Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 5 Jun 2007 20:23:13 +1000
From:      "David N" <davidn04@gmail.com>
To:        "Paul Fraser" <pfraser@gmail.com>
Cc:        FreeBSD-Questions Mailing List <freebsd-questions@freebsd.org>
Subject:   Re: isc-dhcp3-server in a jail?
Message-ID:  <4d7dd86f0706050323u51ae9576wbff4fe51810e2267@mail.gmail.com>
In-Reply-To: <f82eafcc0706042200t26204fb7s3e6a882d6f5e61b0@mail.gmail.com>
References:  <f82eafcc0706030547q54ef5bekb3408e5e734668fc@mail.gmail.com> <20070604113945.GA15154@schottelius.org> <f82eafcc0706041519y76cd77edtcc0b4a9f4744710d@mail.gmail.com> <4d7dd86f0706041940w21dfb3f9xaf19d629a75ad023@mail.gmail.com> <f82eafcc0706042200t26204fb7s3e6a882d6f5e61b0@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On 05/06/07, Paul Fraser <pfraser@gmail.com> wrote:
> On 6/5/07, David N <davidn04@gmail.com> wrote:
> > To get isc-dhcpd in a jail you need to give the jail access to /dev/bpf0
> >
> > so you have to edit /etc/defaults/devfs.rules
> > add to the end the unhide rules for bpf eg.
> > [devfsrules_unhide_bpf=5]
> > add path bpf0 unhide
> >
> > [devfsrules_dhcp_jail=6]
> > add include $devfsrules_hide_all
> > add include $devfsrules_unhide_basic
> > add include $devfsrules_unhide_login
> > add include $devfsrules_unhide_bpf
> >
> > then in your /etc/rc.conf add
> > jail_<jailname>_defs_ruleset="devfsrules_dhcp_jail"
> >
> > and restart the jail.
>
> Thank you very much David, that's done the trick! I much prefer having
> dhcpd sitting in a jail along with a few other network services.
>
> Cheers,
>
> P.
>
> --
> Regards,
>
> Paul Fraser
> http://furyc0de.net/
>

np, for the life of me i couldn't get isc-dhcpd working in jails at
all without the bpf0. I tried all the jail patches and everything. Its
the only way i found it to work.

But it does mean that if the dhcpd gets compromised, they'll have
control of the bpf0, not really sure what it does though =)

I'm glad it worked out though

Cheers
David N



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4d7dd86f0706050323u51ae9576wbff4fe51810e2267>