From sodynet1 at gmail.com Wed Oct 1 11:52:21 2008 From: sodynet1 at gmail.com (Sami Halabi) Date: Wed Oct 1 11:52:28 2008 Subject: Multiple IPS - Freebsd 7.1 Message-ID: hi everyone, I saw a lot of messages about this so here is it - i just patched it (took me a day but okay :) i just downloaded the latest src using this sup file - cvsup: http://www.royalshells.com/download/freebsd/stable-supfile # cvsup stable-supfile i applied the following patch (which i changed to get to work with the current src): http://www.royalshells.com/download/freebsd/bz_jail7-20080727-11-at146062-Fixed_By_Sody_1.10.08.diff to patch do: # cd /usr/src # patch -p6 < bz_jail7-20080727-11-at146062-Fixed_By_Sody_1.10.08.diff after done re-compile the kernel: # cp /usr/src/sys/netinet/in_pcb.h /usr/include/netinet/ # cp /usr/src/sys/sys/jail.h /usr/include/sys/ clean obj dir: ------------------- # rm -Rf /usr/obj/* compile jail and jls: ---------------------------- # cd /usr/src/usr.sbin/jail/ # make clean && make depend && make install # cd /usr/src/usr.sbin/jls/ # make clean && make depend && make install compile the kernel: ----------------------------- # cd /usr/src # make buildworld # make buildkernel KERNCONF=GENERIC # make installworld # make installkernel KERNCONF=GENERIC # mergemaster -U after reboot: # uname -a FreeBSD server.com 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #0: Tue Sep 30 20:03:00 UTC 2008 root@34.loyalness.com:/usr/obj/usr/src/sys/GENERIC i386 # check the patch: # jail usage: jail [-hi] [-n jailname] [-J jid_file] [-s securelevel] [-l -u username | -U username] path hostname [ip[,..]] command ... # Enjoy. Sami From nejc at skoberne.net Wed Oct 1 11:58:54 2008 From: nejc at skoberne.net (=?ISO-8859-1?Q?Nejc_S=28koberne?=) Date: Wed Oct 1 11:59:01 2008 Subject: Multiple IPS - Freebsd 7.1 In-Reply-To: References: Message-ID: <48E365FB.10104@skoberne.net> Hello, > I saw a lot of messages about this so here is it - i just patched it (took > me a day but okay :) does this patch maybe also makes it possible for a jail to listen at a broadcast address? Thanks, Nejc From sodynet1 at gmail.com Wed Oct 1 12:06:40 2008 From: sodynet1 at gmail.com (Sami Halabi) Date: Wed Oct 1 12:06:47 2008 Subject: Multiple IPS - Freebsd 7.1 In-Reply-To: References: Message-ID: hi, i didn't try it. i just saw a new path from bz and tried it, now compiling, here is it: http://people.freebsd.org/~bz/bz_jail7-20080920-01-at150161.diff Sami royalshells.com, loyalness.com, On Wed, Oct 1, 2008 at 1:56 PM, Steven Hartland wrote: > I would dearly like to see this make the 7.1 release, multi IP's in order > to support backend interfaces in jails, is something that we hit against > all the time. > > Regards > Steve > ----- Original Message ----- From: "Sami Halabi" > To: > Sent: Wednesday, October 01, 2008 12:21 PM > Subject: Multiple IPS - Freebsd 7.1 > > > hi everyone, >> >> I saw a lot of messages about this so here is it - i just patched it (took >> me a day but okay :) >> >> i just downloaded the latest src using this sup file - cvsup: >> http://www.royalshells.com/download/freebsd/stable-supfile >> >> # cvsup stable-supfile >> >> >> i applied the following patch (which i changed to get to work with the >> current src): >> >> http://www.royalshells.com/download/freebsd/bz_jail7-20080727-11-at146062-Fixed_By_Sody_1.10.08.diff >> >> to patch do: >> # cd /usr/src >> # patch -p6 < bz_jail7-20080727-11-at146062-Fixed_By_Sody_1.10.08.diff >> >> after done re-compile the kernel: >> # cp /usr/src/sys/netinet/in_pcb.h /usr/include/netinet/ >> # cp /usr/src/sys/sys/jail.h /usr/include/sys/ >> >> clean obj dir: >> ------------------- >> # rm -Rf /usr/obj/* >> >> compile jail and jls: >> ---------------------------- >> # cd /usr/src/usr.sbin/jail/ >> # make clean && make depend && make install >> # cd /usr/src/usr.sbin/jls/ >> # make clean && make depend && make install >> >> compile the kernel: >> ----------------------------- >> # cd /usr/src >> # make buildworld >> # make buildkernel KERNCONF=GENERIC >> # make installworld >> # make installkernel KERNCONF=GENERIC >> # mergemaster -U >> >> after reboot: >> # uname -a >> FreeBSD server.com 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #0: Tue Sep 30 >> 20:03:00 UTC 2008 root@34.loyalness.com:/usr/obj/usr/src/sys/GENERIC >> i386 >> # >> >> check the patch: >> # jail >> usage: jail [-hi] [-n jailname] [-J jid_file] [-s securelevel] [-l -u >> username | -U username] path hostname [ip[,..]] command ... >> # >> >> Enjoy. >> >> Sami >> _______________________________________________ >> freebsd-jail@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-jail >> To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" >> >> > ================================================ > This e.mail is private and confidential between Multiplay (UK) Ltd. and the > person or entity to whom it is addressed. In the event of misdirection, the > recipient is prohibited from using, copying, printing or otherwise > disseminating it or any information contained in it. > In the event of misdirection, illegible or incomplete transmission please > telephone +44 845 868 1337 > or return the E.mail to postmaster@multiplay.co.uk. > > From bzeeb-lists at lists.zabbadoz.net Wed Oct 1 12:10:08 2008 From: bzeeb-lists at lists.zabbadoz.net (Bjoern A. Zeeb) Date: Wed Oct 1 12:10:30 