From owner-freebsd-jail@FreeBSD.ORG Mon Jan 5 11:06:54 2009 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B0C3D106566C for ; Mon, 5 Jan 2009 11:06:54 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 9E52A8FC20 for ; Mon, 5 Jan 2009 11:06:54 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n05B6s0h002831 for ; Mon, 5 Jan 2009 11:06:54 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n05B6sTu002827 for freebsd-jail@FreeBSD.org; Mon, 5 Jan 2009 11:06:54 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 5 Jan 2009 11:06:54 GMT Message-Id: <200901051106.n05B6sTu002827@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Jan 2009 11:06:54 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid s kern/89528 jail [jail] [patch] impossible to kill a jail o kern/72498 jail [libc] [jail] timestamp code on jailed SMP machine gen o kern/68192 jail [quotas] [jail] Cannot use quotas on jailed systems o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with 6 problems total. From owner-freebsd-jail@FreeBSD.ORG Tue Jan 6 14:57:25 2009 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A86F5106564A for ; Tue, 6 Jan 2009 14:57:25 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from blade2-ext.obspm.fr (blade2-ext.obspm.fr [145.238.186.8]) by mx1.freebsd.org (Postfix) with ESMTP id 430C68FC13 for ; Tue, 6 Jan 2009 14:57:25 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from obspm.fr (pcjas.obspm.fr [145.238.184.233]) by blade2-ext.obspm.fr (8.13.8/8.13.8/SIO Observatoire de Paris - 15/11/07) with ESMTP id n06EvGj0002797 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 6 Jan 2009 15:57:17 +0100 Date: Tue, 6 Jan 2009 15:57:16 +0100 From: Albert Shih To: Kurt Jaeger Message-ID: <20090106145716.GE94159@obspm.fr> References: <20081217210542.GA25347@obspm.fr> <20081218172218.GE3080@home.opsec.eu> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20081218172218.GE3080@home.opsec.eu> User-Agent: Mutt/1.5.18 (2008-05-17) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0 (blade2-ext.obspm.fr [145.238.186.20]); Tue, 06 Jan 2009 15:57:17 +0100 (CET) X-Virus-Scanned: ClamAV 0.94.2/8839/Tue Jan 6 15:09:27 2009 on blade2-ext.obspm.fr X-Virus-Status: Clean Cc: freebsd-jail@FreeBSD.org Subject: Re: Nagios & Jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Albert.Shih@obspm.fr List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Jan 2009 14:57:25 -0000 Le 18/12/2008 à 18:22:18+0100, Kurt Jaeger a écrit > Hi! > > > I've a problem with check_ping. > > > > [root@]# /usr/local/libexec/nagios/check_ping -H some_host -w 3000.0,80% -c 5000.0,100% -p 5 > > CRITICAL - You need more args!!! > > Could not open pipe: > > > Anyone have succefully install a nagios server in a jail ? First : Happy new years. > > Yes, and I think it's not a problem with ICMP sockets, but with > the version of check_ping and what it's calling. > > Please try > > ./check_ping -v -v -v -H 212.71.195.58 -w 300.0,80% -c 500.0,100% -p 5 > > and tell us which version of ping it is calling. > Thanks for your answers. In fact I found the problem : When I compile nagios-plugin ports in a jail the «configure» don't find syntax of ping : checking for ping... /sbin/ping checking for ping6... /sbin/ping6 checking for ICMP ping syntax... configure: WARNING: unable to find usable ping syntax But if I compile the same ports in a «normal» server (both are amd64). checking for ping... /sbin/ping checking for ping6... /sbin/ping6 checking for ICMP ping syntax... /sbin/ping -n -c %d %s checking for ICMPv6 ping syntax... /sbin/ping6 -n -c %d %s So if I use the check_ping produce by compiling in a no-jail server on a jail-server it's working. I think it's a bug about the nagios-plugins ports. What you think ? In fact that's not very important because I'm going to use check_fping Thanks again for your answer. Regards. JAS -- Albert SHIH SIO batiment 15 Observatoire de Paris Meudon 5 