From owner-freebsd-questions@FreeBSD.ORG Mon Apr 7 20:42:25 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C732B37B401 for ; Mon, 7 Apr 2003 20:42:25 -0700 (PDT) Received: from mail.infinithost.com (mail.infinithost.com [142.179.166.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id F399243FD7 for ; Mon, 7 Apr 2003 20:42:24 -0700 (PDT) (envelope-from charford-list@infinithost.com) Received: from [192.168.1.32] (port=63255 helo=infinithost.com) by mail.infinithost.com with esmtp (Exim 4.12) id 192k05-0003nP-00; Mon, 07 Apr 2003 21:42:21 -0600 Date: Mon, 7 Apr 2003 21:41:48 -0600 Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v551) To: questions@freebsd.org From: Colin Harford Content-Transfer-Encoding: 7bit Message-Id: <071383E8-6974-11D7-B41C-000393A6FBE8@infinithost.com> X-Pgp-Agent: GPGMail 0.5.4 (v22 Jaguar) X-Mailer: Apple Mail (2.551) X-Spam-Score: -8.4 (--------) X-Scanner: exiscan for exim4 (http://duncanthrax.net/exiscan/) *192k05-0003nP-00*gkJDHD.fk0.* cc: Mikeal Clark Subject: Jail and FreeBSD 5.0-Release X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Apr 2003 03:42:26 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So, we are having a few problems with FreeBSD 5.0-Release and jail.... The two currently killing us are: 1) Logging over ssh to the jailed IP# takes over a minute to complete... I checked the ssd_config in the jail environment and reverse lookup is not enabled... 2) After about 10 minutes, the jail environment gets toasted, as in that it becomes impossible to login over ssh to the jail environment... This is the error message: Password: Warning: no access to tty (Bad file descriptor). Thus no job control in this shell. There is nothing out of place in the jailed environment log files either... How jail is started: 1) ifconfig, 2) mount -t procfs proc /jail//proc # jail /jail/ jail /bin/sh /etc/rc hw.bus.devctl_disable: 1 -> 1 Entropy harvesting:sysctl: kern.random.sys.harvest.interrupt: Operation not permitted interruptssysctl: kern.random.sys.harvest.ethernet: Operation not permitted ethernetsysctl: kern.random.sys.harvest.point_to_point: Operation not permitted point_to_point. Fast boot: skipping disk checks. mount: /: unknown special file or file system adjkerntz[87273]: sysctl(put_wallclock): Operation not permitted Doing initial network setup:. ifconfig: ioctl (SIOCDIFADDR): permission denied lo0: flags=8049 mtu 16384 Additional routing options:. Mounting NFS file systems:. Starting syslogd. syslogd: child pid 87388 exited with return code 1 ELF ldconfig path: /usr/lib /usr/lib/compat a.out ldconfig path: /usr/lib/aout /usr/lib/compat/aout Starting local daemons:. Updating motd. Starting sshd. Initial i386 initialization:. Additional ABI support:. Local package initialization:. Additional TCP options:. Starting cron. Starting background file system checks. Mon Apr 7 22:07:20 CDT 2003 In the jail environment: rc.conf linux_enable="NO" usbd_enable="NO" sshd_enable="YES" portmap_enable="NO" In the host system: inetd_flags="-wW -a " sendmail_enable="NO" portmap_enable="NO" kern_securelevel_enable="NO" linux_enable="YES" usbd_enable="YES" sshd_enable="YES" All the stuff in the man pages were done: o Create an empty /etc/fstab to quell startup warnings about missing fstab o Disable the port mapper (/etc/rc.conf: portmap_enable="NO") o Run newaliases(1) to quell sendmail(8) warnings. o Disable interface configuration to quell startup warnings about ifconfig(8) (network_interfaces="") o Configure /etc/resolv.conf so that name resolution within the jail will work correctly o Set a root password, probably different from the real host sys- tem o Set the timezone o Add accounts for users in the jail environment o Install any packages that you think the environment requires Help. Thanks, CH This PGP signature is signed to charford at infinithost.com. If you have received this signature from a different email account please email that account and a different key will be sent. Sorry for any problems. This electronic message transmission contains information that is privileged, confidential or otherwise the exclusive property of the intended recipient or the sender. This information is intended for the use of the individual or entity that is the intended recipient. If you are not the designated recipient, please be aware that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this electronic transmission in error, please notify us by electronic mail charford @ infinithost.com and promptly destroy the original transmission. Thank you for your assistance. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (Darwin) iD8DBQE+kkT/tf2vknGZ+KoRAqFfAJ9wG/aJQcpsv98fhqLBfQpPSL1M/wCeKT9A 5PjmenLTaNuYiI/0jqbAzXI= =nq3j -----END PGP SIGNATURE-----