dhcpd possible within jail?
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Sat Nov 1 13:15:08 PDT 2008
On Sat, 1 Nov 2008, Christer Edwards wrote:
> I recently set up a few jails for internal network services (sshd, bind,
> dhcpd, etc.) The only issue I have so far is that dhcpd doesn't seem to
> work within the jail env. It appears to start properly, and the process
> shows in top, but no leases are ever given out.
[ ...]
> I have also allowed raw_sockets from the host (unless there is another
> way to accomplish this).
>
> If anyone can tell me what I'm missing, or if its simply a jail
> limitation I'd appreciate it.
dhcpd imho needs bpf, so you would have to expose /dev/bpf* to that
jail and perhaps also /dev/net* things..
try adding something like this to your /etc/devfs.rules
[devfsrules_jail_dhcp=5]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add path 'bpf*' unhide
add path net unhide
add path 'net/*' unhide
the number is the first free that is not in your
/etc/defaults/devfs.rules and /etc/devfs.rules.
That done change the /etc/rc.conf line for that jail to
jail_FOOOOOO_devfs_ruleset="devfsrules_jail_dhcp"
with FOOOOOO being the right jail name of course and restart the jail.
Within the jail do a ls -l /dev/bpf* ; if there are no entries you'll
need to reapply the devfs rules from the base system (sh
/etc/rc.d/devfs start might do that). Try the ls again.
imho, you do not need to allow raw sockets.
HTH
/bz
--
Bjoern A. Zeeb Stop bit received. Insert coin for new game.
More information about the freebsd-jail
mailing list