ecAOFF5qym9b NHowpxyAFOgycKvV9YnPoFWjKsX8GtU4H/m8c= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=JQbfLeshakq5m5GdNJzpqRQKyG4OYDPsy44W/p0ac3/COwRqPXh4gFn8lnDtbsYVXh bvEA8s+HMYcdB15Jnu5S4fcLhfjeoSox6GV5YF6zpq7kFEZ0Xd+s+csDb5JJIbe7oBKt twVusqeSjhX0OYaDbAHgMMCHibelX2/NAGNnk= Received: by 10.140.172.19 with SMTP id u19mr9672671rve.133.1214069827974; Sat, 21 Jun 2008 10:37:07 -0700 (PDT) Received: by 10.114.67.7 with HTTP; Sat, 21 Jun 2008 10:37:07 -0700 (PDT) Message-ID: <6ae50c2d0806211037g31d8e9beqeea36b480ee62f3b@mail.gmail.com> Date: Sat, 21 Jun 2008 13:37:07 -0400 From: alexus To: "Ruben van Staveren" In-Reply-To: <6ae50c2d0806211035y73e09f15xde28403b824eb421@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <78553FE8-BB3A-4AD5-9926-7B095260741D@verweg.com> <6ae50c2d0806211035y73e09f15xde28403b824eb421@mail.gmail.com> Cc: freebsd-jail@freebsd.org Subject: Re: new set of multi-IPv4/v6/noIP jail patches X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Jun 2008 17:37:08 -0000 this is against http://sources.zabbadoz.net/freebsd/jail/20080617-01-jail-7.0R.diff with 7.0-RELEASE-p2 On Sat, Jun 21, 2008 at 1:35 PM, alexus wrote: > cc -c -O -pipe -std=c99 -g -Wall -Wredundant-decls -Wnested-externs > -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline > -Wcast-qual -Wundef -Wno-pointer-sign -fformat-extensions -nostdinc > -I. -I/usr/src/sys -I/usr/src/sys/contrib/altq -D_KERNEL > -DHAVE_KERNEL_OPTION_HEADERS -include opt_global.h -fno-common > -finline-limit=8000 --param inline-unit-growth=100 --param > large-function-growth=1000 -mno-align-long-strings > -mpreferred-stack-boundary=2 -mno-mmx -mno-3dnow -mno-sse -mno-sse2 > -mno-sse3 -ffreestanding -Werror /usr/src/sys/kern/kern_jail.c > cc1: warnings being treated as errors > /usr/src/sys/kern/kern_jail.c: In function 'prison_if': > /usr/src/sys/kern/kern_jail.c:876: warning: unused variable 'sai6' > *** Error code 1 > > Stop in /usr/obj/usr/src/sys/t. > *** Error code 1 > > Stop in /usr/src. > *** Error code 1 > > Stop in /usr/src. > bash-3.2# > > On Fri, Jun 20, 2008 at 10:10 AM, Ruben van Staveren wrote: >> >>> Maybe Im stupid, but I cant figure out the syntax in rc.conf for multiple >>> ips. >> >> >> You might try this patch against /etc/rc.d/jail to help starting >> multi-IPv4/v6/no-IP jails >> >> Just the 1st iteration >> >> open issues >> >> * add support for no-IP jails >> * handle ipv6 addresses more cleanly (support notations like >> 2001:888:1029::10.1.1.1, 2001:888:1029:0:0:0:0:1) >> >> this is because you'll get "address not assigned" errors because ifconfig >> doesn't seem to make the v6 address canonical. This only happens when you >> stop the jail btw. >> >> you'll need to stuff v6 stuff in _ipv6 variables though. >> >> >> >> >> >> >> Regards, >> Ruben >> >> >> > > > > -- > http://alexus.org/ > -- http://alexus.org/ From owner-freebsd-jail@FreeBSD.ORG Sat Jun 21 17:51:00 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DA72E106567A for ; Sat, 21 Jun 2008 17:51:00 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from postfix1-g20.free.fr (postfix1-g20.free.fr [212.27.60.42]) by mx1.freebsd.org (Postfix) with ESMTP id A03538FC15 for ; Sat, 21 Jun 2008 17:51:00 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from smtp5-g19.free.fr (smtp5-g19.free.fr [212.27.42.35]) by postfix1-g20.free.fr (Postfix) with ESMTP id 17998278CACC for ; Sat, 21 Jun 2008 19:25:46 +0200 (CEST) Received: from smtp5-g19.free.fr (localhost.localdomain [127.0.0.1]) by smtp5-g19.free.fr (Postfix) with ESMTP id 02C1F3F6276; Sat, 21 Jun 2008 19:25:45 +0200 (CEST) Received: from tatooine.tataz.chchile.org (tataz.chchile.org [82.233.239.98]) by smtp5-g19.free.fr (Postfix) with ESMTP id E551D3F6253; Sat, 21 Jun 2008 19:25:44 +0200 (CEST) Received: from obiwan.tataz.chchile.org (unknown [192.168.1.25]) by tatooine.tataz.chchile.org (Postfix) with ESMTP id 73E219B497; Sat, 21 Jun 2008 17:21:25 +0000 (UTC) Received: by obiwan.tataz.chchile.org (Postfix, from userid 1000) id 63EFF4089; Sat, 21 Jun 2008 19:21:25 +0200 (CEST) Date: Sat, 21 Jun 2008 19:21:25 +0200 From: Jeremie Le Hen To: cco1817-0@yahoo.de Message-ID: <20080621172125.GQ46885@obiwan.tataz.chchile.org> References: <192473.80058.qm@web27606.mail.ukl.