From owner-freebsd-jail@freebsd.org Sun Dec 18 12:20:42 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C2F91C719C4 for ; Sun, 18 Dec 2016 12:20:42 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7CD31192C for ; Sun, 18 Dec 2016 12:20:41 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 2885E28426; Sun, 18 Dec 2016 13:20:33 +0100 (CET) Received: from illbsd.quip.test (ip-86-49-16-209.net.upcbroadband.cz [86.49.16.209]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 1BAFB28417; Sun, 18 Dec 2016 13:20:32 +0100 (CET) Subject: Re: ZFS and Jail :: nullfs mount :: nothing visible from host :: solved [partial] To: Alexander Leidinger , SK Cc: freebsd-jail References: <584986D0.3040109@quip.cz> <2b6346f8-ed02-0e6d-bd89-106098e7eb2d@cps-intl.org> <58499446.3050403@quip.cz> <5849C5BF.7020005@quip.cz> <584A9179.9060508@quip.cz> <584A9D89.4040003@quip.cz> <3851c5d9-7646-b670-357e-ae937fcc7e8f@cps-intl.org> <584AB345.4080307@quip.cz> <33473585-3cb9-10d3-acf9-0a917c5a0079@cps-intl.org> <20161216141540.Horde.zfu3fokeVx7FuFkk7_s-nbW@webmail.leidinger.net> <20161217195949.Horde.PTQ3AH5YpaT79dVSxM5UvNr@webmail.leidinger.net> From: Miroslav Lachman <000.fbsd@quip.cz> Message-ID: <58567F0F.4010404@quip.cz> Date: Sun, 18 Dec 2016 13:20:31 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:42.0) Gecko/20100101 Firefox/42.0 SeaMonkey/2.39 MIME-Version: 1.0 In-Reply-To: <20161217195949.Horde.PTQ3AH5YpaT79dVSxM5UvNr@webmail.leidinger.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Dec 2016 12:20:43 -0000 Alexander Leidinger wrote on 2016/12/17 19:59: > Quoting SK (from Fri, 16 Dec 2016 14:02:20 +0000): >> If I understand you correctly, what you are suggesting is, the dataset >> used by the jail itself for its root/base cannot be "worked on" from >> within the jail, but if I define a different dataset (under the same >> branch below the jail dataset), and attribute it to the jail, then I >> can manipulate that "other" dataset. Could you please confirm if I >> understood it correctly? > > Correct. > > You need the data in the root of the jail to boot, if you then attribute > this dataset to the jail, it will vanish until "zfs mount -a" is run (rc > script inside the jail). As it will vanish during the boot of the jail > (if added automatically), the rc script to mount all datasets can not be > found. [...] >> I think what you are trying to tell here is, unless and until that >> "vanished" dataset is put to use (mounted) from inside the jail, it >> will remain vanished/unusable from the host itself; however, once that >> dataset is put to use, the host system should be able to "see" and >> maybe even work on that dataset. Could you please confirm if I >> understood you correctly? > > Correct. > > A sub-dataset which is not needed to boot, or a dataset not within the > subtree of the jail (and not needed to boot) can be used. Thank you for this information! If it is somewhere in the docs it is well hidden to me :) Miroslav Lachman From owner-freebsd-jail@freebsd.org Mon Dec 19 16:56:42 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 32179C882C2 for ; Mon, 19 Dec 2016 16:56:42 +0000 (UTC) (envelope-from Alexander@leidinger.net) Received: from mailgate.Leidinger.net (bastille.leidinger.net [89.238.82.207]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D3E4E1CCD for ; Mon, 19 Dec 2016 16:56:41 +0000 (UTC) (envelope-from Alexander@leidinger.net) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=leidinger.net; s=outgoing-alex; t=1482166567; bh=zrtijzTAFH5f36l3rd50pePnaqzEekQyBIksIpbpEKQ=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=er60RZxa204fX4WSM4/RJrnDRK6ZtD0eGMNVX1XAwWiMTEIn/6fm9s8Dyo8+boavP V7lC1Tn1Y7i4XeTXAksgW7JYyDsuFlwlBDxjzSIdDYFGLPpKMRezS6KfKqilt6qQ1+ Ei16rm8aleer93l4A6UF3xK3l3WqTuER/p6H/tJ1h4YE3qCFZ1rRVVofI3Zrktg7jb wFYHiJ2dwIkjKjeSLFjgeuGIibI/d5w6jQai0BLpkbavXRqnmeNsJCvXRTwrBH6wPr xWpBKkHSUKgrdtVGLQNM7E4LQfeE+EY0i4sKExT+CllxqGCDH+SMnuzEvt3k6Uum+R vU2Y+7JX2LNUQ== DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=leidinger.net; s=outgoing-alex; t=1482166591; bh=zrtijzTAFH5f36l3rd50pePnaqzEekQyBIksIpbpEKQ=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=tNrXimyrYzDgH+qVdpjCEkKuJdsK7ebzsGGqmWympG28A3nuIHGTwkVc5tcRvY2aE gB0Ww8rhg3/ll5O4MC6AS4Rhb0QTBso1hisHJhWQEODvrmYrfTcjUD5/2uDnIqGdp/ 9WYVeq779re7j0Y1+NoZEWs5uh6NYe2261rZTeYBHTrGCvQto11/SerhLZjkZG4PHd PzXyoN+/uHgjEb4Y4gRxjp8WbrKv/xtqUOIssEWw8kCq7OtAAxXT3/p8jdG4DdGJtx K+97UgIv2QsDLfud11s/TG+MyLSdlZeoZtkEBaDdUE4osEyDcjXwRtPNAxtTAtstu5 EFF/rkBsH81rQ== Date: Mon, 19 Dec 2016 17:56:06 +0100 Message-ID: <20161219175606.Horde.9yvb3ehmcZfxqv01KTg4XGw@webmail.leidinger.net> From: Alexander Leidinger To: Miroslav Lachman <000.fbsd@quip.cz> Cc: SK , freebsd-jail Subject: Re: ZFS and Jail :: nullfs mount :: nothing visible from host :: solved [partial] References: <584986D0.3040109@quip.cz> <2b6346f8-ed02-0e6d-bd89-106098e7eb2d@cps-intl.org> <58499446.3050403@quip.cz> <5849C5BF.7020005@quip.cz> <584A9179.9060508@quip.cz> <584A9D89.4040003@quip.cz> <3851c5d9-7646-b670-357e-ae937fcc7e8f@cps-intl.org> <584AB345.4080307@quip.cz> <33473585-3cb9-10d3-acf9-0a917c5a0079@cps-intl.org> <20161216141540.Horde.zfu3fokeVx7FuFkk7_s-nbW@webmail.leidinger.net> <20161217195949.Horde.PTQ3AH5YpaT79dVSxM5UvNr@webmail.leidinger.net> <58567F0F.4010404@quip.cz> In-Reply-To: <58567F0F.4010404@quip.cz> User-Agent: Horde Application Framework 5 Content-Type: multipart/signed; boundary="=_Bukqxs3SdQMqTDM9mgZ8cYm"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Dec 2016 16:56:42 -0000 This message is in MIME format and has been PGP signed. --=_Bukqxs3SdQMqTDM9mgZ8cYm Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Quoting Miroslav Lachman <000.fbsd@quip.cz> (from Sun, 18 Dec 2016=20=20 13:20:31=20+0100): > Alexander Leidinger wrote on 2016/12/17 19:59: >> Quoting SK (from Fri, 16 Dec 2016 14:02:20 +0000= ): > >>> If I understand you correctly, what you are suggesting is, the dataset >>> used by the jail itself for its root/base cannot be "worked on" from >>> within the jail, but if I define a different dataset (under the same >>> branch below the jail dataset), and attribute it to the jail, then I >>> can manipulate that "other" dataset. Could you please confirm if I >>> understood it correctly? >> >> Correct. >> >> You need the data in the root of the jail to boot, if you then attribute >> this dataset to the jail, it will vanish until "zfs mount -a" is run (rc >> script inside the jail). As it will vanish during the boot of the jail >> (if added automatically), the rc script to mount all datasets can not be >> found. > > [...] > >>> I think what you are trying to tell here is, unless and until that >>> "vanished" dataset is put to use (mounted) from inside the jail, it >>> will remain vanished/unusable from the host itself; however, once that >>> dataset is put to use, the host system should be able to "see" and >>> maybe even work on that dataset. Could you please confirm if I >>> understood you correctly? >> >> Correct. >> >> A sub-dataset which is not needed to boot, or a dataset not within the >> subtree of the jail (and not needed to boot) can be used. > > Thank you for this information! If it is somewhere in the docs it is=20= =20 >=20well hidden to me :) I don't expect it to be in the docs. I try to come up with something=20=20 for=20the man page for zfs (for the "attach to jail" part), but anyone=20= =20 shall=20feel free to beat me with this. Anyone with an idea where in the jail man page we should add something=20= =20 too=20(I only had a look at the zfs man page when this issue came up)? Bye, Alexander. --=20 http://www.Leidinger.net=20Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF --=_Bukqxs3SdQMqTDM9mgZ8cYm Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- iQIcBAABAgAGBQJYWBEmAAoJEKrxQhqFIICErVwP/0DhR7w47YTEj6ifE1AI3TU4 iyXYM0n1zjOUv99Evwo/80/TzM/ZQV8FNTC4XzE2w4rhOErFlLUTDUTs6WMnXAgs Q103ZaXVOqugLF5Ix23XDexJ9MC9oMyO8HgsQqCpNiNPgLHIzN/WJIIBozPlTzzD B8pOm0dOGuO+WPKd+bMhd3sULoXkBEPSH57SVX3WbXhtwjAChtQgwG3aKx+AjMsA jH/foQtyknRMSV11jPDUzAZYv/ihRD7HkQq1KND3v6W6nsb2rRZoWh3Y0mArtdwV wCiaxGImXTfdhqMC9rd3XdtlqHucLjBF872cXwT52xS8Wt2BsMJ8ydXPCk3fctNm KoFRMAMJLQEYhmyH+pByGalpRCbA3onuOhQzr6W2yQegcmPKBb/XDXYDZiQaGlZH sQnNFeVttvPPjFIIV/2ka3xngMI7sGN4qGE+JQnQbai7qIIayx4i/qQdqge5NCfT 0yMAJgolC5422awEMH40Hp8X6wNBIaZIxo7EMieB6mSPGpIcydnTPcse1PQ15HT6 dC+jnj4u6tz2302N1+K9iN4GFZct+ba8fjRIJCrfoDyvJTMTHns1cNdBlXiHzh6x ti7Pivk3gYzLd7XJIKbCqbCyhUXh2IOHED2PW6igtCR5JUqBPduHyQFfAxoobnL6 psMNBABOkZiuC0Hb/IRD =XJOU -----END PGP SIGNATURE----- --=_Bukqxs3SdQMqTDM9mgZ8cYm-- From owner-freebsd-jail@freebsd.org Mon Dec 19 17:57:50 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AFF6EC885BA for ; Mon, 19 Dec 2016 17:57:50 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 423021871 for ; Mon, 19 Dec 2016 17:57:49 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 74BA628429; Mon, 19 Dec 2016 18:57:40 +0100 (CET) Received: from illbsd.quip.test (ip-86-49-16-209.net.upcbroadband.cz [86.49.16.209]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 69E6A28438; Mon, 19 Dec 2016 18:57:39 +0100 (CET) Subject: Re: ZFS and Jail :: nullfs mount :: nothing visible from host :: solved [partial] To: Alexander Leidinger Cc: SK , freebsd-jail References: <584986D0.3040109@quip.cz> <2b6346f8-ed02-0e6d-bd89-106098e7eb2d@cps-intl.org> <58499446.3050403@quip.cz> <5849C5BF.7020005@quip.cz> <584A9179.9060508@quip.cz> <584A9D89.4040003@quip.cz> <3851c5d9-7646-b670-357e-ae937fcc7e8f@cps-intl.org> <584AB345.4080307@quip.cz> <33473585-3cb9-10d3-acf9-0a917c5a0079@cps-intl.org> <20161216141540.Horde.zfu3fokeVx7FuFkk7_s-nbW@webmail.leidinger.net> <20161217195949.Horde.PTQ3AH5YpaT79dVSxM5UvNr@webmail.leidinger.net> <58567F0F.4010404@quip.cz> <20161219175606.Horde.9yvb3ehmcZfxqv01KTg4XGw@webmail.leidinger.net> From: Miroslav Lachman <000.fbsd@quip.cz> Message-ID: <58581F93.1090800@quip.cz> Date: Mon, 19 Dec 2016 18:57:39 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:42.0) Gecko/20100101 Firefox/42.0 SeaMonkey/2.39 MIME-Version: 1.0 In-Reply-To: <20161219175606.Horde.9yvb3ehmcZfxqv01KTg4XGw@webmail.leidinger.