2008 Subject: jail/broadcast IP [was: Multiple IPS - Freebsd 7.1] In-Reply-To: <48E365FB.10104@skoberne.net> References: <48E365FB.10104@skoberne.net> Message-ID: <20081001120836.X7528@maildrop.int.zabbadoz.net> On Wed, 1 Oct 2008, Nejc S(koberne wrote: Hi, > does this patch maybe also makes it possible for a jail to listen at a broadcast address? So before you are going to post this to another thread -- what are you trying to achive? -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From bzeeb-lists at lists.zabbadoz.net Wed Oct 1 12:10:08 2008 From: bzeeb-lists at lists.zabbadoz.net (Bjoern A. Zeeb) Date: Wed Oct 1 12:10:30 2008 Subject: Multiple IPS - Freebsd 7.1 In-Reply-To: References: Message-ID: <20081001120010.Q7528@maildrop.int.zabbadoz.net> On Wed, 1 Oct 2008, Sami Halabi wrote: Hi, > i applied the following patch (which i changed to get to work with the > current src): > http://www.royalshells.com/download/freebsd/bz_jail7-20080727-11-at146062-Fixed_By_Sody_1.10.08.diff I do not know what the "Fixed_By_Sody_1.10.08" part is but it's at least based on a backlevel patch of mine so I hope someone fixed the locking for 7.1-PRE. I had posted a patch for 7-STABLE (7.1-PRE) last month http://people.freebsd.org/~bz/bz_jail7-20080920-01-at150161.diff so taking that one you could have save yourself a lot of time I guess. In case you have changes it would be good to know what you did or what I do not have so the do not have forks as my version will hit HEAD soon and has changed (also the user space) since July. /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From killing at multiplay.co.uk Wed Oct 1 12:16:13 2008 From: killing at multiplay.co.uk (Steven Hartland) Date: Wed Oct 1 12:16:32 2008 Subject: Multiple IPS - Freebsd 7.1 References: Message-ID: I would dearly like to see this make the 7.1 release, multi IP's in order to support backend interfaces in jails, is something that we hit against all the time. Regards Steve ----- Original Message ----- From: "Sami Halabi" To: Sent: Wednesday, October 01, 2008 12:21 PM Subject: Multiple IPS - Freebsd 7.1 > hi everyone, > > I saw a lot of messages about this so here is it - i just patched it (took > me a day but okay :) > > i just downloaded the latest src using this sup file - cvsup: > http://www.royalshells.com/download/freebsd/stable-supfile > > # cvsup stable-supfile > > > i applied the following patch (which i changed to get to work with the > current src): > http://www.royalshells.com/download/freebsd/bz_jail7-20080727-11-at146062-Fixed_By_Sody_1.10.08.diff > > to patch do: > # cd /usr/src > # patch -p6 < bz_jail7-20080727-11-at146062-Fixed_By_Sody_1.10.08.diff > > after done re-compile the kernel: > # cp /usr/src/sys/netinet/in_pcb.h /usr/include/netinet/ > # cp /usr/src/sys/sys/jail.h /usr/include/sys/ > > clean obj dir: > ------------------- > # rm -Rf /usr/obj/* > > compile jail and jls: > ---------------------------- > # cd /usr/src/usr.sbin/jail/ > # make clean && make depend && make install > # cd /usr/src/usr.sbin/jls/ > # make clean && make depend && make install > > compile the kernel: > ----------------------------- > # cd /usr/src > # make buildworld > # make buildkernel KERNCONF=GENERIC > # make installworld > # make installkernel KERNCONF=GENERIC > # mergemaster -U > > after reboot: > # uname -a > FreeBSD server.com 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #0: Tue Sep 30 > 20:03:00 UTC 2008 root@34.loyalness.com:/usr/obj/usr/src/sys/GENERIC > i386 > # > > check the patch: > # jail > usage: jail [-hi] [-n jailname] [-J jid_file] [-s securelevel] [-l -u > username | -U username] path hostname [ip[,..]] command ... > # > > Enjoy. > > Sami > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > ================================================ This e.mail is private and confidential between Multiplay (UK) Ltd. and the person or entity to whom it is addressed. In the event of misdirection, the recipient is prohibited from using, copying, printing or otherwise disseminating it or any information contained in it. In the event of misdirection, illegible or incomplete transmission please telephone +44 845 868 1337 or return the E.mail to postmaster@multiplay.co.uk. From sodynet1 at gmail.com Wed Oct 1 12:22:54 2008 From: sodynet1 at gmail.com (Sami Halabi) Date: Wed Oct 1 12:23:01 2008 Subject: Multiple IPS - Freebsd 7.1 In-Reply-To: <20081001120010.Q7528@maildrop.int.zabbadoz.net> References: <20081001120010.Q7528@maildrop.int.zabbadoz.net> Message-ID: bz, your right. i've posted that link :) Sami On Wed, Oct 1, 2008 at 2:08 PM, Bjoern A. Zeeb < bzeeb-lists@lists.zabbadoz.net> wrote: > On Wed, 1 Oct 2008, Sami Halabi wrote: > > Hi, > > i applied the following patch (which i changed to get to work with the >> current src): >> >> http://www.royalshells.com/download/freebsd/bz_jail7-20080727-11-at146062-Fixed_By_Sody_1.10.08.diff >> > > I do not know what the "Fixed_By_Sody_1.10.08" part is but > it's at least based on a backlevel patch of mine so I hope > someone fixed the locking for 7.1-PRE. > > I had posted a patch for 7-STABLE (7.1-PRE) last month > http://people.freebsd.org/~bz/bz_jail7-20080920-01-at150161.diff > so taking that one you could have save yourself a lot of time I guess. > > In case you have changes it would be good to know what you did > or what I do not have so the do