Place Jules Janssen 92195 Meudon Cedex Téléphone : 01 45 07 76 26 Heure local/Local time: Mar 6 jan 2009 15:48:55 CET From owner-freebsd-jail@FreeBSD.ORG Tue Jan 6 15:10:08 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 358F6106566B for ; Tue, 6 Jan 2009 15:10:08 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id E10EB8FC14 for ; Tue, 6 Jan 2009 15:10:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id B7D6C41C6A7; Tue, 6 Jan 2009 16:10:05 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id nXrmq8wJETlF; Tue, 6 Jan 2009 16:10:05 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id 611F641C679; Tue, 6 Jan 2009 16:10:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 7F6764448DD; Tue, 6 Jan 2009 15:06:37 +0000 (UTC) Date: Tue, 6 Jan 2009 15:06:37 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Albert Shih In-Reply-To: <20090106145716.GE94159@obspm.fr> Message-ID: <20090106150352.B45399@maildrop.int.zabbadoz.net> References: <20081217210542.GA25347@obspm.fr> <20081218172218.GE3080@home.opsec.eu> <20090106145716.GE94159@obspm.fr> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-375562791-1231254397=:45399" Cc: freebsd-jail@FreeBSD.org Subject: Re: Nagios & Jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Jan 2009 15:10:08 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-375562791-1231254397=:45399 Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: QUOTED-PRINTABLE On Tue, 6 Jan 2009, Albert Shih wrote: > In fact I found the problem : > > When I compile nagios-plugin ports in a jail the =ABconfigure=BB don't fi= nd > syntax of ping : > > checking for ping... /sbin/ping > checking for ping6... /sbin/ping6 > checking for ICMP ping syntax... configure: WARNING: unable to find usabl= e ping syntax > > But if I compile the same ports in a =ABnormal=BB server (both are amd64)= =2E > > checking for ping... /sbin/ping > checking for ping6... /sbin/ping6 > checking for ICMP ping syntax... /sbin/ping -n -c %d %s > checking for ICMPv6 ping syntax... /sbin/ping6 -n -c %d %s > > So if I use the check_ping produce by compiling in a no-jail server on a > jail-server it's working. > > I think it's a bug about the nagios-plugins ports. What you think ? I think most of all configure stuff out there is ... ok, if you compile the port inside a jail and permit raw sockets, does it work then --=20 either by using the rc.conf option and restarting the jail with rc.d/jail or using sysctl security.jail.allow_raw_sockets=3D1 ? It smells it tries to execute a ping command and that does not succeed. /bz --=20 Bjoern A. Zeeb The greatest risk is not taking one. --0-375562791-1231254397=:45399-- From owner-freebsd-jail@FreeBSD.ORG Tue Jan 6 16:03:36 2009 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 18E391065680 for ; Tue, 6 Jan 2009 16:03:36 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from blade2-ext.obspm.fr (blade2-ext.obspm.fr [145.238.186.8]) by mx1.freebsd.org (Postfix) with ESMTP id A41E28FC17 for ; Tue, 6 Jan 2009 16:03:35 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from obspm.fr (pcjas.obspm.fr [145.238.184.233]) by blade2-ext.obspm.fr (8.13.8/8.13.8/SIO Observatoire de Paris - 15/11/07) with ESMTP id n06G3Xrc031809 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 6 Jan 2009 17:03:34 +0100 Date: Tue, 6 Jan 2009 17:03:33 +0100 From: Albert Shih To: "Bjoern A. Zeeb" Message-ID: <20090106160333.GA99388@obspm.fr> References: <20081217210542.GA25347@obspm.fr> <20081218172218.GE3080@home.opsec.eu> <20090106145716.GE94159@obspm.fr> <20090106150352.B45399@maildrop.int.zabbadoz.