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Dec 2016 17:57:50 -0000 Alexander Leidinger wrote on 2016/12/19 17:56: > > Quoting Miroslav Lachman <000.fbsd@quip.cz> (from Sun, 18 Dec 2016 > 13:20:31 +0100): >> Alexander Leidinger wrote on 2016/12/17 19:59: >>> Quoting SK (from Fri, 16 Dec 2016 14:02:20 >>> Correct. >>> >>> You need the data in the root of the jail to boot, if you then attribute >>> this dataset to the jail, it will vanish until "zfs mount -a" is run (rc >>> script inside the jail). As it will vanish during the boot of the jail >>> (if added automatically), the rc script to mount all datasets can not be >>> found. >> >> [...] >> >>>> I think what you are trying to tell here is, unless and until that >>>> "vanished" dataset is put to use (mounted) from inside the jail, it >>>> will remain vanished/unusable from the host itself; however, once that >>>> dataset is put to use, the host system should be able to "see" and >>>> maybe even work on that dataset. Could you please confirm if I >>>> understood you correctly? >>> >>> Correct. >>> >>> A sub-dataset which is not needed to boot, or a dataset not within the >>> subtree of the jail (and not needed to boot) can be used. >> >> Thank you for this information! If it is somewhere in the docs it is >> well hidden to me :) > > I don't expect it to be in the docs. I try to come up with something for > the man page for zfs (for the "attach to jail" part), but anyone shall > feel free to beat me with this. > > Anyone with an idea where in the jail man page we should add something > too (I only had a look at the zfs man page when this issue came up)? It would be nice to have this mentioned in zfs(8) man page (that user in jail cannot manage jail's root dataset but can manage some sub-dataset not required to boot the jail) And there can be some useful example in jail(8) man page in EXAMPLES. There is section "Jails and File Systems" and there can be new section "Manage ZFS from within jail" with basic notes about required jail params, zfs set jailed property and example "hierarchy". (and warning about gotchas with jailed=0 on jail's root directory) Miroslav Lachman From owner-freebsd-jail@freebsd.org Mon Dec 19 19:54:35 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C850BC87CB8 for ; Mon, 19 Dec 2016 19:54:35 +0000 (UTC) (envelope-from Alexander@leidinger.net) Received: from mailgate.Leidinger.net (bastille.leidinger.net [89.238.82.207]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 56AA51452 for ; Mon, 19 Dec 2016 19:54:34 +0000 (UTC) (envelope-from Alexander@leidinger.net) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=leidinger.net; s=outgoing-alex; t=1482177244; bh=CWwdpXkv45CrRw4beviLL4hie8DOrWRQ+DXQ46w8fag=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=VtbTVEaaiaOIcUpaLGsciom3JIwOR5RzB614HXCEOMBuECvthyj1GwkjxsWTCfjSN uZFBYZd2xKIKeLuVU4S61TZFKY7dRJEFE4l9rfsYprVn5k9IkpNGNTHhTfMuC+qmwk bokeiov5an2eEa5NMg4+C+GR8P9a9Cw5WUQ/+JzBtot5fadiDxiDwvFTNSEI234fpP kRzKRC9jxzBiv1w3GCRGHvGX1Ql6c8c4VWG2GbteOwSeF+jduA3M8nQxmTx5b887rf +SC8soX69jEoZdwF1ogj7aaEEybsqg4MgTWHu/TmQ93bou5ZzovrscPK2aKOwi2G90 4YeoCZAk8OwfQ== DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=leidinger.net; s=outgoing-alex; t=1482177269; bh=CWwdpXkv45CrRw4beviLL4hie8DOrWRQ+DXQ46w8fag=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=Srd4cNmG0dYoopOwhWk4QM5lleBMLKfO/dZO9Jf7ZZkrS6uA9300jDccESWsEWA1p fVEuiFaumP4YSImATaUPxPW9SWKoCmnYG4X6YXeENHNVNz+vS88orOcuUTWaic1GKd WWF8C06s1awumJfh5saSo9SUfBMhpI8vODXMP9eQM4UJueYXbZm2D0Xfhw4tHfHK6o FS37uI4KEKElHAN61S3Y/yo44Hjw1ZtQgYiWgJlQVBLP0Sy2JrVWN8yXCWImxPUDt4 Udj15wo+mDUgcly6QV/Ll+96WCcxwUyKDrpR3dD/l54y4K3LJi0Pc8U3HvXMgGxA31 tWoMhTpI+tFQg== Date: Mon, 19 Dec 2016 20:54:03 +0100 Message-ID: <20161219205403.Horde._y7Eg7n2B4m-RQoKCZSNFmV@webmail.leidinger.net> From: Alexander Leidinger To: Miroslav Lachman <000.fbsd@quip.cz> Cc: SK , freebsd-jail Subject: Re: ZFS and Jail :: nullfs mount :: nothing visible from host :: solved [partial] References: <584986D0.3040109@quip.cz> <2b6346f8-ed02-0e6d-bd89-106098e7eb2d@cps-intl.org> <58499446.3050403@quip.cz> <5849C5BF.7020005@quip.cz> <584A9179.9060508@quip.cz> <584A9D89.4040003@quip.cz> <3851c5d9-7646-b670-357e-ae937fcc7e8f@cps-intl.org> <584AB345.4080307@quip.cz> <33473585-3cb9-10d3-acf9-0a917c5a0079@cps-intl.org> <20161216141540.Horde.zfu3fokeVx7FuFkk7_s-nbW@webmail.leidinger.net> <20161217195949.Horde.PTQ3AH5YpaT79dVSxM5UvNr@webmail.leidinger.net> <58567F0F.4010404@quip.cz> <20161219175606.Horde.9yvb3ehmcZfxqv01KTg4XGw@webmail.leidinger.net> <58581F93.1090800@quip.cz> In-Reply-To: <58581F93.1090800@quip.cz> User-Agent: Horde Application Framework 5 Content-Type: multipart/signed; boundary="=_sexUnozN4b6MruToUArb-yO"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Dec 2016 19:54:35 -0000 This message is in MIME format and has been PGP signed. --=_sexUnozN4b6MruToUArb-yO Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Quoting Miroslav Lachman <000.fbsd@quip.cz> (from Mon, 19 Dec 2016=20=20 18:57:39=20+0100): > Alexander Leidinger wrote on 2016/12/19 17:56: >> >> Quoting Miroslav Lachman <000.fbsd@quip.cz> (from Sun, 18 Dec 2016 >> 13:20:31 +0100): >>> Alexander Leidinger wrote on 2016/12/17 19:59: >>>> Quoting SK (from Fri, 16 Dec 2016 14:02:20 > >>>> Correct. >>>> >>>> You need the data in the root of the jail to boot, if you then attribu= te >>>> this dataset to the jail, it will vanish until "zfs mount -a" is run (= rc >>>> script inside the jail). As it will vanish during the boot of the jail >>>> (if added automatically), the rc script to mount all datasets can not = be >>>> found. >>> >>> [...] >>> >>>>> I think what you are trying to tell here is, unless and until that >>>>> "vanished" dataset is put to use (mounted) from inside the jail, it >>>>> will remain vanished/unusable from the host itself; however, once tha= t >>>>> dataset is put to use, the host system should be able to "see" and >>>>> maybe even work on that dataset. Could you please confirm if I >>>>> understood you correctly? >>>> >>>> Correct. >>>> >>>> A sub-dataset which is not needed to boot, or a dataset not within the >>>> subtree of the jail (and not needed to boot) can be