not have forks as my version will hit > HEAD soon and has changed (also the user space) since July. > > /bz > > -- > Bjoern A. Zeeb Stop bit received. Insert coin for new game. > From bzeeb-lists at lists.zabbadoz.net Wed Oct 1 12:35:07 2008 From: bzeeb-lists at lists.zabbadoz.net (Bjoern A. Zeeb) Date: Wed Oct 1 12:35:13 2008 Subject: Multiple IPS - Freebsd 7.1 In-Reply-To: References: <20081001120010.Q7528@maildrop.int.zabbadoz.net> Message-ID: <20081001122959.M7528@maildrop.int.zabbadoz.net> On Wed, 1 Oct 2008, Sami Halabi wrote: Hi, > your right. > i've posted that link :) Yes, seen it, your mail came in, when mine was out. UUCP works so fine;) You want to read the comments from then though as at least jls user space and some kernel stuff had changed: http://lists.freebsd.org/pipermail/freebsd-jail/2008-September/000459.html http://lists.freebsd.org/pipermail/freebsd-jail/2008-September/000468.html In case you have any problems, etc. let me know. /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From bzeeb-lists at lists.zabbadoz.net Wed Oct 1 12:40:06 2008 From: bzeeb-lists at lists.zabbadoz.net (Bjoern A. Zeeb) Date: Wed Oct 1 12:40:15 2008 Subject: Multiple IPS - Freebsd 7.1 In-Reply-To: References: Message-ID: <20081001123437.K7528@maildrop.int.zabbadoz.net> On Wed, 1 Oct 2008, Steven Hartland wrote: Hi, > I would dearly like to see this make the 7.1 release, multi IP's in order > to support backend interfaces in jails, is something that we hit against > all the time. Whatever your wishes or backends are, the multi-IP jail patches will NOT be in 7.1-RELEASE. full stop. You will need the patch. full stop. So I am trying to get it into HEAD at the moment and in 2 months or so once 7.1-R is out and things have settled in HEAD we can waste thoughts on MFCing it to 7-STABLE so it could be in 7.2-R. I cannot garantuee it will happen as the patch is intrusive and cannot keep the KPI. The best thing you can do until then is to actually take the patch, test it, report problems, ... /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From Alexander at Leidinger.net Wed Oct 1 13:56:17 2008 From: Alexander at Leidinger.net (Alexander Leidinger) Date: Wed Oct 1 13:56:24 2008 Subject: Migration of Jail from one host to another? In-Reply-To: <20080702202235.GA16820@sysmon.tcworks.net> References: <20080702202235.GA16820@sysmon.tcworks.net> Message-ID: <20081001153706.169043ug9vlsaim8@webmail.leidinger.net> Quoting "Scott Lambert" (from Wed, 2 Jul 2008 15:22:35 -0500): > I'm probably doing this completely wrong. I setup a couple of jails > using simple image files because I thought that would make migration > to another server more straightforward. I am now trying to migrate my > first jail. A little bit late, but I moved 2 ezjails today (on 8-current). It was setup inside a ZFS, not in an image. It worked without problems (I transferred the ZFS data (zfs send | zfs receive), the fstab file, and the ezjail config file). > /usr/local/etc/rc.d/ezjail.sh start > ezjailConfiguring jails:. > Starting jails: testnetmount: /home/ezjails/migrate.jail.device : > Operation not permitted You have a problem here. You may want to look into ezjail what the testnetmount is doing. I assume there's some problem with creating the md device. > df: /home/ezjails/migrate.jail/dev: No such file or directory > mount: /home/ezjails/migrate.jail/dev: No such file or directory I think this and the rest are followup errors of the failed mount of the disk image. Bye, Alexander. -- You may get an opportunity for advancement today. Watch it! http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 From bseklecki at collaborativefusion.com Thu Oct 2 17:36:13 2008 From: bseklecki at collaborativefusion.com (Brian A. Seklecki) Date: Thu Oct 2 17:36:19 2008 Subject: Multiple IPS - Freebsd 7.1 In-Reply-To: <20081001123437.K7528@maildrop.int.zabbadoz.net> References: <20081001123437.K7528@maildrop.int.zabbadoz.net> Message-ID: <1222967289.22435.94.camel@soundwave.ws.pitbpa0.priv.collaborativefusion.com> On Wed, 2008-10-01 at 12:39 +0000, Bjoern A. Zeeb wrote: > thoughts on MFCing it to 7-STABLE so it could be in 7.2-R. I cannot Someone might be encouraged by the idea of a nice 21 year scotch under the Christmas tree. Although I'm not holding my breath (Bjoern -- I have to talk to you about that FAST_IPSEC NAT-T patch for FreeBSD), I'm just glad that this wont involve / require a full pullup of Julian Elischer's Vimage and FIB+Multi-Routing-Table changes. Chances of those making way into 7.x are low like Skylab. -- Brian A. Seklecki Collaborative Fusion, Inc. IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message is not an intended recipient (or the individual responsible for the delivery of this message to an intended recipient), please be advised that any re-use, dissemination, distribution or copying of this message is prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. From bzeeb-lists at lists.zabbadoz.net Fri Oct 3 08:25:08 2008 From: bzeeb-lists at lists.zabbadoz.net (Bjoern A. Zeeb) Date: Fri Oct 3 08:25:15 2008 Subject: samba inside jails [was: jail/broadcast IP [was: ...]] In-Reply-To: <48E36B2F.1070707@skoberne.net> References: <48E365FB.10104@skoberne.net> <20081001120836.X7528@maildrop.int.zabbadoz.net> <48E36B2F.1070707@skoberne.net> Message-ID: <20081003081218.J7528@maildrop.int.zabbadoz.net> On