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20090106150352.B45399@maildrop.int.zabbadoz.net> User-Agent: Mutt/1.5.18 (2008-05-17) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0 (blade2-ext.obspm.fr [145.238.186.20]); Tue, 06 Jan 2009 17:03:34 +0100 (CET) X-Virus-Scanned: ClamAV 0.94.2/8839/Tue Jan 6 15:09:27 2009 on blade2-ext.obspm.fr X-Virus-Status: Clean Cc: freebsd-jail@FreeBSD.org Subject: Re: Nagios & Jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Albert.Shih@obspm.fr List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Jan 2009 16:03:36 -0000 Le 06/01/2009 à 15:06:37+0000, Bjoern A. Zeeb a écrit > On Tue, 6 Jan 2009, Albert Shih wrote: > > > In fact I found the problem : > > > > When I compile nagios-plugin ports in a jail the «configure» don't find > > syntax of ping : > > > > checking for ping... /sbin/ping > > checking for ping6... /sbin/ping6 > > checking for ICMP ping syntax... configure: WARNING: unable to find usable ping syntax > > > > But if I compile the same ports in a «normal» server (both are amd64). > > > > checking for ping... /sbin/ping > > checking for ping6... /sbin/ping6 > > checking for ICMP ping syntax... /sbin/ping -n -c %d %s > > checking for ICMPv6 ping syntax... /sbin/ping6 -n -c %d %s > > > > So if I use the check_ping produce by compiling in a no-jail server on a > > jail-server it's working. > > > > I think it's a bug about the nagios-plugins ports. What you think ? > > I think most of all configure stuff out there is ... ok, if you > compile the port inside a jail and permit raw sockets, does it work > then -- > either by using the rc.conf option and restarting the jail with > rc.d/jail or using sysctl security.jail.allow_raw_sockets=1 ? You mean I MUST restart the jail after I change the sysctl value ? Because after I change it, I can make a ping from inside the jail without restarting the jail. Well I'm going to make a new jail to check that (all other jail is in production). > > It smells it tries to execute a ping command and that does not > succeed. Yes. I agree. Regards. -- Albert SHIH SIO batiment 15 Observatoire de Paris Meudon 5 Place Jules Janssen 92195 Meudon Cedex Heure local/Local time: Mar 6 jan 2009 17:02:12 CET From owner-freebsd-jail@FreeBSD.ORG Tue Jan 6 16:15:09 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 818C6106566C for ; Tue, 6 Jan 2009 16:15:09 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id 383678FC13 for ; Tue, 6 Jan 2009 16:15:09 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 47DDF41C667; Tue, 6 Jan 2009 17:15:06 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id QDsnoFvree7b; Tue, 6 Jan 2009 17:15:05 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id DD1B241C63C; Tue, 6 Jan 2009 17:15:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id AF57D4448DD; Tue, 6 Jan 2009 16:12:20 +0000 (UTC) Date: Tue, 6 Jan 2009 16:12:20 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Albert Shih In-Reply-To: <20090106160333.GA99388@obspm.fr> Message-ID: <20090106160922.B45399@maildrop.int.zabbadoz.net> References: <20081217210542.GA25347@obspm.fr> <20081218172218.GE3080@home.opsec.eu> <20090106145716.GE94159@obspm.fr> <20090106150352.B45399@maildrop.int.zabbadoz.net> <20090106160333.GA99388@obspm.fr> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-494945514-1231258340=:45399" Cc: freebsd-jail@FreeBSD.org Subject: Re: Nagios & Jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Jan 2009 16:15:09 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-494945514-1231258340=:45399 Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: QUOTED-PRINTABLE On Tue, 6 Jan 2009, Albert Shih wrote: > Le 06/01/2009 =E0 15:06:37+0000, Bjoern A. Zeeb a =E9crit >> On Tue, 6 Jan 2009, Albert Shih wrote: >> >>> In fact I found the problem : >>> >>> When I compile nagios-plugin ports in a jail the =ABconfigure=BB don't = find >>> syntax of ping : >>> >>> checking for ping... /sbin/ping >>> checking for ping6... /sbin/ping6 >>> checking for ICMP ping syntax... configure: WARNING: unable to find usa= ble ping syntax >>> >>> But if I compile the same ports in a =ABnormal=BB server (both are amd6= 4). >>> >>> checking for ping... /sbin/ping >>> checking for ping6... /sbin/ping6 >>> checking