used. >>> >>> Thank you for this information! If it is somewhere in the docs it is >>> well hidden to me :) >> >> I don't expect it to be in the docs. I try to come up with something for >> the man page for zfs (for the "attach to jail" part), but anyone shall >> feel free to beat me with this. >> >> Anyone with an idea where in the jail man page we should add something >> too (I only had a look at the zfs man page when this issue came up)? > > It would be nice to have this mentioned in zfs(8) man page (that=20=20 >=20user in jail cannot manage jail's root dataset but can manage some=20= =20 >=20sub-dataset not required to boot the jail) What about this? Better wording welcome. ---snip--- Index: zfs.8 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- zfs.8 (Revision 298108) +++ zfs.8 (Arbeitskopie) @@ -450,8 +450,11 @@ dataset can be attached to a jail by using the .Qq Nm Cm jail subcommand. You cannot attach a dataset to one jail and the children of t= he -same dataset to another jails. To allow management of the dataset from wit= hin -a jail, the +same dataset to another jails. You can also not attach the root file syste= m +of the jail or any dataset which needs to be mounted before the zfs rc scr= ipt +is run inside the jail, as it would be attached unmounted until it is +mounted from the rc script inside the jail. To allow management of the +dataset from within a jail, the .Sy jailed property has to be set and the jail needs access to the .Pa /dev/zfs ---snip--- > And there can be some useful example in jail(8) man page in=20=20 >=20EXAMPLES. There is section "Jails and File Systems" and there can be=20= =20 >=20new section "Manage ZFS from within jail" with basic notes about=20=20 >=20required jail params, zfs set jailed property and example=20=20 >=20"hierarchy". (and warning about gotchas with jailed=3D0 on jail's root= =20=20 >=20directory) Are you willing to come up with some text-only version/draft/outline=20=20 for=20this one? Bye, Alexander. --=20 http://www.Leidinger.net=20Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF --=_sexUnozN4b6MruToUArb-yO Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- iQIcBAABAgAGBQJYWDrbAAoJEKrxQhqFIICEHHgP/jPluwKD0VMHXFRxOwT4dV93 q1Bmwj0/jAzdq3+iItmAb+NESPeTQbcZ9D5kNdUtjj5yyzlW6LivK+j9fxZIl6Pe 1liTDQ+8NRoLtjczRXAWsDZjxcXmP33a43UU3OgSjZlIzWlmygTa/P6pihbT4zpA C6b9T0AXUj+0wOBsc2bRL2blJwnsJphnWtbEtsideegX0zDwayr7LMoqjrrN3Vey kRGMEnk1TTdwrMhKLcymYgiZqDx8/LWlVNUKmZGuyImgwn9G0Q7b1235MmYUq/Rh GpBB9d9mWUppjXKpX0d2lXB7Gy78jg4OfdL3D6ZWIPvjIPyMLF+z2JDTMkaqIWeH yb88gZrwVmqHmH0GjgKfC8Bzm/04OiXiiPWsCqacuXeeXTHQNPvJWo1Js/u87vhU hFDzjU21Ku595vpmxea0AQZPX4drXd+V7QaK44TXTDPPG40Wmgp+rtfVAkDunaEa rWjGtQIX7jofTBXCUncF0BaXI/BPoYwshVt3h4qcjiyffJR3aazTLjDzyCzabO54 dscIIe2nuoQX3ZtgZjvOTWCXVS+2D9j/BtZ6aOQJj+pYWm2X51pYXLExrIct2xda gJ8NTFXyIj1tfLhyAIVNOpOcUKJOqyl04pSkFskJwZzXzVgqh/KxjOEzYfS+Uliq WTUzZ0txOe5FVA9mx9bt =a+HA -----END PGP SIGNATURE----- --=_sexUnozN4b6MruToUArb-yO-- From owner-freebsd-jail@freebsd.org Mon Dec 19 20:10:32 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A5915C87FA9 for ; Mon, 19 Dec 2016 20:10:32 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3590B1B0F for ; Mon, 19 Dec 2016 20:10:31 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 17EEF28470; Mon, 19 Dec 2016 21:10:29 +0100 (CET) Received: from illbsd.quip.test (ip-86-49-16-209.net.upcbroadband.cz [86.49.16.209]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 7544128475; Mon, 19 Dec 2016 21:10:23 +0100 (CET) Subject: Re: ZFS and Jail :: nullfs mount :: nothing visible from host :: solved [partial] To: Alexander Leidinger Cc: SK , freebsd-jail References: <584986D0.3040109@quip.cz> <2b6346f8-ed02-0e6d-bd89-106098e7eb2d@cps-intl.org> <58499446.3050403@quip.cz> <5849C5BF.7020005@quip.cz> <584A9179.9060508@quip.cz> <584A9D89.4040003@quip.cz> <3851c5d9-7646-b670-357e-ae937fcc7e8f@cps-intl.org> <584AB345.4080307@quip.cz> <33473585-3cb9-10d3-acf9-0a917c5a0079@cps-intl.org> <20161216141540.Horde.zfu3fokeVx7FuFkk7_s-nbW@webmail.leidinger.net> <20161217195949.Horde.PTQ3AH5YpaT79dVSxM5UvNr@webmail.leidinger.net> <58567F0F.4010404@quip.cz> <20161219175606.Horde.9yvb3ehmcZfxqv01KTg4XGw@webmail.leidinger.net> <58581F93.1090800@quip.cz> <20161219205403.Horde._y7Eg7n2B4m-RQoKCZSNFmV@webmail.leidinger.net> From: Miroslav Lachman <000.fbsd@quip.cz> Message-ID: <58583EAF.4010200@quip.cz> Date: Mon, 19 Dec 2016 21:10:23 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:42.0) Gecko/20100101 Firefox/42.0 SeaMonkey/2.39 MIME-Version: 1.0 In-Reply-To: <20161219205403.Horde._y7Eg7n2B4m-RQoKCZSNFmV@webmail.leidinger.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Dec 2016 20:10:32 -0000 Alexander Leidinger wrote on 2016/12/19 20:54: > Quoting Miroslav Lachman <000.fbsd@quip.cz> (from Mon, 19 Dec 2016 > 18:57:39 +0100): > >> Alexander Leidinger wrote on 2016/12/19 17:56: >>> >>> Quoting Miroslav Lachman <000.fbsd@quip.cz> (from Sun, 18 Dec 2016 >>> 13:20:31 +0100): >>> I don't expect it to be in the docs. I try to come up with something for >>> the man page for zfs (for the "attach to jail" part), but anyone shall >>> feel free to beat me with this. >>> >>> Anyone with an idea where in the jail man page we should add something >>> too (I only had a look at the zfs man page when this issue came up)? >> >> It would be nice to have this mentioned in zfs(8) man page (that user >> in jail cannot manage jail's root dataset but can manage