Wed, 1 Oct 2008, Nejc S(koberne wrote: Hi, Cc:ing freebsd-jail again. > I would like to make Samba, running in jail, to listen at a broadcast address. > Normally Samba would listen on *.138 and *.137 (UDP), but when in jail, it can > just listens at IP.138 and IP.137, which makes it unable to "see" the requests. So it listens on INADDR_ANY which is not the broadcast address. However the windows world is (was) high on broadcasts. If you have multiple IPs it does listen on *:{port} again but that's only partly the same as what you are probably thinking about. You can still run samba inside a (multi-IP) jail. Back in 2006, about this multi-IP patch, and samba from then I found the following: 1) samba does not respond from the same IP the packet was directed to but from your "Primary IP". This is interesting if you have multiple IPs from the same subnet on the same link and jail. 2) with the multi-IP jail patch I preserve the primary IP (the first IP given for each address family) as such. So you can actually tell a jail what the "primary"/fallback IP would be in case the introduced source address selection does not find any better. 3) In samba it used to be the interfaces = config option that you would set to the (primary) IP of your jail. With the above you should be able to address the samba server inside the jail and exchange files and all that. At least I was able to back then. Things may have changed. Depending on your setup browsing via good old braodcast stuff might not work but in any modern setup that should no longer be needed imho. Good luck. /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From reddvinylene at gmail.com Fri Oct 3 09:41:14 2008 From: reddvinylene at gmail.com (Redd Vinylene) Date: Fri Oct 3 09:41:19 2008 Subject: Jail, pf and ftpd: Connection refused Message-ID: Greetings ladies and gentlemen! Why does the below pf.conf (run from box1) give me "getpeername(control_sock): Transport endpoint is not connected, Socket error (Connection refused) - reconnecting" when trying to log onto box3 via passive FTP? Active FTP gives me "425 Can't build data connection: Connection refused." (box2 and box3 are jails running off box1) - root@box1# cat /etc/pf.conf box1 = "80.203.2.2" box2 = "80.203.2.3" box3 = "{ 80.203.2.4 [...] 80.203.2.127 }" ext_if = "rl0" set block-policy return set skip on { lo0 } scrub in pass out keep state block in pass in on $ext_if inet proto tcp from any to any port { 22 } keep state pass in on $ext_if inet proto tcp from any to $box2 port { 25, 53, 80, 110 } keep state pass in on $ext_if inet proto udp from any to $box2 port 53 keep state pass in on $ext_if inet proto tcp from any to $box3 port { 20, 21, 113 } keep state pass in on $ext_if inet proto icmp from any to any keep state - root@box3# cat /etc/inetd.conf ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l - I hope I've been verbose enough. Thank you! -- http://www.home.no/reddvinylene From max at love2party.net Fri Oct 3 10:08:46 2008 From: max at love2party.net (Max Laier) Date: Fri Oct 3 10:08:57 2008 Subject: Jail, pf and ftpd: Connection refused In-Reply-To: References: Message-ID: <200810031156.07623.max@love2party.net> On Friday 03 October 2008 11:11:57 Redd Vinylene wrote: > Greetings ladies and gentlemen! > > Why does the below pf.conf (run from box1) give me > "getpeername(control_sock): Transport endpoint is not connected, > Socket error (Connection refused) - reconnecting" when trying to log > onto box3 via passive FTP? Active FTP gives me "425 Can't build data > connection: Connection refused." (box2 and box3 are jails running off > box1) See ftp-proxy(8). Note that active works with the ruleset you provided (due to the "pass out keep state"-rule), but there is obviously a firewall problem on the client preventing that. > - > > root@box1# cat /etc/pf.conf > > box1 = "80.203.2.2" > > box2 = "80.203.2.3" > > box3 = "{ 80.203.2.4 [...] 80.203.2.127 }" > > ext_if = "rl0" > > set block-policy return > > set skip on { lo0 } > > scrub in > > pass out keep state > > block in > > pass in on $ext_if inet proto tcp from any to any port { 22 } keep state > > pass in on $ext_if inet proto tcp from any to $box2 port { 25, 53, 80, > 110 } keep state > > pass in on $ext_if inet proto udp from any to $box2 port 53 keep state > > pass in on $ext_if inet proto tcp from any to $box3 port { 20, 21, 113 > } keep state > > pass in on $ext_if inet proto icmp from any to any keep state > > - > > root@box3# cat /etc/inetd.conf > > ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l > > - > > I hope I've been verbose enough. Thank you! -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News From Alexander at Leidinger.net Fri Oct 3 12:03:08 2008 From: Alexander at Leidinger.net (Alexander Leidinger) Date: Fri Oct 3 12:03:14 2008 Subject: samba inside jails [was: jail/broadcast IP [was: ...]] In-Reply-To: <20081003081218.J7528@maildrop.int.zabbadoz.net> References: <48E365FB.10104@skoberne.net> <20081001120836.X7528@maildrop.int.zabbadoz.net> <48E36B2F.1070707@skoberne.net> <20081003081218.J7528@maildrop.int.zabbadoz.net> Message-ID: <20081003140255.40813qif4rznqaec@webmail.leidinger.net> Quoting "Bjoern A. Zeeb" (from Fri, 3 Oct 2008 08:21:53 +0000 (UTC)): > 3) In samba it used to be the > interfaces = > config option that you would set to the (primary) IP