Date: Mon, 7 Apr 2003 21:41:48 -0600 From: Colin Harford <charford-list@infinithost.com> To: questions@freebsd.org Cc: Mikeal Clark <mikeal@mikeal.com> Subject: Jail and FreeBSD 5.0-Release Message-ID: <071383E8-6974-11D7-B41C-000393A6FBE8@infinithost.com>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So, we are having a few problems with FreeBSD 5.0-Release and jail.... The two currently killing us are: 1) Logging over ssh to the jailed IP# takes over a minute to complete... I checked the ssd_config in the jail environment and reverse lookup is not enabled... 2) After about 10 minutes, the jail environment gets toasted, as in that it becomes impossible to login over ssh to the jail environment... This is the error message: Password: Warning: no access to tty (Bad file descriptor). Thus no job control in this shell. There is nothing out of place in the jailed environment log files either... How jail is started: 1) ifconfig, 2) mount -t procfs proc /jail/<IP>/proc # jail /jail/<IP> jail <IP> /bin/sh /etc/rc hw.bus.devctl_disable: 1 -> 1 Entropy harvesting:sysctl: kern.random.sys.harvest.interrupt: Operation not permitted interruptssysctl: kern.random.sys.harvest.ethernet: Operation not permitted ethernetsysctl: kern.random.sys.harvest.point_to_point: Operation not permitted point_to_point. Fast boot: skipping disk checks. mount: /: unknown special file or file system adjkerntz[87273]: sysctl(put_wallclock): Operation not permitted Doing initial network setup:. ifconfig: ioctl (SIOCDIFADDR): permission denied lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 Additional routing options:. Mounting NFS file systems:. Starting syslogd. syslogd: child pid 87388 exited with return code 1 ELF ldconfig path: /usr/lib /usr/lib/compat a.out ldconfig path: /usr/lib/aout /usr/lib/compat/aout Starting local daemons:. Updating motd. Starting sshd. Initial i386 initialization:. Additional ABI support:. Local package initialization:. Additional TCP options:. Starting cron. Starting background file system checks. Mon Apr 7 22:07:20 CDT 2003 In the jail environment: rc.conf linux_enable="NO" usbd_enable="NO" sshd_enable="YES" portmap_enable="NO" In the host system: <IP Settings> inetd_flags="-wW -a <HOST IP>" sendmail_enable="NO" portmap_enable="NO" kern_securelevel_enable="NO" linux_enable="YES" usbd_enable="YES" sshd_enable="YES" All the stuff in the man pages were done: o Create an empty /etc/fstab to quell startup warnings about missing fstab o Disable the port mapper (/etc/rc.conf: portmap_enable="NO") o Run newaliases(1) to quell sendmail(8) warnings. o Disable interface configuration to quell startup warnings about ifconfig(8) (network_interfaces="") o Configure /etc/resolv.conf so that name resolution within the jail will work correctly o Set a root password, probably different from the real host sys- tem o Set the timezone o Add accounts for users in the jail environment o Install any packages that you think the environment requires Help. Thanks, CH This PGP signature is signed to charford at infinithost.com. If you have received this signature from a different email account please email that account and a different key will be sent. Sorry for any problems. This electronic message transmission contains information that is privileged, confidential or otherwise the exclusive property of the intended recipient or the sender. This information is intended for the use of the individual or entity that is the intended recipient. If you are not the designated recipient, please be aware that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this electronic transmission in error, please notify us by electronic mail charford @ infinithost.com and promptly destroy the original transmission. Thank you for your assistance. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (Darwin) iD8DBQE+kkT/tf2vknGZ+KoRAqFfAJ9wG/aJQcpsv98fhqLBfQpPSL1M/wCeKT9A 5PjmenLTaNuYiI/0jqbAzXI= =nq3j -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?071383E8-6974-11D7-B41C-000393A6FBE8>