From owner-freebsd-jail@freebsd.org Sun Nov 12 11:58:59 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CF273E6FEF4 for ; Sun, 12 Nov 2017 11:58:59 +0000 (UTC) (envelope-from SRS0=fjdF=CK=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 98A0065695 for ; Sun, 12 Nov 2017 11:58:59 +0000 (UTC) (envelope-from SRS0=fjdF=CK=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 5C6E12845C; Sun, 12 Nov 2017 12:58:51 +0100 (CET) Received: from illbsd.quip.test (ip-86-49-16-209.net.upcbroadband.cz [86.49.16.209]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 4813C2845A; Sun, 12 Nov 2017 12:58:50 +0100 (CET) Subject: Re: Update jails strategy To: Michael Grimm , freebsd-jail@FreeBSD.org References: <8A68CBC6-16B0-494F-ACA4-B46404E49362@ellael.org> From: Miroslav Lachman <000.fbsd@quip.cz> Message-ID: <5A083779.6070509@quip.cz> Date: Sun, 12 Nov 2017 12:58:49 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:42.0) Gecko/20100101 Firefox/42.0 SeaMonkey/2.39 MIME-Version: 1.0 In-Reply-To: <8A68CBC6-16B0-494F-ACA4-B46404E49362@ellael.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Nov 2017 11:58:59 -0000 Michael Grimm wrote on 2017/11/11 21:42: > Hi -- > > [FYI: I am running some service jails with an ezjail-type basejail approach.] > > Until now I did stop all jails before updating and restarting them afterwards. Now I am wondering if that is necessary at all. > > Wouldn't it be sufficient to update basejail with running jails and restart them after this updating? (In analogy to a "make installworld; make installkernel; reboot") Update of basejail and restart of jails is enough. I am doing it this way for a years. We have build server with prepared updates mounted thru NFS and then just make installkernel && make installworld (+ mergemaster) in host system. After the host is updated (before reboot) I run my local script to rsync changes from host to basejail (sync just bin, sbin, libs, but not home, etc, var), then mergemaster in all jails and finally reboot the server. I never stop jails before update. Miroslav Lachman From owner-freebsd-jail@freebsd.org Sun Nov 12 19:34:20 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C091FC7B46F for ; Sun, 12 Nov 2017 19:34:20 +0000 (UTC) (envelope-from trashcan@ellael.org) Received: from mx2.enfer-du-nord.net (mx2.enfer-du-nord.net [IPv6:2001:41d0:d:3049:1:1:0:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 83AEB72BA4 for ; Sun, 12 Nov 2017 19:34:20 +0000 (UTC) (envelope-from trashcan@ellael.org) Received: from [IPv6:2003:8c:2e6a:7801:bc07:ef69:da63:8937] (p2003008C2E6A7801BC07EF69DA638937.dip0.t-ipconnect.de [IPv6:2003:8c:2e6a:7801:bc07:ef69:da63:8937]) by mx2.enfer-du-nord.net (Postfix) with ESMTPSA id 3yZkVC0mDHz4BN for ; Sun, 12 Nov 2017 20:34:07 +0100 (CET) From: Michael Grimm Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: Update jails strategy Date: Sun, 12 Nov 2017 20:34:05 +0100 References: <8A68CBC6-16B0-494F-ACA4-B46404E49362@ellael.org> <5A083779.6070509@quip.cz> To: freebsd-jail@FreeBSD.org In-Reply-To: <5A083779.6070509@quip.cz> Message-Id: <5D52F06D-7264-4F28-88D7-CEC0A18769FA@ellael.org> X-Virus-Scanned: clamav-milter 0.99.2 at mail X-Virus-Status: Clean X-Mailer: Apple Mail (2.3273) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Nov 2017 19:34:20 -0000 Miroslav Lachman <000.fbsd@quip.cz> wrote: > Michael Grimm wrote on 2017/11/11 21:42: >> [FYI: I am running some service jails with an ezjail-type basejail = approach.] >>=20 >> Until now I did stop all jails before updating and restarting them = afterwards. Now I am wondering if that is necessary at all. >>=20 >> Wouldn't it be sufficient to update basejail with running jails and = restart them after this updating? (In analogy to a "make installworld; = make installkernel; reboot") >=20 > Update of basejail and restart of jails is enough. I am doing it this = way for a years. Thanks, that's what I wanted to hear ;-) > We have build server with prepared updates mounted thru NFS and then = just make installkernel && make installworld (+ mergemaster) in host = system. After the host is updated (before reboot) I run my local script = to rsync changes from host to basejail (sync just bin, sbin, libs, but = not home, etc, var), then mergemaster in all jails and finally reboot = the server. I never stop jails before update. Ok. Until now I did something similar: #) make buildworld && make buildkernel at fastest server #) zfs send /usr/obj and /usr/src to remote server #) make installworld && make installkernel at remote server I did use "ezjail-admin update" to update basejail only after stopping = all jails. That I will omit from now on, thanks. Regards, Michael From owner-freebsd-jail@freebsd.org Thu Nov 16 13:04:49 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8669FDDD182; Thu, 16 Nov 2017 13:04:49 +0000 (UTC) (envelope-from matpockuh@gmail.com) Received: from mail-it0-x22f.google.com (mail-it0-x22f.google.com [IPv6:2607:f8b0:4001:c0b::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B43979F22; Thu, 16 Nov 2017 13:04:49 +0000 (UTC) (envelope-from matpockuh@gmail.com) Received: by mail-it0-x22f.google.com with SMTP id u132so5829832ita.0; Thu, 16 Nov 2017 05:04:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=qfK8c6HCp3q3ZjIOTEXyZgXeivxLlQIJF7KsEIVZF7U=; b=oOpn6n/9FJLV15ScR6nLrHt+XWW3W1rG+E8oraWLfL0cBQW8hrV+wkHjLM3uku6WSs O57f8NzHOHmvwEs8LD9asWtcmGjPHejHwNiI5URH8rN4HKXT4ObqlHJkUR10AA0tho+r iHw18JDr2IZEixxX1IvfvYeGWQIZSkxSaBzTaeDNifOYeCoZdOxfxZO/vIKXZeV8+pij hnBUp7lh4Dnqr55d/Ps+znr5gj3HEkYT/7IzzQkfNennN9dTR8nMhWlfGLz0o6X+Yyiq OxtzAgaUVCrq68dETTb0X2KZKSQKCQ53M91GbXFrlbbUHD4v2yuM1nGY+w2cB5S6aG9Q cnmw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=qfK8c6HCp3q3ZjIOTEXyZgXeivxLlQIJF7KsEIVZF7U=; b=XypLG/p8KLkLLlKN8oA2DYX39/6rAJ9LT6LEU4OvQKiE4VxEECgkKdRvumemGwcCsP 89X/wd9qwjZeSYISFAZkQJLMtC3vAf0RUPbG3vK1HuDOfqbdFeqAidx7SBrheuM8VK1b 1DGE4Q4rQMUq5dtMQ622HdNjV7g/xtHWq1d1OCo5mhO7mTezRgfAlDS2TvsnmhtAWusM eI/O2z3DTK/94kLwtdLRAU3b/1Nt1awB8ycKb+pG1T7/Zk/eSLz4xCKOohbtlr37aUSb X7UZB7EtOeUyrAGYn3kwjmR/CY7/8v8tOQ2pGbp7GyEp2em5ZgNU6ToDAWMtgYbVMcrE 1ARw== X-Gm-Message-State: AJaThX6cuZ2djqDBeCKNYuwt1cWAyzqWsum7oLZdBK2cAn66Xyx5Cb25 8gracV1p4nA+fOnmWFEMpKWCMLXEnlkvKfy/kc5x4A== X-Google-Smtp-Source: AGs4zMbU7Lb1NtLyHJZbOJSJXlfq9Vl+tVU29LQHMknztzUw/FzS88hXf258wjSDVf54ToYCQZdeOsGZCD2FFyInYb4= X-Received: by 10.36.80.14 with SMTP id m14mr2186989itb.148.1510837488120; Thu, 