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <192473.80058.qm@web27606.mail.ukl.yahoo.com> User-Agent: Mutt/1.5.15 (2007-04-06) Cc: freebsd-jail@freebsd.org Subject: Re: Populating a jail with "make world"??? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Jun 2008 17:51:00 -0000 Hi, On Thu, Jun 12, 2008 at 11:23:19PM +0000, cco1817-0@yahoo.de wrote: > Hello, > > I'm about to learn how to use jails and I've some confusions after > reading the handbook and some other ressources. > > Chapter 23.4 warns "do not use make world". Chapter 15.4 invites me > to use "make world" etc. to populate a jail. "make world" does the following: for each directory: compile install "make buildworld installworld" does the following: for each directory: compile for each directory install Using "make world" to create a jail is harmless, but using "make world" to update a running jail or the host may lead to temporary inconsistencies on the system during the process. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > From owner-freebsd-jail@FreeBSD.ORG Sat Jun 21 21:35:08 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 14106106567A for ; Sat, 21 Jun 2008 21:35:08 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id C9DDF8FC0A for ; Sat, 21 Jun 2008 21:35:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id E647741C758; Sat, 21 Jun 2008 23:35:05 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id 9zbRkrfmnmql; Sat, 21 Jun 2008 23:35:05 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 8486C41C756; Sat, 21 Jun 2008 23:35:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id E096844487F; Sat, 21 Jun 2008 21:32:30 +0000 (UTC) Date: Sat, 21 Jun 2008 21:32:30 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: alexus In-Reply-To: <6ae50c2d0806211037g31d8e9beqeea36b480ee62f3b@mail.gmail.com> Message-ID: <20080621212933.J83875@maildrop.int.zabbadoz.net> References: <78553FE8-BB3A-4AD5-9926-7B095260741D@verweg.com> <6ae50c2d0806211035y73e09f15xde28403b824eb421@mail.gmail.com> <6ae50c2d0806211037g31d8e9beqeea36b480ee62f3b@mail.gmail.com> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-jail@freebsd.org Subject: Re: new set of multi-IPv4/v6/noIP jail patches X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Jun 2008 21:35:08 -0000 On Sat, 21 Jun 2008, alexus wrote: > this is against > http://sources.zabbadoz.net/freebsd/jail/20080617-01-jail-7.0R.diff > with 7.0-RELEASE-p2 > > On Sat, Jun 21, 2008 at 1:35 PM, alexus wrote: >> cc -c -O -pipe -std=c99 -g -Wall -Wredundant-decls -Wnested-externs >> -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline >> -Wcast-qual -Wundef -Wno-pointer-sign -fformat-extensions -nostdinc >> -I. -I/usr/src/sys -I/usr/src/sys/contrib/altq -D_KERNEL >> -DHAVE_KERNEL_OPTION_HEADERS -include opt_global.h -fno-common >> -finline-limit=8000 --param inline-unit-growth=100 --param >> large-function-growth=1000 -mno-align-long-strings >> -mpreferred-stack-boundary=2 -mno-mmx -mno-3dnow -mno-sse -mno-sse2 >> -mno-sse3 -ffreestanding -Werror /usr/src/sys/kern/kern_jail.c >> cc1: warnings being treated as errors >> /usr/src/sys/kern/kern_jail.c: In function 'prison_if': >> /usr/src/sys/kern/kern_jail.c:876: warning: unused variable 'sai6' >> *** Error code 1 Are you building without INET6 in your kernel config? This should fix it: struct sockaddr_in *sai; +#ifdef INET6 struct sockaddr_in6 *sai6; +#endif int ok; I'll commit it and you'll have it with the next patchset. /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game.