Date: Sun, 10 Apr 2016 16:15:23 +0300 From: wishmaster <artemrts@ukr.net> To: Rodomar 705 <rodomar705@gmail.com> Cc: freebsd-jail@freebsd.org Subject: Re: Unable to enable allow.socket_af in jail Message-ID: <1460294016.468658658.3d23wikn@frv34.fwdcdn.com> In-Reply-To: <CAO99SiDGpj8cpd0U-3kPH-3jNQ03Yr=61L5KFw_MmCe17zZ76w@mail.gmail.com> References: <CAO99SiDGpj8cpd0U-3kPH-3jNQ03Yr=61L5KFw_MmCe17zZ76w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, --- Original message --- From: "Rodomar 705" <rodomar705@gmail.com> Date: 10 April 2016, 12:19:43 > Sorry for bothering, but after one hour of reading I still can't find a > solution for this problem. > > I'm trying to run a Linux game server inside a jail itself, for added > security. The server itself run great on the host system itself. I'm using > ezjail to manage the jail subsystem itself. > > After installing linux_base, the server start up just fine, until to the > point where it needs to fire up the network port, and crashing with > > (NetworkException) cannot create socket: 93 - Protocol not supported > > First i was thinking that allow_raw_sockets was what missing, after messing > with my configuration, i was able to make it work. No dice. After reading > the jail configuration, expecially under the allow section configuration, > it was clear to me that was missing were allow.socket_af. Tried with the > same parameter used with the first one, no dice. Tried adding sysvipc, > taken by some comments online, no dice. Adding one to the parameters (even > if wasn't making any sense since the other two was enabled without), no > dice. > > Can anyone explain me what I'm doing wrong? > > Thanks for your time, i'll leave the config below. > > In configuration file inside /usr/local/etc/ezjail/<jailname>: > > export jail_<jailname>_parameters="allow.raw_sockets allow.socket_af=1 > allow.sysvipc" > > Result from sudo jexec <jid> sysctl security.jail | egrep > '(allow_raw|sysvipc_allowed|socket_af)': > > security.jail.param.allow.socket_af: 0 > security.jail.allow_raw_sockets: 1 > security.jail.sysvipc_allowed: 1 Try VIMAGE, I have been using it for a long time without any problems in a quite complex scenarios. -- Vit
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1460294016.468658658.3d23wikn>