16 Nov 2017 05:04:48 -0800 (PST) MIME-Version: 1.0 Received: by 10.2.73.26 with HTTP; Thu, 16 Nov 2017 05:04:47 -0800 (PST) In-Reply-To: <20171011192826.xkscmrovch3g7gni@thinker.meka.no-ip.org> References: <20171009072547.jauim6tlfennydf5@hal9000.meka.no-ip.org> <6D37D4AC-9DF4-4D55-8614-43CFC6BDD45E@sigsegv.be> <20171011192826.xkscmrovch3g7gni@thinker.meka.no-ip.org> From: KOT MATPOCKuH Date: Thu, 16 Nov 2017 16:04:47 +0300 Message-ID: Subject: Re: VNET jail and dhclient To: =?UTF-8?B?R29yYW4gTWVracSH?= Cc: Oleg Ginzburg , Kristof Provost , FreeBSD Current , freebsd-jail@freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Nov 2017 13:04:49 -0000 Hello, all! I'm got same problem... Did someone open an PR for this issue? 2017-10-11 22:48 GMT+03:00 Goran Meki=C4=87 : > On Tue, Oct 10, 2017 at 09:10:37PM +0000, Oleg Ginzburg wrote: > > I think I found something, but I do not understand why this is only > > observed in jail and with commit change this. > > The problem about which the Goran wrote can be fixed with: > > > > # diff -ruN dhclient.c-orig dhclient.c > > --- dhclient.c-orig 2017-10-10 23:51:52.451361000 +0000 > > +++ dhclient.c 2017-10-10 23:54:55.803404000 +0000 > > @@ -479,6 +479,7 @@ > > > > fork_privchld(pipe_fd[0], pipe_fd[1]); > > > > + pidfile_close(pidfile); > > close(ifi->ufdesc); > > ifi->ufdesc =3D -1; > > close(ifi->wfdesc); > > > > > > > > > > From pidfile(3) man page: > > > > The pidfile_close() function closes a pidfile. It should be used > after > > daemon fork()s to start a child process. > > > > > > chroot(2) in dhclient return NOPERM (via global errno). it seems to be > > related to open descriptor outside the chroot. > > > > I'm not sure if this fd leak (due to pidfile_remove at the end of > > dhclient), nevertheless closing pid fd in my jail/FreeBSD12 before > chroot > > solve dhclient issue. > > I can confirm Oleg's patch works for me. Weird one, for sure! > --=20 MATPOCKuH From owner-freebsd-jail@freebsd.org Thu Nov 16 13:07:35 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ED090DDD387; Thu, 16 Nov 2017 13:07:35 +0000 (UTC) (envelope-from srs0=pyxa=co=sigsegv.be=kristof@codepro.be) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B1AEB7A109; Thu, 16 Nov 2017 13:07:35 +0000 (UTC) (envelope-from srs0=pyxa=co=sigsegv.be=kristof@codepro.be) Received: from [192.168.228.1] (vega.codepro.be [IPv6:2a01:4f8:162:1127::3]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id DDC80205AE; Thu, 16 Nov 2017 14:07:32 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sigsegv.be; s=mail; t=1510837653; bh=OTUWsVaQc9E79BqZYf1exM/3X/XOqECD+KeE2jmdab0=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=vFLwK5m/FTNO0rPwelcXI4cB1SEBY6gH2sH8QwON9Jdrej/CY3qq7oHiPu+iUeEG7 itDfdcfKX25a4Ne39WlXmR8vJwGv4NQ9p7IEIEDyxEXSBpS2CYBlqQvy+RbGJespM/ jExTWVBpHntKL7jRk4WPM5mAQYMJvYysa23cX/40= From: "Kristof Provost" To: "KOT MATPOCKuH" Cc: "Goran =?utf-8?q?Meki=C4=87?