of your jail. > > With the above you should be able to address the samba server inside > the jail and exchange files and all that. At least I was able to back > then. Things may have changed. I have samba running in a jail (8-current from a month or two ago, no multi-IP patch). No problems here. > Depending on your setup browsing via good old braodcast stuff might > not work but in any modern setup that should no longer be needed imho. I use it with network drives, so I'm not sure about broadcasts... Bye, Alexander. -- Truth never comes into the world but like a bastard, to the ignominy of him that brought her birth. -- Milton http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 From reddvinylene at gmail.com Sat Oct 4 10:24:11 2008 From: reddvinylene at gmail.com (Redd Vinylene) Date: Sat Oct 4 10:24:23 2008 Subject: Jail, pf and ftpd: Connection refused In-Reply-To: <200810031156.07623.max@love2party.net> References: <200810031156.07623.max@love2party.net> Message-ID: On Fri, Oct 3, 2008 at 11:56 AM, Max Laier wrote: > > See ftp-proxy(8). > > Note that active works with the ruleset you provided (due to the "pass out > keep state"-rule), but there is obviously a firewall problem on the client > preventing that. > Are you sure I need ftp-proxy? I opened the datarange 49152:65535 and now I no longer get a connection refused. I seem to be able to list, download, you know the usual stuff. I still get the "getpeername(control_sock): Transport endpoint is not connected" though. If I do need ftp-proxy, I take it it's the "FTP Server Protected by an External PF Firewall Running NAT" at http://www.openbsd.org/faq/pf/ftp.html that applies to my setup? I can't quite comprehend the nat/rdr rules in that example, as I ain't really got an int_if. As I stated earlier, I have a FreeBSD server running pf and two jails, and I'm trying to get ftpd running smoothly inside one of those jails. Thank you so much. -- http://www.home.no/reddvinylene From reddvinylene at gmail.com Sat Oct 4 12:51:54 2008 From: reddvinylene at gmail.com (Redd Vinylene) Date: Sat Oct 4 12:52:07 2008 Subject: Jail, pf and ftpd: Connection refused In-Reply-To: References: <200810031156.07623.max@love2party.net> Message-ID: > On Fri, Oct 3, 2008 at 11:56 AM, Max Laier wrote: > > See ftp-proxy(8). > > Note that active works with the ruleset you provided (due to the "pass out > keep state"-rule), but there is obviously a firewall problem on the client > preventing that. > Nevermind, I think the "Transport endpoint is not connected" is most likely due to lftp. Nonetheless, much obliged for the assistance! -- http://www.home.no/reddvinylene From reddvinylene at gmail.com Sat Oct 4 18:35:33 2008 From: reddvinylene at gmail.com (Redd Vinylene) Date: Sat Oct 4 18:35:39 2008 Subject: Problems moving my jails (mv: Operation not permitted) Message-ID: Hello hello! I need to move my jails from /usr/jail to /home/jail. The latter is where all my diskspace is. Not all files seem to want to move though? # mv /usr/jail /home mv: /usr/jail/camel/var/spool/postfix/private/scache is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/rewrite is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/bounce is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/defer is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/trace is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/verify is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/proxymap is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/proxywrite is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/smtp is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/relay is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/error is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/retry is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/discard is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/local is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/virtual is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/lmtp is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/anvil is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/private/tlsmgr is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/public/cleanup is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/public/flush is a socket (not copied). mv: /usr/jail/camel/var/spool/postfix/public/showq is a socket (not copied). mv: /usr/jail/box/usr/bin/chpass: Operation not permitted mv: /usr/jail/box/usr/bin/chfn: Operation not permitted mv: /usr/jail/box/usr/bin/chsh: Operation not permitted mv: /usr/jail/box/usr/bin/ypchpass: Operation not permitted mv: /usr/jail/box/usr/bin/ypchfn: Operation not permitted mv: /usr/jail/box/usr/bin/ypchsh: Operation not permitted mv: /usr/jail/box/usr/bin/login: Operation not permitted mv: /usr/jail/box/usr/bin/opieinfo: Operation not permitted mv: /usr/jail/box/usr/bin/opiepasswd: Operation not permitted mv: /usr/jail/box/usr/bin/passwd: Operation not permitted mv: /usr/jail/box/usr/bin/yppasswd: Operation not permitted mv: /usr/jail/box/usr/bin/rlogin: Operation not permitted mv: /usr/jail/box/usr/bin/rsh: Operation not permitted mv: /usr/jail/box/usr/bin/su: Operation not permitted mv: /usr/jail/box/usr/bin/crontab: Operation not permitted mv: /usr/jail/box/usr/bin: Directory not empty mv: /usr/jail/box/usr/lib/libkse.so.3: Operation