Date: Mon, 7 Apr 2003 21:41:48 -0600 From: Colin Harford <charford-list@infinithost.com> To: questions@freebsd.org Cc: Mikeal Clark <mikeal@mikeal.com> Subject: Jail and FreeBSD 5.0-Release Message-ID: <071383E8-6974-11D7-B41C-000393A6FBE8@infinithost.com>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
So, we are having a few problems with FreeBSD 5.0-Release and jail....
The two currently killing us are:
1) Logging over ssh to the jailed IP# takes over a minute to
complete... I checked the ssd_config in the jail environment and
reverse lookup is not enabled...
2) After about 10 minutes, the jail environment gets toasted, as in
that it becomes impossible to login over ssh to the jail environment...
This is the error message:
Password:
Warning: no access to tty (Bad file descriptor).
Thus no job control in
this shell.
There is nothing out of place in the jailed environment log files
either...
How jail is started:
1) ifconfig,
2) mount -t procfs proc /jail/<IP>/proc
# jail /jail/<IP> jail <IP> /bin/sh /etc/rc
hw.bus.devctl_disable: 1 -> 1
Entropy harvesting:sysctl: kern.random.sys.harvest.interrupt: Operation
not permitted
interruptssysctl: kern.random.sys.harvest.ethernet: Operation not
permitted
ethernetsysctl: kern.random.sys.harvest.point_to_point: Operation not
permitted
point_to_point.
Fast boot: skipping disk checks.
mount: /: unknown special file or file system
adjkerntz[87273]: sysctl(put_wallclock): Operation not permitted
Doing initial network setup:.
ifconfig: ioctl (SIOCDIFADDR): permission denied
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
Additional routing options:.
Mounting NFS file systems:.
Starting syslogd.
syslogd: child pid 87388 exited with return code 1
ELF ldconfig path: /usr/lib /usr/lib/compat
a.out ldconfig path: /usr/lib/aout /usr/lib/compat/aout
Starting local daemons:.
Updating motd.
Starting sshd.
Initial i386 initialization:.
Additional ABI support:.
Local package initialization:.
Additional TCP options:.
Starting cron.
Starting background file system checks.
Mon Apr 7 22:07:20 CDT 2003
In the jail environment:
rc.conf
linux_enable="NO"
usbd_enable="NO"
sshd_enable="YES"
portmap_enable="NO"
In the host system:
<IP Settings>
inetd_flags="-wW -a <HOST IP>"
sendmail_enable="NO"
portmap_enable="NO"
kern_securelevel_enable="NO"
linux_enable="YES"
usbd_enable="YES"
sshd_enable="YES"
All the stuff in the man pages were done:
o Create an empty /etc/fstab to quell startup warnings
about
missing fstab
o Disable the port mapper (/etc/rc.conf:
portmap_enable="NO")
o Run newaliases(1) to quell sendmail(8) warnings.
o Disable interface configuration to quell startup
warnings about
ifconfig(8) (network_interfaces="")
o Configure /etc/resolv.conf so that name resolution
within the
jail will work correctly
o Set a root password, probably different from the real
host sys-
tem
o Set the timezone
o Add accounts for users in the jail environment
o Install any packages that you think the environment
requires
Help.
Thanks,
CH
This PGP signature is signed to charford at infinithost.com. If you
have received this signature from a different email account please
email that account and a different key will be sent. Sorry for any
problems.
This electronic message transmission contains information that is
privileged, confidential or otherwise the exclusive property of the
intended recipient or the sender. This information is intended for the
use of the individual or entity that is the intended recipient. If you
are not the designated recipient, please be aware that any
dissemination, distribution or copying of this communication is
strictly prohibited. If you have received this electronic transmission
in error, please notify us by electronic mail charford @
infinithost.com and promptly destroy the original transmission. Thank
you for your assistance.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)
iD8DBQE+kkT/tf2vknGZ+KoRAqFfAJ9wG/aJQcpsv98fhqLBfQpPSL1M/wCeKT9A
5PjmenLTaNuYiI/0jqbAzXI=
=nq3j
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?071383E8-6974-11D7-B41C-000393A6FBE8>