=" , "Oleg Ginzburg" , "FreeBSD Current" , freebsd-jail@freebsd.org Subject: Re: VNET jail and dhclient Date: Thu, 16 Nov 2017 14:07:31 +0100 Message-ID: <02259035-2DA5-49CF-AEC0-15CC123E9FD4@sigsegv.be> In-Reply-To: References: <20171009072547.jauim6tlfennydf5@hal9000.meka.no-ip.org> <6D37D4AC-9DF4-4D55-8614-43CFC6BDD45E@sigsegv.be> <20171011192826.xkscmrovch3g7gni@thinker.meka.no-ip.org> MIME-Version: 1.0 X-Mailer: MailMate (2.0BETAr6096) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Nov 2017 13:07:36 -0000 On 16 Nov 2017, at 14:04, KOT MATPOCKuH wrote: > Hello, all! > > I'm got same problem... > Can you show how you call dhclient? What FreeBSD version are you running? What’s the output of `sysctl kern.chroot_allow_open_directories`? Regards, Kristof From owner-freebsd-jail@freebsd.org Thu Nov 16 13:12:42 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1C90CDDD70E; Thu, 16 Nov 2017 13:12:42 +0000 (UTC) (envelope-from meka@tilda.center) Received: from mail.tilda.center (tilda.center [45.77.138.211]) by mx1.freebsd.org (Postfix) with ESMTP id D911C7A66E; Thu, 16 Nov 2017 13:12:41 +0000 (UTC) (envelope-from meka@tilda.center) Received: from hal9000.meka.no-ip.org (unknown [87.116.176.63]) by mail.tilda.center (Postfix) with ESMTPSA id AD4B117D73; Thu, 16 Nov 2017 14:06:31 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=tilda.center; s=mail; t=1510837592; bh=GGUW6VldWuoPMZ4iJtfnohaUONmcuAx7h7rFcUl8sYE=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=cAzJgyAcTaYKosew21cmU9Pak80sYkYcSimM4zSwCuXmmnHBhpFwzEjji4whV0wc9 HNb2j+Dl7qqi/7/24UNPPxF51jmmln5H3SGrcXtuVI/yzM6boqNKaxkC9q4T4ah1pt jfT7NvDGJo4mk5oMl7+DCsBT73Clneyz1sKoN9xQ= Date: Thu, 16 Nov 2017 14:06:31 +0100 From: Goran =?utf-8?B?TWVracSH?= To: KOT MATPOCKuH Cc: Oleg Ginzburg , Kristof Provost , FreeBSD Current , freebsd-jail@freebsd.org Subject: Re: VNET jail and dhclient Message-ID: <20171116130631.rwv26brc4udkgzkl@hal9000.meka.no-ip.org> References: <20171009072547.jauim6tlfennydf5@hal9000.meka.no-ip.org> <6D37D4AC-9DF4-4D55-8614-43CFC6BDD45E@sigsegv.be> <20171011192826.xkscmrovch3g7gni@thinker.meka.no-ip.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="7q5msmpy7ttqddol" Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20171027 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Nov 2017 13:12:42 -0000 --7q5msmpy7ttqddol Content-Type: text/plain; charset=utf-8 Content-Disposition: inline On Thu, Nov 16, 2017 at 04:04:47PM +0300, KOT MATPOCKuH wrote: > Hello, all! > > I'm got same problem... > Did someone open an PR for this issue? Yes, Oleg did: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223327 --7q5msmpy7ttqddol Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE1WIFkXy2ZeMKjjKEWj1TknovrLYFAloNjVQACgkQWj1Tknov rLby+w//ZdSq6Zx57DhuZ0jQ8JvWaFTE7rj2E45NJz+4ZWV3dLLkc1PIQFD4yVt4 qwtPzkPmk/IOrBOpVz7m2yky0ls7uuLHgTtlffb7sCJuYlCwjSo1AJSUsvXKPxp2 urw6hBYyN5ZA2khCCOezkdO2o1LISNvGmJGhrp02dN9iTPanlEgXptUGK3p+NGTD kDS+rXMPfWAaaDHrCAM8/fspcqaNsTr54TVjP+HLejUKqnmCmTTwyBP6W8YdtQkw /Qo+v2K/0tsLFV9E3J4TIRuwUtVRyxhC2jE04PLlOK3Vn1XuxyPwRsSourF2ySO/ Sv7CNZjJZYKkmr2N/QgDiJZ0yhCoqggNGvCqNZt9cNLPN/ol8kvKGYmQlYKMZVQk 9hfh5S+nT31TJ/RrVrREV9Of3aXKkAkqXXbP7wEWdK8rT9QAvTmlsTZa7YZhHGSZ 3aIC8MWKDHH2L8v7UxINh6/hj+cnnpaiV6XcsashJINbtvjC37lQDeHcywVVkVdR vUAxLQNgV7qOnYwGzlpVnLOJlkCwPuti/uTS2DYo/R0vDsLvyN7XYES2EhiWyS0c hky4CNIdTkmKonTy1xd5UPsB9Kg58K3ehFEoO7lS24HwUznkK2SkOduzv/mIT85H +8QJNDA/Ydl9TuHtflMq2T3MGRk5pn7eGaN+ckGfyUZP6sxrd2o= =dAaS -----END PGP