not permitted mv: /usr/jail/box/usr/lib/librt.so.1: Operation not permitted mv: /usr/jail/box/usr/lib: Directory not empty mv: /usr/jail/box/usr/sbin/sliplogin: Operation not permitted mv: /usr/jail/box/usr/sbin: Directory not empty mv: /usr/jail/box/usr: Directory not empty mv: /usr/jail/box/var/empty: Operation not permitted mv: /usr/jail/box/var: Directory not empty mv: /usr/jail/box/bin/rcp: Operation not permitted mv: /usr/jail/box/bin: Directory not empty mv: /usr/jail/box/dev/fd: Operation not supported mv: /usr/jail/box/dev: Device busy mv: /usr/jail/box/lib/libc.so.7: Operation not permitted mv: /usr/jail/box/lib/libcrypt.so.4: Operation not permitted mv: /usr/jail/box/lib/libthr.so.3: Operation not permitted mv: /usr/jail/box/lib: Directory not empty mv: /usr/jail/box/libexec/ld-elf.so.1: Operation not permitted mv: /usr/jail/box/libexec: Directory not empty mv: /usr/jail/box/sbin/init: Operation not permitted mv: /usr/jail/box/sbin: Directory not empty mv: /usr/jail/box: Directory not empty mv: /usr/jail/camel/usr/bin/chpass: Operation not permitted mv: /usr/jail/camel/usr/bin/chfn: Operation not permitted mv: /usr/jail/camel/usr/bin/chsh: Operation not permitted mv: /usr/jail/camel/usr/bin/ypchpass: Operation not permitted mv: /usr/jail/camel/usr/bin/ypchfn: Operation not permitted mv: /usr/jail/camel/usr/bin/ypchsh: Operation not permitted mv: /usr/jail/camel/usr/bin/login: Operation not permitted mv: /usr/jail/camel/usr/bin/opieinfo: Operation not permitted mv: /usr/jail/camel/usr/bin/opiepasswd: Operation not permitted mv: /usr/jail/camel/usr/bin/passwd: Operation not permitted mv: /usr/jail/camel/usr/bin/yppasswd: Operation not permitted mv: /usr/jail/camel/usr/bin/rlogin: Operation not permitted mv: /usr/jail/camel/usr/bin/rsh: Operation not permitted mv: /usr/jail/camel/usr/bin/su: Operation not permitted mv: /usr/jail/camel/usr/bin/crontab: Operation not permitted mv: /usr/jail/camel/usr/bin: Directory not empty mv: /usr/jail/camel/usr/lib/libkse.so.3: Operation not permitted mv: /usr/jail/camel/usr/lib/librt.so.1: Operation not permitted mv: /usr/jail/camel/usr/lib: Directory not empty mv: /usr/jail/camel/usr/sbin/sliplogin: Operation not permitted mv: /usr/jail/camel/usr/sbin: Directory not empty mv: /usr/jail/camel/usr: Directory not empty mv: /usr/jail/camel/bin/rcp: Operation not permitted mv: /usr/jail/camel/bin: Directory not empty mv: /usr/jail/camel/dev/fd: Operation not supported mv: /usr/jail/camel/dev: Device busy mv: /usr/jail/camel/lib/libc.so.7: Operation not permitted mv: /usr/jail/camel/lib/libcrypt.so.4: Operation not permitted mv: /usr/jail/camel/lib/libthr.so.3: Operation not permitted mv: /usr/jail/camel/lib: Directory not empty mv: /usr/jail/camel/libexec/ld-elf.so.1: Operation not permitted mv: /usr/jail/camel/libexec: Directory not empty mv: /usr/jail/camel/sbin/init: Operation not permitted mv: /usr/jail/camel/sbin: Directory not empty mv: /usr/jail/camel/var/empty: Operation not permitted mv: /usr/jail/camel/var: Directory not empty mv: /usr/jail/camel: Directory not empty mv: /usr/jail: Directory not empty mv: /bin/rm /usr/jail: terminated with 1 (non-zero) status I guess I ain't gotta worry about the sockets but what about the rest? -- http://www.home.no/reddvinylene From reddvinylene at gmail.com Sat Oct 4 18:40:56 2008 From: reddvinylene at gmail.com (Redd Vinylene) Date: Sat Oct 4 18:41:03 2008 Subject: Problems moving my jails (mv: Operation not permitted) In-Reply-To: <48E7B80F.8040602@gmail.com> References: <48E7B80F.8040602@gmail.com> Message-ID: On Sat, Oct 4, 2008 at 8:38 PM, Rodrigo Gonzalez wrote: > > Are the jails stopped? > > Yes, they are. Sorry, I should have mentioned this. -- http://www.home.no/reddvinylene From reddvinylene at gmail.com Sat Oct 4 18:53:42 2008 From: reddvinylene at gmail.com (Redd Vinylene) Date: Sat Oct 4 18:53:55 2008 Subject: Problems moving my jails (mv: Operation not permitted) In-Reply-To: References: <48E7B80F.8040602@gmail.com> Message-ID: On Sat, Oct 4, 2008 at 8:40 PM, Redd Vinylene wrote: > On Sat, Oct 4, 2008 at 8:38 PM, Rodrigo Gonzalez wrote: >> >> Are the jails stopped? >> >> > > Yes, they are. Sorry, I should have mentioned this. > > -- > http://www.home.no/reddvinylene > Should I just do like this? cp /usr/jail/box/usr/bin/chpass /home/jail/box/usr/bin/chpass cp /usr/jail/box/usr/bin/chfn /home/jail/box/usr/bin/chfn cp /usr/jail/box/usr/bin/chsh /home/jail/box/usr/bin/chsh cp /usr/jail/box/usr/bin/ypchpass /home/jail/box/usr/bin/ypchpass cp /usr/jail/box/usr/bin/ypchfn /home/jail/box/usr/bin/ypchfn cp /usr/jail/box/usr/bin/ypchsh /home/jail/box/usr/bin/ypchsh cp /usr/jail/box/usr/bin/login /home/jail/box/usr/bin/login cp /usr/jail/box/usr/bin/opieinfo /home/jail/box/usr/bin/opieinfo cp /usr/jail/box/usr/bin/opiepasswd /home/jail/box/usr/bin/opiepasswd cp /usr/jail/box/usr/bin/passwd /home/jail/box/usr/bin/passwd cp /usr/jail/box/usr/bin/yppasswd /home/jail/box/usr/bin/yppasswd cp /usr/jail/box/usr/bin/rlogin /home/jail/box/usr/bin/rlogin cp /usr/jail/box/usr/bin/rsh /home/jail/box/usr/bin/rsh cp /usr/jail/box/usr/bin/su /home/jail/box/usr/bin/su cp /usr/jail/box/usr/bin/crontab /home/jail/box/usr/bin/crontab cp /usr/jail/box/usr/lib/libkse.so.3 /home/jail/box/usr/lib/libkse.so.3 cp /usr/jail/box/usr/lib/librt.so.1 /home/jail/box/usr/lib/librt.so.1 cp /usr/jail/box/usr/sbin/sliplogin /home/jail/box/usr/sbin/sliplogin cp /usr/jail/box/var/empty /home/jail/box/var/empty cp /usr/jail/box/bin/rcp /home/jail/box/bin/rcp cp /usr/jail/box/dev/fd /home/jail/box/dev/fd cp /usr/jail/box/lib/libc.so.7 /home/jail/box/lib/libc.so.7 cp /usr/jail/box/lib/libcrypt.so.4 /home/jail/box/lib/libcrypt.so.4 cp /usr/jail/box/lib/libthr.so.3 /home/jail/box/lib/libthr.so.3 cp /usr/jail/box/libexec/ld-elf.so.1 /home/jail/box/libexec/ld-elf.so.1 cp /usr/jail/box/sbin/init /home/jail/box/sbin/init cp /usr/jail/camel/usr/bin/chpass /home/jail/camel/usr/bin/chpass cp /usr/jail/camel/usr/bin/chfn /home/jail/camel/usr/bin/chfn cp /usr/jail/camel/usr/bin/chsh /home/jail/camel/usr/bin/chsh cp /usr/jail/camel/usr/bin/ypchpass /home/jail/camel/usr/bin/ypchpass cp /usr/jail/camel/usr/bin/ypchfn /home/jail/camel/usr/bin/ypchfn cp /usr/jail/camel/usr/bin/ypchsh /home/jail/camel/usr/bin/ypchsh cp /usr/jail/camel/usr/bin/login /home/jail/camel/usr/bin/login cp /usr/jail/camel/usr/bin/opieinfo /home/jail/camel/usr/bin/opieinfo cp /usr/jail/camel/usr/bin/opiepasswd /home/jail/camel/usr/bin/opiepasswd cp /usr/jail/camel/usr/bin/passwd /home/jail/camel/usr/bin/passwd cp /usr/jail/camel/usr/bin/yppasswd /home/jail/camel/usr/bin/yppasswd cp /usr/jail/camel/usr/bin/rlogin /home/jail/camel/usr/bin/rlogin cp /usr/jail/camel/usr/bin/rsh /home/jail/camel/usr/bin/rsh cp /usr/jail/camel/usr/bin/su /home/jail/camel/usr/bin/su cp /usr/jail/camel/usr/bin/crontab /home/jail/camel/usr/bin/crontab cp /usr/jail/camel/usr/lib/libkse.so.3 /home/jail/camel/usr/lib/libkse.so.3 cp /usr/jail/camel/usr/lib/librt.so.1 /home/jail/camel/usr/lib/librt.so.1 cp /usr/jail/camel/usr/sbin/sliplogin /home/jail/camel/usr/sbin/sliplogin cp /usr/jail/camel/bin/rcp /home/jail/camel/bin/rcp cp /usr/jail/camel/dev/fd /home/jail/camel/dev/fd cp /usr/jail/camel/lib/libc.so.7 /home/jail/camel/lib/libc.so.7 cp /usr/jail/camel/lib/libcrypt.so.4 /home/jail/camel/lib/libcrypt.so.4 cp /usr/jail/camel/lib/libthr.so.3 /home/jail/camel/lib/libthr.so.3 cp /usr/jail/camel/libexec/ld-elf.so.1 /home/jail/camel/libexec/ld-elf.so.1 cp /usr/jail/camel/sbin/init /home/jail/camel/sbin/init cp /usr/jail/camel/var/empty /home/jail/camel/var/empty rm -rf /usr/jail -- http://www.home.no/reddvinylene From reddvinylene at gmail.com Sat Oct 4 18:56:55 2008 From: reddvinylene at gmail.com (Redd Vinylene) Date: Sat Oct 4 18:57:01 2008 Subject: Problems moving my jails (mv: Operation not permitted) In-Reply-To: References: <48E7B80F.8040602@gmail.com> Message-ID: On Sat, Oct 4, 2008 at 8:53 PM, Redd Vinylene wrote: > On Sat, Oct 4, 2008 at 8:40 PM, Redd Vinylene wrote: >> On Sat, Oct 4, 2008 at 8:38 PM, Rodrigo Gonzalez wrote: >>> >>> Are the jails stopped? >>> >>> >> >> Yes, they are. Sorry, I should have mentioned this. >> >> -- >> http://www.home.no/reddvinylene >> > > Should I just do like this? > > cp /usr/jail/box/usr/bin/chpass /home/jail/box/usr/bin/chpass > cp /usr/jail/box/usr/bin/chfn /home/jail/box/usr/bin/chfn > cp /usr/jail/box/usr/bin/chsh /home/jail/box/usr/bin/chsh > [...] > rm -rf /usr/jail > > -- > http://www.home.no/reddvinylene > My bad, that's not permitted either. -- http://www.home.no/reddvinylene From reddvinylene at gmail.com Sat Oct 4 19:04:36 2008 From: reddvinylene at gmail.com (Redd Vinylene) Date: Sat Oct 4 19:04:47 2008 Subject: Problems moving my jails (mv: Operation not permitted) In-Reply-To: <18663.48601.45230.57747@almost.alerce.com> References: <48E7B80F.8040602@gmail.com> <18663.48601.45230.57747@almost.alerce.com> Message-ID: On Sat, Oct 4, 2008 at 9:02 PM, George Hartzell wrote: > > If you do an ls -lo /home/jail/box/usr/bin/chpass, you'll probably see > the schg flag set. Man chflags for more info and instructions on how > to unset it > > g. > Yes: -r-sr-xr-x 6 root wheel schg 18468 Aug 2 19:47 /usr/jail/box/usr/bin/chpass So I'd simply have to "chflags noschg /usr/jail/box/usr/bin/chpass" and then "cp /usr/jail/box/usr/bin/chpass /home/jail/box/usr/bin/chpass"? -- http://www.home.no/reddvinylene From wojtek at wojtek.tensor.gdynia.pl Sat Oct 4 19:05:20 2008 From: wojtek at wojtek.tensor.gdynia.pl (Wojciech Puchar) Date: Sat Oct 4 19:05:27 2008 Subject: Problems moving my jails (mv: Operation not permitted) In-Reply-To: References: Message-ID: <20081004210436.N1546@wojtek.tensor.gdynia.pl> > mv: /usr/jail/camel/sbin: Directory not empty > mv: /usr/jail/camel/var/empty: Operation not permitted > mv: /usr/jail/camel/var: Directory not empty > mv: /usr/jail/camel: Directory not empty > mv: /usr/jail: Directory not empty > mv: /bin/rm /usr/jail: terminated with 1 (non-zero) status > > I guess I ain't gotta worry about the sockets but what about the rest? > you need chflags -R noschg yourdir From rjgonzale at gmail.com Sat Oct 4 19:07:38 2008 From: rjgonzale at gmail.com (Rodrigo Gonzalez) Date: Sat Oct 4 19:07:44 2008 Subject: Problems moving my jails (mv: Operation not permitted) In-Reply-To: References: Message-ID: <48E7B80F.8040602@gmail.com> Redd Vinylene wrote: > Hello hello! I need to move my jails from /usr/jail to /home/jail. The > latter is where all my diskspace is. Not all files seem to want to > move though? > > # mv /usr/jail /home > mv: /usr/jail/camel/var/spool/postfix/private/scache is a socket (not copied). > mv: /usr/jail/camel/var/spool/postfix/private/rewrite is a socket (not