Date: Tue, 6 Jan 2009 16:12:20 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Albert Shih <Albert.Shih@obspm.fr> Cc: freebsd-jail@FreeBSD.org Subject: Re: Nagios & Jail Message-ID: <20090106160922.B45399@maildrop.int.zabbadoz.net> In-Reply-To: <20090106160333.GA99388@obspm.fr> References: <20081217210542.GA25347@obspm.fr> <20081218172218.GE3080@home.opsec.eu> <20090106145716.GE94159@obspm.fr> <20090106150352.B45399@maildrop.int.zabbadoz.net> <20090106160333.GA99388@obspm.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-494945514-1231258340=:45399 Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: QUOTED-PRINTABLE On Tue, 6 Jan 2009, Albert Shih wrote: > Le 06/01/2009 =E0 15:06:37+0000, Bjoern A. Zeeb a =E9crit >> On Tue, 6 Jan 2009, Albert Shih wrote: >> >>> In fact I found the problem : >>> >>> When I compile nagios-plugin ports in a jail the =ABconfigure=BB don't = find >>> syntax of ping : >>> >>> checking for ping... /sbin/ping >>> checking for ping6... /sbin/ping6 >>> checking for ICMP ping syntax... configure: WARNING: unable to find usa= ble ping syntax >>> >>> But if I compile the same ports in a =ABnormal=BB server (both are amd6= 4). >>> >>> checking for ping... /sbin/ping >>> checking for ping6... /sbin/ping6 >>> checking for ICMP ping syntax... /sbin/ping -n -c %d %s >>> checking for ICMPv6 ping syntax... /sbin/ping6 -n -c %d %s >>> >>> So if I use the check_ping produce by compiling in a no-jail server on = a >>> jail-server it's working. >>> >>> I think it's a bug about the nagios-plugins ports. What you think ? >> >> I think most of all configure stuff out there is ... ok, if you >> compile the port inside a jail and permit raw sockets, does it work >> then -- >> either by using the rc.conf option and restarting the jail with >> rc.d/jail or using sysctl security.jail.allow_raw_sockets=3D1 ? > > You mean I MUST restart the jail after I change the sysctl value ? Becaus= e > after I change it, I can make a ping from inside the jail without > restarting the jail. > > Well I'm going to make a new jail to check that (all other jail is in > production). No, if you manually change the sysctl it's all fine and production immediately. If you change the option .. wait; my fault, raw sockets is not supported by the rc framework in contrast to other things, so there is no option there. I confused this with jail_socket_unixiproute_only in which case just changing it in rc.conf would not be sufficient. /bz --=20 Bjoern A. Zeeb The greatest risk is not taking one. --0-494945514-1231258340=:45399--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090106160922.B45399>