for ICMP ping syntax... /sbin/ping -n -c %d %s >>> checking for ICMPv6 ping syntax... /sbin/ping6 -n -c %d %s >>> >>> So if I use the check_ping produce by compiling in a no-jail server on = a >>> jail-server it's working. >>> >>> I think it's a bug about the nagios-plugins ports. What you think ? >> >> I think most of all configure stuff out there is ... ok, if you >> compile the port inside a jail and permit raw sockets, does it work >> then -- >> either by using the rc.conf option and restarting the jail with >> rc.d/jail or using sysctl security.jail.allow_raw_sockets=3D1 ? > > You mean I MUST restart the jail after I change the sysctl value ? Becaus= e > after I change it, I can make a ping from inside the jail without > restarting the jail. > > Well I'm going to make a new jail to check that (all other jail is in > production). No, if you manually change the sysctl it's all fine and production immediately. If you change the option .. wait; my fault, raw sockets is not supported by the rc framework in contrast to other things, so there is no option there. I confused this with jail_socket_unixiproute_only in which case just changing it in rc.conf would not be sufficient. /bz --=20 Bjoern A. Zeeb The greatest risk is not taking one. --0-494945514-1231258340=:45399-- From owner-freebsd-jail@FreeBSD.ORG Thu Jan 8 10:07:07 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4D9DD1065670 for ; Thu, 8 Jan 2009 10:07:07 +0000 (UTC) (envelope-from bsemene@cyanide-studio.com) Received: from relay.cyanide-studio.com (relay.cyanide-studio.com [91.121.7.6]) by mx1.freebsd.org (Postfix) with ESMTP id 0C3418FC14 for ; Thu, 8 Jan 2009 10:07:06 +0000 (UTC) (envelope-from bsemene@cyanide-studio.com) Received: from mail.cyanide-studio.com (LAubervilliers-153-52-12-153.w217-128.abo.wanadoo.fr [217.128.107.153]) by relay.cyanide-studio.com (Postfix) with ESMTP id 37C84963FA5 for ; Thu, 8 Jan 2009 09:46:33 +0000 (UTC) Received: from localhost (unknown [10.1.8.14]) by mail.cyanide-studio.com (Postfix) with ESMTP id DAD6317BDC4D for ; Thu, 8 Jan 2009 10:46:32 +0100 (CET) Received: from mail.cyanide-studio.com ([10.1.8.3]) by localhost (mailguard.cyanide-studio.com [10.1.8.14]) (amavisd-maia, port 10024) with ESMTP id 84134-05 for ; Thu, 8 Jan 2009 10:46:32 +0100 (CET) Received: from [10.1.8.220] (unknown [10.1.8.220]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: bsemene@cyanide-studio.com) by mail.cyanide-studio.com (Postfix) with ESMTP id B640E17BDC33 for ; Thu, 8 Jan 2009 10:46:32 +0100 (CET) Message-ID: <4965CB78.8000105@cyanide-studio.com> Date: Thu, 08 Jan 2009 10:46:32 +0100 From: Bastien Semene User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Subject: Importing sources to build the basejail. X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Jan 2009 10:07:07 -0000 Hi, I'm new to the list and unfortunately I come with a problem. My problem is that jails cannot start pseudo terminals. I found the "software" problem but I think the origin is out there. The host OS (FreeBSD 7.0) has been installed by a procedure from my server provider, but it doesn't contain the src. So I imported the src from another FreeBSD 7.0 server. It worked for making world and building the basejail but generated the following error and maybe others I can't see for the moment. So I wish to find a safe way to import sources to build a correct basejail. If anyone can point me a place where to find it or some advices I'll be glad. Thank you. -- Bastien Semene Administrateur Réseau & Système admin@cyanide-studio.com +33 (0)1 47 86 30 80 +33 (0)6 74 91 57 08 Cyanide S.A. 5, Boulevard des Bouvets 92000 Nanterre - FRANCE From owner-freebsd-jail@FreeBSD.ORG Thu Jan 8 11:04:20 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2AB75106566B for ; Thu, 8 Jan 2009 11:04:20 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id D56298FC12 for ; Thu, 8 Jan 2009 11:04:19 