some >> sub-dataset not required to boot the jail) > > What about this? Better wording welcome. > ---snip--- > Index: zfs.8 > =================================================================== > --- zfs.8 (Revision 298108) > +++ zfs.8 (Arbeitskopie) > @@ -450,8 +450,11 @@ > dataset can be attached to a jail by using the > .Qq Nm Cm jail > subcommand. You cannot attach a dataset to one jail and the children > of the > -same dataset to another jails. To allow management of the dataset from > within > -a jail, the > +same dataset to another jails. You can also not attach the root file > system > +of the jail or any dataset which needs to be mounted before the zfs rc > script > +is run inside the jail, as it would be attached unmounted until it is > +mounted from the rc script inside the jail. To allow management of the > +dataset from within a jail, the > .Sy jailed > property has to be set and the jail needs access to the > .Pa /dev/zfs > ---snip--- > >> And there can be some useful example in jail(8) man page in EXAMPLES. >> There is section "Jails and File Systems" and there can be new section >> "Manage ZFS from within jail" with basic notes about required jail >> params, zfs set jailed property and example "hierarchy". (and warning >> about gotchas with jailed=0 on jail's root directory) > > Are you willing to come up with some text-only version/draft/outline for > this one? I am not good at English but I will try something. Thank you! Miroslav Lachman From owner-freebsd-jail@freebsd.org Fri Dec 23 20:32:14 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9D54BC8E2E3 for ; Fri, 23 Dec 2016 20:32:14 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from inet08.hamilton.harte-lyne.ca (inet08.hamilton.harte-lyne.ca [216.185.71.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "inet08.hamilton.harte-lyne.ca", Issuer "CA HLL ISSUER 01" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 703CB105A for ; Fri, 23 Dec 2016 20:32:13 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from localhost (localhost [127.0.0.1]) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTP id 90507621F4 for ; Fri, 23 Dec 2016 09:33:19 -0500 (EST) X-Virus-Scanned: amavisd-new at harte-lyne.ca Received: from inet08.hamilton.harte-lyne.ca ([127.0.0.1]) by localhost (inet08.hamilton.harte-lyne.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BMigeXDwJhzn for ; Fri, 23 Dec 2016 09:33:17 -0500 (EST) Received: from webmail.harte-lyne.ca (inet04.hamilton.harte-lyne.ca [216.185.71.24]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTPSA id 7719D621DE for ; Fri, 23 Dec 2016 09:33:16 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=harte-lyne.ca; s=dkim_hll; t=1482503597; bh=jK2rx5q3WU02ypXu+yZ0y/O2+Y2NzcLRuHWu2fOqw28=; h=In-Reply-To:References:Date:Subject:From:To:Reply-To; b=sQymWmqpEmuJNrcAb+VDN8ZYC9LgOWh00yVa0HGvZYwSyqI9qsr7kfv6KQGHyjVGo lb2EQrvu78NiRcy5Uc/2CGsccoGdtvqX6B+JUdfwrkM+8G7DgEUpyAIrgVHn11Un8E tUMzxlpcF6IgxGAF5RHFabwxdnVe8qsNHQgVCzGdQ9hnfzdPiBe8rpHl/EWEB1uSif 8iNlZW9TSOztTnIXf2oa8C0GM3z1DiN7lUkC0ifhVAuX6oq/vf6pCby6eFqnJbQoxI OdJrIYJQLZV2IwQ4oqZy/FxZRTok+c+3HOYmxV5L1J5hDdPvgL1LyPb7UJguTy4tMz sA/KeIVnpDbtA== Received: from 216.185.71.44 (SquirrelMail authenticated user byrnejb_hll) by webmail.harte-lyne.ca with HTTP; Fri, 23 Dec 2016 09:33:17 -0500 Message-ID: In-Reply-To: <20161223152836.N26979@sola.nimnet.asn.au> References: <20161223152836.N26979@sola.nimnet.asn.au> Date: Fri, 23 Dec 2016 09:33:17 -0500 Subject: IP address assignments to jails using ezjail From: "James B. Byrne" To: freebsd-jail@freebsd.org Reply-To: byrnejb@harte-lyne.ca User-Agent: SquirrelMail/1.4.22-4.el6 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Dec 2016 20:32:14 -0000 I am experimenting with jails on a bhyve vm guest running FBSD-11.0 using ezjail. I am having a problem with network connections to the outside from within the jail. I have sshd configured and I can reach the jail from the outside: $ ssh -vv 192.168.216.196 OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 192.168.216.196 [192.168.216.196] port 22. debug1: Connection established. But inside the jail I cannot connect out: ssh -vv 192.168.216.22 OpenSSH_7.2p2, OpenSSL 1.0.2j-freebsd 26 Sep 2016 debug1: Reading configuration data /etc/ssh/ssh_config debug2: resolving "192.168.216.22" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to 192.168.216.22 [192.168.216.22] port 22. debug1: connect to address 192.168.216.22 port 22: Operation timed out ssh: connect to host 192.168.216.22 port 22: Operation timed out On the host system I see this: # ifconfig vtnet0: flags=8943 metric 0 mtu 1500 options=80028 ether 00:a0:98:fa:aa:b6 inet 216.185.71.16 netmask 0xffffff00 broadcast 216.185.71.255 inet 192.168.216.16 netmask 0xffffff00 broadcast 192.168.216.255 inet 192.168.216.196 netmask 0xffffffff broadcast 192.168.216.196 nd6 options=29 media: Ethernet 10Gbase-T status: active lo0: flags=8049 metric 0 mtu 16384 options=600003 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 inet 127.0.0.1 netmask 0xff000000 nd6 options=21 groups: lo lo1: flags=8049 metric 0 mtu 16384 options=600003 inet 127.0.1.1 netmask 0xffffffff nd6 options=29 groups: lo pflog0: flags=141 metric 0 mtu 33160 groups: pflog Inside the jail I see this: root@hlldrupal:~ # ifconfig vtnet0: flags=8943 metric 0 mtu 1500 options=80028 ether 00:a0:98:fa:aa:b6 inet 192.168.216.196 netmask 0xffffffff broadcast 192.168.216.196 media: Ethernet 10Gbase-T status: active lo0: flags=8049 metric 0 mtu 16384 options=600003 groups: lo lo1: flags=8049 metric 0 mtu 16384 options=600003 inet 127.0.1.1 netmask 0xffffffff groups: lo pflog0: flags=141 metric 0 mtu 33160 groups: pflog Any ideas as to what I may have failed to do? -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 From owner-freebsd-jail@freebsd.org Fri Dec 23 20:42:08 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F2B89C8E775 for ; Fri, 23 Dec 2016 20:42:08 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from inet08.hamilton.harte-lyne.ca (inet08.hamilton.harte-lyne.ca [216.185.71.