SIGNATURE----- --7q5msmpy7ttqddol-- From owner-freebsd-jail@freebsd.org Thu Nov 16 13:49:28 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 61A2EDDE60D; Thu, 16 Nov 2017 13:49:28 +0000 (UTC) (envelope-from matpockuh@gmail.com) Received: from mail-io0-x22f.google.com (mail-io0-x22f.google.com [IPv6:2607:f8b0:4001:c06::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 254857B89F; Thu, 16 Nov 2017 13:49:28 +0000 (UTC) (envelope-from matpockuh@gmail.com) Received: by mail-io0-x22f.google.com with SMTP id t11so5262200iof.13; Thu, 16 Nov 2017 05:49:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=QxX1IWEo34Bi6Y3stIKVfla02/evWPtJlT3BqgXvYmY=; b=EB21a3P11WFnbdCnyfuM3JeuVaRv21zr1cVbeSZvJskrbRIx+lxtrZC70nhDyI/PXQ k6d0qLAGOZo3nyLyYQxlx8tz6W7VKZzXT2EnIwag0klplWa3/uugzENh+MDQLUPW0del XphAL+Wuaml1Ob+/CPWdFjSU+CMrh3RdmqrQJyA3Xi9fp04HoVW3qIx8ndzbhPNavV59 LU4OGY0zl/ko0qe5irCUS4XgMChGOqTHZYyBQZAUSsfRg5hHSg8ALIxRB3OMRzWD88+X 8bDdvMBYzHzoFCJTEEWdRLWjAC1CBLnxUFqqDOe7J1uXs7QBQIkysE4bHs9g0VaYfbiH bQvA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=QxX1IWEo34Bi6Y3stIKVfla02/evWPtJlT3BqgXvYmY=; b=ky1I7tSzHQ0b+lE0kUq9/eZkMalytiAeLQTi1wYswth8pmVtG/+D8VW3qqy1BXWmFb xDB32PMoU+Do5V+t38wGzsSFhnrWIopV7Xo2xMAr373KbaKDIYgjpUnUthcQm0fXmTtg gcXHnBx4gZnPLj6MRxN1MBaBGHedSt/KExT+Jqmozgd/rJNY9lCAa9Ix9uobTkKF0x/Z mF0SaQzeeYIk09KX34VujsBnxhKOBJwCIEGUucpZMtgXp4wmw96re66Fi1+Uf+ryyrOt hgjCzrVkNlaPZPRsVANvSvlaJOs5LhZ8mnhPcigNQ+7iEwYxXugHJPkRdaJW1Em85+9D VuvA== X-Gm-Message-State: AJaThX6k1MxL1D48Gjtdsdg6fiRCPfifcjEmyQnp+0VzSvmIEQjHpgvS HlEMKRIjXqyxsjhFbfRYVNVmm+fAicpOv7ZwNF7LKA== X-Google-Smtp-Source: AGs4zMayzQc+xwn0I+/5dgP6yLYhlzB0aKWdRYPuSlq7gqZnLVp+h53V1vfX5k5Un+5gLqsu5rYvDEYjD2ESRQpcfZs= X-Received: by 10.107.8.32 with SMTP id 32mr1721134ioi.200.1510840166934; Thu, 16 Nov 2017 05:49:26 -0800 (PST) MIME-Version: 1.0 Received: by 10.2.73.26 with HTTP; Thu, 16 Nov 2017 05:49:26 -0800 (PST) In-Reply-To: <02259035-2DA5-49CF-AEC0-15CC123E9FD4@sigsegv.be> References: <20171009072547.jauim6tlfennydf5@hal9000.meka.no-ip.org> <6D37D4AC-9DF4-4D55-8614-43CFC6BDD45E@sigsegv.be> <20171011192826.xkscmrovch3g7gni@thinker.meka.no-ip.org> <02259035-2DA5-49CF-AEC0-15CC123E9FD4@sigsegv.be> From: KOT MATPOCKuH Date: Thu, 16 Nov 2017 16:49:26 +0300 Message-ID: Subject: Re: VNET jail and dhclient To: Kristof Provost Cc: =?UTF-8?B?R29yYW4gTWVracSH?= , Oleg Ginzburg , FreeBSD Current , freebsd-jail@freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Nov 2017 13:49:28 -0000 dhclient called very simple: jail# dhclient epair71b.71 chroot exiting. jail# echo $? 1 I'm running 12.0-CURRENT r325051 and: # sysctl kern.chroot_allow_open_directories kern.chroot_allow_open_directories: 1 And I found some another workaround: # dhclient -p /var/empty/pid epair71b.71 Cannot open or create pidfile: Operation not permitted DHCPDISCOVER on epair71b.71 to 255.255.255.255 port 67 interval 6 2017-11-16 16:07 GMT+03:00 Kristof Provost : > On 16 Nov 2017, at 14:04, KOT MATPOCKuH wrote: > > Hello, all! > > I'm got same problem... > > Can you show how you call dhclient? What FreeBSD version are you running? > > What=E2=80=99s the output of sysctl kern.chroot_allow_open_directories? > > Regards, > Kristof > --=20 MATPOCKuH