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 2973041C6A1; Thu, 8 Jan 2009 12:04:18 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id QzAEyhw0ivf6; Thu, 8 Jan 2009 12:04:17 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id 9DD3F41C69F; Thu, 8 Jan 2009 12:04:17 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 517684448DD; Thu, 8 Jan 2009 11:03:40 +0000 (UTC) Date: Thu, 8 Jan 2009 11:03:39 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: freebsd-jail@freebsd.org Message-ID: <20090108104801.H45399@maildrop.int.zabbadoz.net> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Ruslan Ermilov Subject: jail startup script for multi-IPs + ifconfig *sigh* stuff X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Jan 2009 11:04:20 -0000 Hi, I have a barely tested patch to rc.d/jail for HEAD (or the multi-IP jail patch on 7) with the defaults/rc.conf and a for sure enhanceable rc.conf.5 patch here: http://people.freebsd.org/~bz/20090108-02-rc-jail.diff For everyone who wants to grab the entire rc.d/jail file, fetch it from http://people.freebsd.org/~bz/jail This entire patch is only needed for thos people who like to get their IPs configured/deconfigured upon jail start/stop and you see what a mess of extra code this gives -- I am sure someone could improve the sh(1) code but ... I do NOT like this and neither do other people who will need to approve this to go in. I have been trying to support (most, all but the _netmask) from the old version so you can still only give a single IP, or an IP list (of mixed address families) but you can now also leave the IP part entirely empty and start a no-IP jail or add a _multi with n starting at 0 (like with _alias) and give the IPs on an extra line each. If you want to give an interface you can still use the jaiL_interface or jail__interface but you can also give an interface per address now in that you prefix the address with "ifName|" (yes a pipe and no blanks!). If you want to give a netmask you can suffix an address with one of those: - "/" -- prefix notation, no spaces allowed - " netmask a.b.c.d" -- netmask with a space between the adress and the work "netmask" and a full dot-quad mask. You are not allowed to be clever and wirte "netmask a.b.c" - " prefixlen n" -- similar to netmask but for v6 Obviously netmask will not work for a v6 address and prefixlen not for v4 as what you give is directly passed to ifconfig. If you give "interface" but no "netmask" '/32' is assumed for v4 and '/128' for v6. Anything I missed? What I want to know from you: 1) does you current rc.conf setup work if you just replace /etc/rc.d/jail? (keep a backup of the old - outside of that directory!) 2) does this work for all the features *sigh* you need? 3) does it work with whatever management tool you use for jails? 4) any other comments? In case there are bugs or problems, let me know - I'll update and repost links. /bz PS: special thanks to Ruben van Staveren who had maintained a (slightly) different version supporting v4/v6 ifconfig all the time! -- Bjoern A. Zeeb The greatest risk is not taking one. From owner-freebsd-jail@FreeBSD.ORG Thu Jan 8 11:21:03 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0FFAA106566C for ; Thu, 8 Jan 2009 11:21:03 +0000 (UTC) (envelope-from michel@douyere.com) Received: from postfix1-g20.free.fr (postfix1-g20.free.fr [212.27.60.42]) by mx1.freebsd.org (Postfix) with ESMTP id C5C418FC13 for ; Thu, 8 Jan 2009 11:21:02 +0000 (UTC) (envelope-from michel@douyere.com) Received: from smtp2-g21.free.fr (smtp2-g21.free.fr [212.27.42.2]) by postfix1-g20.free.fr (Postfix) with ESMTP id 700A72F92036 for ; Thu, 8 Jan 2009 11:53:06 +0100 (CET) Received: from smtp2-g21.free.fr (localhost [127.0.0.1]) by smtp2-g21.free.fr (Postfix) with ESMTP id 19FB04B009D for ; Thu, 8 Jan 2009 11:53:00 +0100 (CET) Received: from cyan.douyere.com (laf31-3-82-225-216-24.fbx.proxad.net [82.225.216.24]) by smtp2-g21.free.fr (Postfix) with ESMTP id 2DCD84B0089 for ; Thu, 8 Jan 2009 11:52:58 +0100 (CET) From: Michel To: freebsd-jail@freebsd.org Date: Thu, 8 Jan 2009 11:52:57 +0100 User-Agent: KMail/1.9.10 References: <4965CB78.8000105@cyanide-studio.com> In-Reply-To: <4965CB78.8000105@cyanide-studio.