From owner-freebsd-jail@freebsd.org Sun Apr 10 13:32:40 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A46D0B0A8DC for ; Sun, 10 Apr 2016 13:32:40 +0000 (UTC) (envelope-from artemrts@ukr.net) Received: from frv189.fwdcdn.com (frv189.fwdcdn.com [212.42.77.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5F4901EA7 for ; Sun, 10 Apr 2016 13:32:39 +0000 (UTC) (envelope-from artemrts@ukr.net) Received: from [10.10.2.23] (helo=frv198.fwdcdn.com) by frv189.fwdcdn.com with esmtp ID 1apFDC-0004cE-Mm for freebsd-jail@freebsd.org; Sun, 10 Apr 2016 16:15:34 +0300 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ukr.net; s=ffe; h=Content-Transfer-Encoding:Content-Type:MIME-Version:References:In-Reply-To:Message-Id:Cc:To:Subject:From:Date; bh=IVxVJePq8AG5/eEJQmMFq1MafZCf8r0uiUzFo1Vbcuk=; b=gqFyQujihU3hoZTMcEXsCIo9n3MiKj7+5BAJYe8Sj1i+DLoEGImN2sEeOWlbzC9iW2H0/dloiKeZ//RHN6OlFm6LyCs1LgMu7+rYmawQx02S5VJGa7Vv3ovkV4R83yCa+Aik4aL2EtXiSeZeJ84/gBENL6g26MKBdtUK1zF+aVY=; Received: from [10.10.10.34] (helo=frv34.fwdcdn.com) by frv198.fwdcdn.com with smtp ID 1apFD1-000A99-TS for freebsd-jail@freebsd.org; Sun, 10 Apr 2016 16:15:23 +0300 Date: Sun, 10 Apr 2016 16:15:23 +0300 From: wishmaster Subject: Re: Unable to enable allow.socket_af in jail To: Rodomar 705 Cc: freebsd-jail@freebsd.org X-Mailer: mail.ukr.net 5.0 Message-Id: <1460294016.468658658.3d23wikn@frv34.fwdcdn.com> In-Reply-To: References: X-Reply-Action: reply Received: from artemrts@ukr.net by frv34.fwdcdn.com; Sun, 10 Apr 2016 16:15:23 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: binary Content-Disposition: inline X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Apr 2016 13:32:40 -0000 Hi, --- Original message --- From: "Rodomar 705" Date: 10 April 2016, 12:19:43 > Sorry for bothering, but after one hour of reading I still can't find a > solution for this problem. > > I'm trying to run a Linux game server inside a jail itself, for added > security. The server itself run great on the host system itself. I'm using > ezjail to manage the jail subsystem itself. > > After installing linux_base, the server start up just fine, until to the > point where it needs to fire up the network port, and crashing with > > (NetworkException) cannot create socket: 93 - Protocol not supported > > First i was thinking that allow_raw_sockets was what missing, after messing > with my configuration, i was able to make it work. No dice. After reading > the jail configuration, expecially under the allow section configuration, > it was clear to me that was missing were allow.socket_af. Tried with the > same parameter used with the first one, no dice. Tried adding sysvipc, > taken by some comments online, no dice. Adding one to the parameters (even > if wasn't making any sense since the other two was enabled without), no > dice. > > Can anyone explain me what I'm doing wrong? > > Thanks for your time, i'll leave the config below. > > In configuration file inside /usr/local/etc/ezjail/: > > export jail__parameters="allow.raw_sockets allow.socket_af=1 > allow.sysvipc" > > Result from sudo jexec sysctl security.jail | egrep > '(allow_raw|sysvipc_allowed|socket_af)': > > security.jail.param.allow.socket_af: 0 > security.jail.allow_raw_sockets: 1 > security.jail.sysvipc_allowed: 1 Try VIMAGE, I have been using it for a long time without any problems in a quite complex scenarios. -- Vit