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "inet08.hamilton.harte-lyne.ca", Issuer "CA HLL ISSUER 01" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id C56D718D9 for ; Fri, 23 Dec 2016 20:42:08 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from localhost (localhost [127.0.0.1]) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTP id 1AD39621F6 for ; Fri, 23 Dec 2016 10:52:50 -0500 (EST) X-Virus-Scanned: amavisd-new at harte-lyne.ca Received: from inet08.hamilton.harte-lyne.ca ([127.0.0.1]) by localhost (inet08.hamilton.harte-lyne.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C_e30RtUStEw for ; Fri, 23 Dec 2016 10:52:48 -0500 (EST) Received: from webmail.harte-lyne.ca (inet04.hamilton.harte-lyne.ca [216.185.71.24]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTPSA id A8AF0621DE for ; Fri, 23 Dec 2016 10:52:46 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=harte-lyne.ca; s=dkim_hll; t=1482508368; bh=24Lrd9M3f/B9+acdFXMgwLOogRVDPj6rJFYGG7QVn4c=; h=In-Reply-To:References:Date:Subject:From:To:Reply-To; b=LctfUN2hjIurNjRrNOgkMmxbR011NNng1SyKasAY43YiSas68J7NkM0cwjeNLS9iW hdbz/3Zesm3E6htbUt/g9E5yo+TB6XVzzAE1mgQlnH5i5TNup2k+E5IBiF9totKLYh rxFxgNFJexwdam9298617jaaaB+uTcRXk2CuPh7b4gkd6ccNtYtq6Vul+c7T+XCtgF cCOf2yqDtUyAaRzpGhAy/f3lrDJ+JnTIU1YN0G+VMQWJ4UuZDRJtOOg4kNOiO9pehO gh6RGK9EJmEyy9pDqisQv4DAN+dsZ1BfvWEmkAVPOoLyMfMHs9yAOrptDO/lRbdJeN Lc6sIXfY6vbRA== Received: from 216.185.71.44 (SquirrelMail authenticated user byrnejb_hll) by webmail.harte-lyne.ca with HTTP; Fri, 23 Dec 2016 10:52:48 -0500 Message-ID: In-Reply-To: References: <20161223152836.N26979@sola.nimnet.asn.au> Date: Fri, 23 Dec 2016 10:52:48 -0500 Subject: Does ezjail require manual configuration? From: "James B. Byrne" To: freebsd-jail@freebsd.org Reply-To: byrnejb@harte-lyne.ca User-Agent: SquirrelMail/1.4.22-4.el6 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Dec 2016 20:42:09 -0000 I am experimenting with jails and ezjail on a FreeBSD-11.0 bhyve vm guest. I followed the instructions in the handbook to install ezjail and create a jail instance. I have connectivity issues with this jail of which I have inquired in another message. However, in this case I need to discover what the following error message is telling me: > ezjail-admin update -u > src component not installed, skipped > Looking up update.FreeBSD.org mirrors... 4 mirrors found. > Fetching metadata signature for 11.0-RELEASE from > update6.freebsd.org... done. > Fetching metadata index... done. > Inspecting system... done. > Preparing to download files... done. > . . . > Installing updates...mkdir: /usr/jails/newjail//boot: > No such file or directory > mtree: /usr/jails/newjail//boot/kernel: No such file or directory > mtree: /usr/jails/newjail//boot/kernel.old: No such file or directory > touch: /usr/jails/newjail//boot/kernel.old/.freebsd-update: > No such file or directory > Could not create kernel backup directory If these directories are required by ezjail-admin why then do they not exist? If they are not automatically created by ezjail then why does the handbook not mention this fact and provide guidance on their creation? -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 From owner-freebsd-jail@freebsd.org Sat Dec 24 01:21:12 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 50956C8CB7B for ; Sat, 24 Dec 2016 01:21:12 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-pg0-x243.google.com (mail-pg0-x243.google.com [IPv6:2607:f8b0:400e:c05::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2094D934 for ; Sat, 24 Dec 2016 01:21:12 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-pg0-x243.google.com with SMTP id n5so2137541pgh.3 for ; Fri, 23 Dec 2016 17:21:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=olnAgYW4rJGFIb7E14TP+OsUyL0KoK3Vd1AwV1Q3iAY=; b=onvJ/erarbsH1WJRHHSo9owZihYJGOvtVwETT4NoaQgPRMtqgnPzUX73QulUEoEVJc QPjWn4vhIZ4HLPhG1XkaQ3K9ism+cL/z9PZW+EDh2KyjLAMZluvYzdGN0CYTnhtum1Xu OcqYBp/W5FONJkt4hKnzgz1rQjYngaTIqg+97UWOCFCzuwt6L/96t9tHJWWmbkBhvlJe r1Z05eAgXPdu15YBydtRLkghXShobtSPAjw0ThnyPEjJR3rfD2WHjqMHv88P96QIItPL I/Cb7AR0bKDCsofYtTXDCcc5hxFTibtrralJEgdUeGFkm1Ww9Mz2yS/DkxHVVfwb6Ors 81kQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=olnAgYW4rJGFIb7E14TP+OsUyL0KoK3Vd1AwV1Q3iAY=; b=JV6u663ezprpdVWk2j7AQKvIAIX4K5OgRrYDKrC3RQUVypksfgzuzv/rlN+UT0qtee FLGO/B3O8hV2VZgcYFEmDfErkWcHROJl5moBzdbzrR6FI5AatpcTe8rJTr3xriXxfjPA ld4sHuxvGwc4tAl8EaXOE55IIxAkqlOHJQv2HBchEMVWFCzrhpyh4r9TRGbWWVe5faRY ZD2z2PR4z+sYHcf/b39bynL6hsdotp6aLJ0JFQrdxqS7LB13GnsElmgghNXOswuxDcAd NzQTcq39k0qhJisvkANpzLYILfCUr9Fr8h7nJWjm3vbKLmCnNlpnD6ba1e9uczr+slvn VExA== X-Gm-Message-State: AIkVDXI5BbBowpYY/t8P2BR+qafiByFDt91c/4xGzqJFLZyimOHRoGICre1JYLnMliOQwg== X-Received: by 10.98.156.198 with SMTP id u67mr12970599pfk.109.1482542471516; Fri, 23 Dec 2016 17:21:11 -0800 (PST) Received: from [192.168.1.103] ([120.29.76.197]) by smtp.googlemail.com with ESMTPSA id 186sm64848731pfv.61.2016.12.23.17.21.10 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 23 Dec 2016 17:21:11 -0800 (PST) Message-ID: <585DCD84.6060400@gmail.com> Date: Sat, 24 Dec 2016 09:21:08 +0800 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: byrnejb@harte-lyne.ca CC: freebsd-jail@freebsd.org Subject: Re: Does ezjail require manual configuration? References: <20161223152836.N26979@sola.nimnet.asn.au> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Dec 2016 01:21:12 -0000 James B. Byrne via freebsd-jail wrote: > I am experimenting with jails and ezjail on a FreeBSD-11.0 bhyve vm > guest. I followed the instructions in the handbook to install ezjail > and create a jail instance. I have connectivity issues with this jail > of which I have inquired in another message. However, in this case I > need to discover what the following error message is telling me: > >> ezjail-admin update -u >> src component not installed, skipped >> Looking up update.FreeBSD.org mirrors... 4 mirrors found. >> Fetching metadata signature for 11.0-RELEASE from >> update6.freebsd.org... done. >> Fetching metadata index... done. >> Inspecting system... done. >> Preparing to download files... done. >> . . . >> Installing updates...mkdir: /usr/jails/newjail//boot: >> No such file or directory >> mtree: /usr/jails/newjail//boot/kernel: No such file or directory >> mtree: /usr/jails/newjail//boot/kernel.old: No such file or directory >> touch: /usr/jails/newjail//boot/kernel.old/.freebsd-update: >> No such file or directory >> Could not create kernel backup directory > > If these directories are required by ezjail-admin why then do they not > exist? If they are not automatically created by ezjail then why does > the handbook not mention this fact and provide guidance on their > creation? > The /boot directory is only used by the host system during the machine boot process to load the kernel. Jails do not do this as they run under the hosts kernel. I believe ezjail does not create this /boot directory in the basejail for that reason. As you can see in this error message Installing updates...mkdir: /usr/jails/newjail//boot: there are 2 // before boot this is a command syntax error. I remember this problem being talked about on this list before as a ezjail bug. Looks like it has not been fixed yet. Check the jail & questions list archives for details. From owner-freebsd-jail@freebsd.org Sat Dec 24 08:26:15 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6EDB4C8C488 for ; Sat, 24 Dec 2016 08:26:15 +0000 (UTC) (envelope-from Alexander@leidinger.net) Received: from mailgate.Leidinger.net (bastille.leidinger.net [89.238.82.207]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id F31F51D75 for ; Sat, 24 Dec 2016 08:26:14 +0000 (UTC) (envelope-from Alexander@leidinger.net) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=leidinger.net; s=outgoing-alex; t=1482567361; bh=S2z4baYoVoK5yovPKNxRgmKQuKsqyVc9oPaCrnuCqbs=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=kROv9zolUHISlp+uHGpp+MBPVsHsPzMKd4xLWswRnOoljE3pusTsh3nOX9g5aPTwx vkY+0Z7etsH4AHwfGcBR0oE8u5WkgM/PMxarth+iF6CoAqxGyuPmYxo1WQXWvbQpqt UzoYu2grea7saBJo1onMrowdywArHfbwbGhDp8NsrazTH/0iQ+YeOlBYCnEDdJ44Fi lTq5ZpfndFFrT8xpOh/KfqY8iYzUdAMcDVS8MYMEsUk03yC9PMHYtrIHaLb2yZoPVk pPYdPh1HYwaPnyT4rRuJnMDkAqmviAS5cw8pQWuAXjg2YlEvE510LAeyQPgFmljL8B X72P6Oh9qqFaw== DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=leidinger.net; s=outgoing-alex; t=1482567965; bh=S2z4baYoVoK5yovPKNxRgmKQuKsqyVc9oPaCrnuCqbs=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=P5dcj4AhayoSPVfCB7vc4ohLBZYkaPTPEtfE0y87GUlYO56dP4qIZcA1c64+6ny+s 7Kwylt4NjDPakV+/jQykWRZiXeIBw+Xq4+FZoFTx5Ww6+1Fe2RmZjFRQs5XihW1S0S +Izpo30Mq0H/bhxg5C0JGuTZnT1B0fR6KXW4LY963l68OcnKpBKRcqL88UXk2ZLgiQ vYxeeDR7+ZSjLcKf1fizTCvUfCkwJ0xiXkVEPyTgd+dtzpiGpgZ6Ae5vPtT0psHFRg PrZ7WJsCJdjKzjATHrP4zH+D+nk8TQjA2SMZXw6UToms1SGtVeI5nxeFG/OMj4nYOB 63BRgzN8K1ZAw== Date: Sat, 24 Dec 2016 09:16:00 +0100 Message-ID: <20161224091600.Horde.Pou9f2cz-oaXnfRPcRSKxhW@webmail.leidinger.net> From: Alexander Leidinger To: byrnejb@harte-lyne.ca Cc: freebsd-jail@freebsd.org Subject: Re: IP address assignments to jails using ezjail References: <20161223152836.N26979@sola.nimnet.asn.au> In-Reply-To: User-Agent: Horde Application Framework 5 Content-Type: multipart/signed; boundary="=_eggLNcGaCw80kUf5nG1wBLC"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Dec 2016 08:26:15 -0000 This message is in MIME format and has been PGP signed. --=_eggLNcGaCw80kUf5nG1wBLC Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Quoting "James B. Byrne via freebsd-jail" =20=20 (from=20Fri, 23 Dec 2016 09:33:17 -0500): > I am experimenting with jails on a bhyve vm guest running FBSD-11.0 > using ezjail. I am having a problem with network connections to the > outside from within the jail. I have sshd configured and I can reach > the jail from the outside: > > $ ssh -vv 192.168.216.196 > OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug2: ssh_connect: needpriv 0 > debug1: Connecting to 192.168.216.196 [192.168.216.196] port 22. > debug1: Connection established. > > But inside the jail I cannot connect out: > > ssh -vv 192.168.216.22 > OpenSSH_7.2p2, OpenSSL 1.0.2j-freebsd 26 Sep 2016 > debug1: Reading configuration data /etc/ssh/ssh_config > debug2: resolving "192.168.216.22" port 22 > debug2: ssh_connect_direct: needpriv 0 > debug1: Connecting to 192.168.216.22 [192.168.216.22] port 22. > debug1: connect to address 192.168.216.22 port 22: Operation timed out > ssh: connect to host 192.168.216.22 port 22: Operation timed out Where is this IP located. Not on the same FreeBSD host it seems (the=20=20 IP=20is not in ifconfig output below). Do a packet trace on the network=20= =20 interface=20of the host, what do you see in terms of packets related to=20= =20 this=20(ARP + IP)? > On the host system I see this: > > # ifconfig > vtnet0: flags=3D8943 > metric 0 mtu 1500 > options=3D80028 > ether 00:a0:98:fa:aa:b6 > inet 216.185.71.16 netmask 0xffffff00 broadcast 216.185.71.255 > inet 192.168.216.16 netmask 0xffffff00 broadcast 192.168.216.255 A /24 network config... If this is the IP of a jail I suggest to give=20=20 it=20a /32 netmask. IF this is a jail, then this may be the cause of what you see. > inet 192.168.216.196 netmask 0xffffffff broadcast 192.168.216.196 > nd6 options=3D29 > media: Ethernet 10Gbase-T > status: active > lo0: flags=3D8049 metric 0 mtu 16384 > options=3D600003 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 > inet 127.0.0.1 netmask 0xff000000 > nd6 options=3D21 > groups: lo > lo1: flags=3D8049 metric 0 mtu 16384 > options=3D600003 > inet 127.0.1.1 netmask 0xffffffff > nd6 options=3D29 > groups: lo > pflog0: flags=3D141 metric 0 mtu 33160 > groups: pflog > > Inside the jail I see this: > > root@hlldrupal:~ # ifconfig > vtnet0: flags=3D8943 > metric 0 mtu 1500 > options=3D80028 > ether 00:a0:98:fa:aa:b6 > inet 192.168.216.196 netmask 0xffffffff broadcast 192.168.216.196 > media: Ethernet 10Gbase-T > status: active > lo0: flags=3D8049 metric 0 mtu 16384 > options=3D600003 > groups: lo > lo1: flags=3D8049 metric 0 mtu 16384 > options=3D600003 > inet 127.0.1.1 netmask 0xffffffff > groups: lo > pflog0: flags=3D141 metric 0 mtu 33160 > groups: pflog > > > Any ideas as to what I may have failed to do? Can you please provide the output of "jls -v"? for all involved jails? Bye, Alexander. --=20 http://www.Leidinger.net=20Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF --=_eggLNcGaCw80kUf5nG1wBLC Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- iQIcBAABAgAGBQJYXi7AAAoJEKrxQhqFIICEUCUP/RUzZks5IAO9zkf69nSswCDQ NT8gNZZv6t0XFJjwRtvAcmxYkxvmqz/kpgiae7s5lN3n2pOWe9tKN9nAAZmyHsRv WwR6fGDB2qLvBuFfWF1Cx+o1yOAfbY6w1i9BfCyZtwm0t7oNMc7lcwe2KOPGtp7q HZh6wdh7nNCBnujI+wSJA5twl02sEh5t95P9QpVt9I4pl/TlE45XisKE+cljMDZZ N3tFIqwmRh3UQADb1k49aXkRbbyNd7UBJ9PPJf7vGLGOlcyQoL/4zCLhxF7w+rk8 HISEXa4Cc5CEcXU5DyTWQLJUTOJZzIQ5zCEd0WleHdiN5g+rGryt5iudKzvGsA0t mH9P8tPae7NQhmjp1Uy+A4GL3S33tZIurVEJIRq4XQ3OPUJHc6giEqeldgVcC/Y/ FCV+JNv3/BhRJCSR0gUSWAeG+kRGtFat/u9+PzvLuZNkM9/lJNl9N7fOmdGcPP3y /J9fWaa5M4/xK8bp5dcUaArGmIVM1LvFS767bBK3h3vF5uNzcgfVf9/BrhXNjlpo cp7xNX7rS+I/td/3ZsctPEdOgjUHF7WOxcQFARdQHRJcl+JoAxE/PoCverrAbC9A NSeaWasLU+j2H+5DG9q5vc5yScsAIo8FV7t4cazBQCK9XlMBEam0Z/3rzvM6ISMI WSgyO9GeCPBXAPmRVxYY =E/Ty -----END PGP SIGNATURE----- --=_eggLNcGaCw80kUf5nG1wBLC-- From owner-freebsd-jail@freebsd.org Sat Dec 24 23:52:21 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 47B3BC8F5DD for ; Sat, 24 Dec 2016 23:52:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 371611FE7 for ; Sat, 24 Dec 2016 23:52:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id uBONqLcq000815 for ; Sat, 24 Dec 2016 23:52:21 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 215008] [patch] jls(8) separate lists for IPv4 and IPv6 in verbose libxo output Date: Sat, 24 Dec 2016 23:52:21 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Dec 2016 23:52:21 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D215008 --- Comment #2 from commit-hook@freebsd.org --- A commit references this bug: Author: jamie Date: Sat Dec 24 23:51:27 UTC 2016 New revision: 310530 URL: https://svnweb.freebsd.org/changeset/base/310530 Log: Improve IP address list representation in libxo output. Extract decision-making about special-case printing of certain jail parameters into a function. Refactor emitting of IPv4 and IPv6 address lists into a function. Resulting user-facing changes: XO_VERSION is bumped to 2. In verbose mode (-v), IPv4 and IPv6-Addresses are now properly emitted as separate lists. This only affects the output in encoding styles, i.e. xml and json. { { "__version": "1", "__version": "2", "jail-information": { "jail-information": { "jail": [ "jail": [ { { "jid": 166, "jid": 166, "hostname": "foo.com", "hostname": "foo.com", "path": "/var/jail/foo", "path": "/var/jail/foo", "name": "foo", "name": "foo", "state": "ACTIVE", "state": "ACTIVE", "cpusetid": 2, "cpusetid": 2, "ipv4_addrs": [ "ipv4_addrs": [ "10.1.1.1", "10.1.1.1", "10.1.1.2", "10.1.1.2", "10.1.1.3", | "10.1.1.3" > ], > "ipv6_addrs": [ "fe80::1000:1", "fe80::1000:1", "fe80::1000:2" "fe80::1000:2" ] ] } } ] ] } } } } In -n mode, ip4.addr and ip6.addr are formatted in the encoding styles' native list types, e.g. instead of comma-separated lists, JSON arrays are printed. jls -n all --libxo json ... "ip4.addr": [ "10.1.1.1", "10.1.1.2", "10.1.1.3" ], "ip4.saddrsel": true, "ip6.addr": [ "fe80::1000:1", "fe80::1000:2" ], ... jls -n all --libxo xml ... 10.1.1.1 10.1.1.2 10.1.1.3 true fe80::1000:1 fe80::1000:2 ... PR: 215008 Submitted by: Christian Schwarz Differential Revision: https://reviews.freebsd.org/D8766 Changes: head/usr.sbin/jls/jls.c --=20 You are receiving this mail because: You are the assignee for the bug.=