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200901081152.57292.michel@douyere.com> Subject: Re: Importing sources to build the basejail. X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Jan 2009 11:21:03 -0000 Le jeudi 8 janvier 2009, Bastien Semene a =E9crit=A0: > Hi, > > I'm new to the list and unfortunately I come with a problem. > > My problem is that jails cannot start pseudo terminals. I found the > "software" problem but I think the origin is out there. > The host OS (FreeBSD 7.0) has been installed by a procedure from my > server provider, but it doesn't contain the src. > So I imported the src from another FreeBSD 7.0 server. It worked for > making world and building the basejail but generated the following error > and maybe others I can't see for the moment. > > So I wish to find a safe way to import sources to build a correct > basejail. If anyone can point me a place where to find it or some > advices I'll be glad. > Thank you. Try : sysinstall > Configure > Distributions > src Michel From owner-freebsd-jail@FreeBSD.ORG Fri Jan 9 13:15:06 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F2FE0106564A for ; Fri, 9 Jan 2009 13:15:06 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id 81C568FC17 for ; Fri, 9 Jan 2009 13:15:06 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id B4A4F41C64C for ; Fri, 9 Jan 2009 14:15:05 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id 8mzqE+podpYI for ; Fri, 9 Jan 2009 14:15:05 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id 3AAAF41C679; Fri, 9 Jan 2009 14:15:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 0C7F04448DD for ; Fri, 9 Jan 2009 13:14:56 +0000 (UTC) Date: Fri, 9 Jan 2009 13:14:55 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: freebsd-jail@freebsd.org Message-ID: <20090109131142.O45399@maildrop.int.zabbadoz.net> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: Problems with Samba -- svn commit: r186948 - in head/sys: netinet netinet6 (fwd) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Jan 2009 13:15:07 -0000 Hi, in case anyone had trouble for example with Samba inside a jail (and had to set interfaces = ...) you may want to update to this on HEAD or grab the patch form the PR if you are running the multi-IP jail patch. I'll include this in the next (upcoming) patchset. /bz -- Bjoern A. Zeeb The greatest risk is not taking one. ---------- Forwarded message ---------- Date: Fri, 9 Jan 2009 13:06:57 +0000 (UTC) From: Bjoern A. Zeeb To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r186948 - in head/sys: netinet netinet6 Author: bz Date: Fri Jan 9 13:06:56 2009 New Revision: 186948 URL: http://svn.freebsd.org/changeset/base/186948 Log: Make SIOCGIFADDR and related, as well as SIOCGIFADDR_IN6 and related jail-aware. Up to now we returned the first address of the interface for SIOCGIFADDR w/o an ifr_addr in the query. This caused problems for programs querying for an address but running inside a jail, as the address returned usually did not belong to the jail. Like for v6, if there was an ifr_addr given on v4, you could probe for more addresses on the interfaces that you were not allowed to see from inside a jail. Return an error (EADDRNOTAVAIL) in that case now unless the address is on the given interface and valid for the jail. PR: kern/114325 Reviewed by: rwatson MFC after: 4 weeks Modified: head/sys/netinet/in.c head/sys/netinet6/in6.c Modified: head/sys/netinet/in.c ============================================================================== --- head/sys/netinet/in.c Fri Jan 9 12:38:41 2009 (r186947) +++ head/sys/netinet/in.c Fri Jan 9 