From owner-freebsd-jail@freebsd.org Tue Jun 9 16:25:59 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8FF59332312 for ; Tue, 9 Jun 2020 16:25:59 +0000 (UTC) (envelope-from ole@free.de) Received: from smtp.free.de (smtp.free.de [91.204.6.103]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 49hFqB59V0z40t2 for ; Tue, 9 Jun 2020 16:25:58 +0000 (UTC) (envelope-from ole@free.de) Received: from lenp43s (x5d8369d6.dyn.telefonica.de [93.131.105.214]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.free.de (Postfix) with ESMTPSA id 8CB1E9CD6A for ; Tue, 9 Jun 2020 18:25:51 +0200 (CEST) Date: Tue, 9 Jun 2020 18:25:46 +0200 From: Ole To: freebsd-jail@freebsd.org Subject: Re: vnet jail shutdown crashes system Message-ID: <20200609182546.6693d2e3.ole@free.de> In-Reply-To: References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; boundary="Sig_/kqTjVfhN2gRTpBhzCu+DYyA"; protocol="application/pgp-signature" X-Rspamd-Queue-Id: 49hFqB59V0z40t2 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of ole@free.de designates 91.204.6.103 as permitted sender) smtp.mailfrom=ole@free.de X-Spamd-Result: default: False [0.32 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.48)[-0.479]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ptr]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-jail@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.41)[-0.409]; DMARC_NA(0.00)[free.de]; NEURAL_SPAM_SHORT(0.61)[0.613]; MID_CONTAINS_FROM(1.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:31371, ipnet:91.204.4.0/22, country:DE]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[93.131.105.214:received] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jun 2020 16:25:59 -0000 --Sig_/kqTjVfhN2gRTpBhzCu+DYyA Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Hello Dave, I had the same problem. I found out, that the system will crash, if I do the 'ifconfig epair0a destroy' direct after the 'jail -r'. My solution is to sleep 2 seconds after the 'jail -r' command. Maybe a little bit dirty. Ole Sun, 7 Jun 2020 21:59:03 -0400 - David Mehler : > Hello, >=20 > I've finally created a vnet jail on FreeBSD 12.1 that will get out to > the internet. Whenever I atempt to shut it down the system crashes, I > have no idea why. >=20 > I found an example and adapted and pounded on it until I got it > working. Here's my configuration. On the host: >=20 > /etc/rc.conf fragment: > cloned_interfaces=3D"bridge0" > ifconfig_bridge0=3D"inet 192.168.122.1/24 addm vtnet0 up" >=20 > #cat /etc/jail.conf > exec.clean; > exec.start =3D "/bin/sh /etc/rc"; > exec.stop =3D "/bin/sh /etc/rc.shutdown"; > mount.devfs; > allow.raw_sockets; > exec.system_user =3D "root"; > exec.jail_user =3D "root"; > vnet; >=20 > jail1 { > host.hostname =3D jail1.lan; > path =3D "/jails/jail1"; > devfs_ruleset =3D "5"; > vnet.interface =3D "epair0b"; > exec.prestart =3D "ifconfig epair0 create up"; > exec.prestart +=3D "ifconfig bridge0 addm epair0a"; > exec.poststop =3D "ifconfig bridge0 deletem epair0a"; > exec.poststop +=3D "ifconfig epair0a destroy"; > exec.consolelog =3D "/var/log/jail_jail1_console.log"; > } >=20 > ifconfig fragment: > bridge0: flags=3D8843 metric 0 > mtu 1500 ether 02:e7:79:f2:c4:00 > inet 192.168.122.1 netmask 0xffffff00 broadcast > 192.168.122.255 id 00:00:00:00:00:00 priority 32768 hellotime 2 > fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 > root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 > member: epair0a flags=3D143 > ifmaxaddr 0 port 4 priority 128 path cost 2000 > member: vtnet0 flags=3D143 > ifmaxaddr 0 port 1 priority 128 path cost 2000 > groups: bridge > nd6 options=3D9 > epair0a: flags=3D8943 > metric 0 mtu 1500 > options=3D8 > ether 02:ad:9b:f9:5e:0a > inet6 fe80::ad:9bff:fef9:5e0a%epair0a prefixlen 64 scopeid 0x4 > groups: epair > media: Ethernet 10Gbase-T (10Gbase-T ) > status: active > nd6 options=3D23 >=20 > In the vnet jail: > # cat /etc/rc.conf > hostname=3D"jail1.lan" > ifconfig_epair0b=3D"inet 192.168.122.50 netmask 255.255.255.0" > defaultrouter=3D"192.168.122.1" >=20 > I wish I knew why stopping this jail takes the whole system down, > suggestions welcome. > Thanks. > Dave. > _______________________________________________ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to > "freebsd-jail-unsubscribe@freebsd.org" --Sig_/kqTjVfhN2gRTpBhzCu+DYyA Content-Type: application/pgp-signature Content-Description: Digitale Signatur von OpenPGP -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE60BGd7KVfL83NXCUJZaRRqjklFAFAl7fuAoACgkQJZaRRqjk lFApoBAAn1Ziw6T65l3ZvaCy5BmpI+My1N41SL925t7OHAYnxHMumnMqMYtXuY54 A0oO7wSvVPmCV/IXGAd5jk5fehNUY5VifIAkHQau1x2NtQKzB5gqAq7Y3r4px2tV 9+hgxWwZRZ+qc40s2AyYWYRbxrFTMeFA4hrvyhW5in24uRSPG/K7UPssR4ITNJ4S ZIGEPWIF7SFxlT3tHvWFw8mKhWmhTe0+6QI20zhR9+D3QB3ypnBpHRrOilteP0Gx GsXepGamSMdLjXIBI2OTgJ6B9upJOGSW83+81/fQhbxQotqXAdQWORqQT8mcXBk2 J0nixE9t6nFYAoOIR7L3Qfc40qLDOFK1h4e9tn8vfWDRL/euqAuXSleomgMutzil hIgdFFduv6Py1ySoqlejWgarYysUm/EV+1cE3Fi7zMIW/khMY5Jh0tZrsBI+ITin mzTUAZVZxpBcG1XgwehQSYFVMQRsczwOL/tenPSmOcMyCjQO+DyO5QfHlCVkg8eX zfoKXgXJzGfRnIGeL6jG9lQ5oZ+MI82xxHoK6/l48I5dV/+ml1zQ3JamHMDyVrsN 4PqxyTzl08RWH5sWM33DK9zFYdsXp1YBMgpCAN7/x9ySCLq+GNFPkZWuAcxWXgM7 iygOeTDN9rlZjYjndp6fbAbsVE9url0lOI6og2xcRHHdVK8MEi8= =zzjN -----END PGP SIGNATURE----- --Sig_/kqTjVfhN2gRTpBhzCu+DYyA--