13:06:56 2009 (r186948) @@ -41,7 +41,9 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include +#include #include #include @@ -261,13 +263,19 @@ in_control(struct socket *so, u_long cmd LIST_FOREACH(iap, INADDR_HASH(dst.s_addr), ia_hash) if (iap->ia_ifp == ifp && iap->ia_addr.sin_addr.s_addr == dst.s_addr) { - ia = iap; + if (td == NULL || prison_check_ip4( + td->td_ucred, &dst)) + ia = iap; break; } if (ia == NULL) TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { iap = ifatoia(ifa); if (iap->ia_addr.sin_family == AF_INET) { + if (td != NULL && + !prison_check_ip4(td->td_ucred, + &iap->ia_addr.sin_addr)) + continue; ia = iap; break; } Modified: head/sys/netinet6/in6.c ============================================================================== --- head/sys/netinet6/in6.c Fri Jan 9 12:38:41 2009 (r186947) +++ head/sys/netinet6/in6.c Fri Jan 9 13:06:56 2009 (r186948) @@ -68,6 +68,7 @@ __FBSDID("$FreeBSD$"); #include #include +#include #include #include #include @@ -329,6 +330,9 @@ in6_control(struct socket *so, u_long cm error = in6_setscope(&sa6->sin6_addr, ifp, NULL); if (error != 0) return (error); + if (td != NULL && !prison_check_ip6(td->td_ucred, + &sa6->sin6_addr)) + return (EADDRNOTAVAIL); ia = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr); } else ia = NULL; From owner-freebsd-jail@FreeBSD.ORG Fri Jan 9 22:45:56 2009 Return-Path: Delivered-To: freebsd-jail@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E5076106564A; Fri, 9 Jan 2009 22:45:56 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id BC2958FC1D; Fri, 9 Jan 2009 22:45:56 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from freefall.freebsd.org (bz@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n09MjuGw035327; Fri, 9 Jan 2009 22:45:56 GMT (envelope-from bz@freefall.freebsd.org) Received: (from bz@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n09MjuZF035323; Fri, 9 Jan 2009 22:45:56 GMT (envelope-from bz) Date: Fri, 9 Jan 2009 22:45:56 GMT Message-Id: <200901092245.n09MjuZF035323@freefall.freebsd.org> To: jc@telstra.net, bz@FreeBSD.org, freebsd-jail@FreeBSD.org, bz@FreeBSD.org From: bz@FreeBSD.org Cc: Subject: Re: kern/72498: [libc] [jail] timestamp code on jailed SMP machine generates incorrect results X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Jan 2009 22:45:57 -0000 Synopsis: [libc] [jail] timestamp code on jailed SMP machine generates incorrect results State-Changed-From-To: open->feedback State-Changed-By: bz State-Changed-When: Fri Jan 9 22:45:13 UTC 2009 State-Changed-Why: Submitter asked for information. Responsible-Changed-From-To: freebsd-jail->bz Responsible-Changed-By: bz Responsible-Changed-When: Fri Jan 9 22:45:13 UTC 2009 Responsible-Changed-Why: Track it. http://www.freebsd.org/cgi/query-pr.cgi?pr=72498 From owner-freebsd-jail@FreeBSD.ORG Fri Jan 9 22:46:49 2009 Return-Path: Delivered-To: freebsd-jail@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 63301106566B; Fri, 9 Jan 2009 22:46:49 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 3B98E8FC12; Fri, 9 Jan 2009 22:46:49 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from freefall.freebsd.org (bz@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n09MknUn035377; Fri, 9 Jan 2009 22:46:49 GMT (envelope-from bz@freefall.freebsd.org) Received: (from bz@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n09Mknr8035373; Fri, 9 Jan 2009 22:46:49 GMT (envelope-from bz) Date: Fri, 9 Jan 2009 22:46:49 GMT Message-Id: <200901092246.n09Mknr8035373@freefall.freebsd.org> To: bz@FreeBSD.org, freebsd-jail@FreeBSD.org, bz@FreeBSD.org From: bz@FreeBSD.org Cc: Subject: Re: kern/68192: [quotas] [jail] Cannot use quotas on jailed systems X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Jan 2009 22:46:49 -0000 Synopsis: [quotas] [jail] Cannot use quotas on jailed systems Responsible-Changed-From-To: freebsd-jail->bz Responsible-Changed-By: bz Responsible-Changed-When: Fri Jan 9 22:46:23 UTC 2009 Responsible-Changed-Why: Sounds like a documentation issue. http://www.freebsd.org/cgi/query-pr.cgi?pr=68192 From owner-freebsd-jail@FreeBSD.ORG Sat Jan 10 21:20:04 2009 Return-Path: Delivered-To: freebsd-jail@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A6E0F10656BA for ; Sat, 10 Jan 2009 21:20:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 955E98FC22 for ; Sat, 10 Jan 2009 21:20:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n0ALK4vb094875 for ; Sat, 10 Jan 2009 21:20:04 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n0ALK4Ts094874; Sat, 10 Jan 2009 21:20:04 GMT (envelope-from gnats) Date: Sat, 10 Jan 2009 21:20:04 GMT Message-Id: <200901102120.n0ALK4Ts094874@freefall.freebsd.org> To: freebsd-jail@FreeBSD.org From: "Bjoern A. Zeeb" Cc: Subject: Re: kern/89528: [jail] [patch] impossible to kill a jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Bjoern A. Zeeb" List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Jan 2009 21:20:05 -0000 The following reply was made to PR kern/89528; it has been noted by GNATS. From: "Bjoern A. Zeeb" To: bug-followup@FreeBSD.org Cc: Subject: Re: kern/89528: [jail] [patch] impossible to kill a jail Date: Sat, 10 Jan 2009 21:11:01 +0000 (UTC) Before I am going to look it up another few times, this is the commit referenced by Andrew Thompson at Fri, 7 Dec 2007 20:21:09 +1300. Can also be looked up as SVN r174280 these days. -- Bjoern A. Zeeb The greatest risk is not taking one. ---------- Forwarded message ---------- Date: Wed, 5 Dec 2007 01:22:03 +0000 (UTC) From: Andrew Thompson To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/kern kern_conf.c thompsa 2007-12-05 01:22:03 UTC FreeBSD src repository Modified files: sys/kern kern_conf.c Log: Apply a workaround for the unkillable jail problem where some devices created within the jail are never freed. si_cred is only used by the MAC framework so make the cred reference conditional on it being compiled in, this is not a fix and will need to be reviewed for any new consumers of si_cred. This will quell some user complaint when using jails with a default kernel. Reviewed by: rwatson MFC after: 3 days Revision Changes Path 1.209 +2 -0 src/sys/kern/kern_conf.c Index: sys/kern/kern_conf.c =================================================================== --- sys/kern/kern_conf.c (revision 174279) +++ sys/kern/kern_conf.c (revision 174280) @@ -608,9 +608,11 @@ make_dev_credv(int flags, struct cdevsw *devsw, in } dev->si_flags |= SI_NAMED; +#ifdef MAC if (cr != NULL) dev->si_cred = crhold(cr); else +#endif dev->si_cred = NULL; dev->si_uid = uid; dev->si_gid = gid; From owner-freebsd-jail@FreeBSD.ORG Sat Jan 10 23:15:23 2009 Return-Path: Delivered-To: freebsd-jail@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9BA3A106566B; Sat, 10 Jan 2009 23:15:23 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 7351C8FC18; Sat, 10 Jan 2009 23:15:23 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from freefall.freebsd.org (bz@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n0ANFNIA084243; Sat, 10 Jan 2009 23:15:23 GMT (envelope-from bz@freefall.freebsd.org) Received: (from bz@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n0ANFNmq084239; Sat, 10 Jan 2009 23:15:23 GMT (envelope-from bz) Date: Sat, 10 Jan 2009 23:15:23 GMT Message-Id: <200901102315.n0ANFNmq084239@freefall.freebsd.org> To: bz@FreeBSD.org, freebsd-jail@FreeBSD.org, bz@FreeBSD.org From: bz@FreeBSD.org Cc: Subject: Re: kern/89528: [jail] [patch] impossible to kill a jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Jan 2009 23:15:23 -0000 Synopsis: [jail] [patch] impossible to kill a jail Responsible-Changed-From-To: freebsd-jail->bz Responsible-Changed-By: bz Responsible-Changed-When: Sat Jan 10 23:15:03 UTC 2009 Responsible-Changed-Why: Take again to track possible follow-ups. http://www.freebsd.org/cgi/query-pr.cgi?pr=89528