copied). > mv: /usr/jail/camel/var/spool/postfix/private/bounce is a socket (not copied). > mv: /usr/jail/camel/var/spool/postfix/private/defer is a socket (not copied). > mv: /usr/jail/camel/var/spool/postfix/private/trace is a socket (not copied). > mv: /usr/jail/camel/var/spool/postfix/private/verify is a socket (not copied). > mv: /usr/jail/camel/var/spool/postfix/private/proxymap is a socket (not copied). > mv: /usr/jail/camel/var/spool/postfix/private/proxywrite is a socket > (not copied). > mv: /usr/jail/camel/var/spool/postfix/private/smtp is a socket (not copied). > mv: /usr/jail/camel/var/spool/postfix/private/relay is a socket (not copied). > mv: /usr/jail/camel/var/spool/postfix/private/error is a socket (not copied). > mv: /usr/jail/camel/var/spool/postfix/private/retry is a socket (not copied). > mv: /usr/jail/camel/var/spool/postfix/private/discard is a socket (not copied). > mv: /usr/jail/camel/var/spool/postfix/private/local is a socket (not copied). > mv: /usr/jail/camel/var/spool/postfix/private/virtual is a socket (not copied). > mv: /usr/jail/camel/var/spool/postfix/private/lmtp is a socket (not copied). > mv: /usr/jail/camel/var/spool/postfix/private/anvil is a socket (not copied). > mv: /usr/jail/camel/var/spool/postfix/private/tlsmgr is a socket (not copied). > mv: /usr/jail/camel/var/spool/postfix/public/cleanup is a socket (not copied). > mv: /usr/jail/camel/var/spool/postfix/public/flush is a socket (not copied). > mv: /usr/jail/camel/var/spool/postfix/public/showq is a socket (not copied). > mv: /usr/jail/box/usr/bin/chpass: Operation not permitted > mv: /usr/jail/box/usr/bin/chfn: Operation not permitted > mv: /usr/jail/box/usr/bin/chsh: Operation not permitted > mv: /usr/jail/box/usr/bin/ypchpass: Operation not permitted > mv: /usr/jail/box/usr/bin/ypchfn: Operation not permitted > mv: /usr/jail/box/usr/bin/ypchsh: Operation not permitted > mv: /usr/jail/box/usr/bin/login: Operation not permitted > mv: /usr/jail/box/usr/bin/opieinfo: Operation not permitted > mv: /usr/jail/box/usr/bin/opiepasswd: Operation not permitted > mv: /usr/jail/box/usr/bin/passwd: Operation not permitted > mv: /usr/jail/box/usr/bin/yppasswd: Operation not permitted > mv: /usr/jail/box/usr/bin/rlogin: Operation not permitted > mv: /usr/jail/box/usr/bin/rsh: Operation not permitted > mv: /usr/jail/box/usr/bin/su: Operation not permitted > mv: /usr/jail/box/usr/bin/crontab: Operation not permitted > mv: /usr/jail/box/usr/bin: Directory not empty > mv: /usr/jail/box/usr/lib/libkse.so.3: Operation not permitted > mv: /usr/jail/box/usr/lib/librt.so.1: Operation not permitted > mv: /usr/jail/box/usr/lib: Directory not empty > mv: /usr/jail/box/usr/sbin/sliplogin: Operation not permitted > mv: /usr/jail/box/usr/sbin: Directory not empty > mv: /usr/jail/box/usr: Directory not empty > mv: /usr/jail/box/var/empty: Operation not permitted > mv: /usr/jail/box/var: Directory not empty > mv: /usr/jail/box/bin/rcp: Operation not permitted > mv: /usr/jail/box/bin: Directory not empty > mv: /usr/jail/box/dev/fd: Operation not supported > mv: /usr/jail/box/dev: Device busy > mv: /usr/jail/box/lib/libc.so.7: Operation not permitted > mv: /usr/jail/box/lib/libcrypt.so.4: Operation not permitted > mv: /usr/jail/box/lib/libthr.so.3: Operation not permitted > mv: /usr/jail/box/lib: Directory not empty > mv: /usr/jail/box/libexec/ld-elf.so.1: Operation not permitted > mv: /usr/jail/box/libexec: Directory not empty > mv: /usr/jail/box/sbin/init: Operation not permitted > mv: /usr/jail/box/sbin: Directory not empty > mv: /usr/jail/box: Directory not empty > mv: /usr/jail/camel/usr/bin/chpass: Operation not permitted > mv: /usr/jail/camel/usr/bin/chfn: Operation not permitted > mv: /usr/jail/camel/usr/bin/chsh: Operation not permitted > mv: /usr/jail/camel/usr/bin/ypchpass: Operation not permitted > mv: /usr/jail/camel/usr/bin/ypchfn: Operation not permitted > mv: /usr/jail/camel/usr/bin/ypchsh: Operation not permitted > mv: /usr/jail/camel/usr/bin/login: Operation not permitted > mv: /usr/jail/camel/usr/bin/opieinfo: Operation not permitted > mv: /usr/jail/camel/usr/bin/opiepasswd: Operation not permitted > mv: /usr/jail/camel/usr/bin/passwd: Operation not permitted > mv: /usr/jail/camel/usr/bin/yppasswd: Operation not permitted > mv: /usr/jail/camel/usr/bin/rlogin: Operation not permitted > mv: /usr/jail/camel/usr/bin/rsh: Operation not permitted > mv: /usr/jail/camel/usr/bin/su: Operation not permitted > mv: /usr/jail/camel/usr/bin/crontab: Operation not permitted > mv: /usr/jail/camel/usr/bin: Directory not empty > mv: /usr/jail/camel/usr/lib/libkse.so.3: Operation not permitted > mv: /usr/jail/camel/usr/lib/librt.so.1: Operation not permitted > mv: /usr/jail/camel/usr/lib: Directory not empty > mv: /usr/jail/camel/usr/sbin/sliplogin: Operation not permitted > mv: /usr/jail/camel/usr/sbin: Directory not empty > mv: /usr/jail/camel/usr: Directory not empty > mv: /usr/jail/camel/bin/rcp: Operation not permitted > mv: /usr/jail/camel/bin: Directory not empty > mv: /usr/jail/camel/dev/fd: Operation not supported > mv: /usr/jail/camel/dev: Device busy > mv: /usr/jail/camel/lib/libc.so.7: Operation not permitted > mv: /usr/jail/camel/lib/libcrypt.so.4: Operation not permitted > mv: /usr/jail/camel/lib/libthr.so.3: Operation not permitted > mv: /usr/jail/camel/lib: Directory not empty > mv: /usr/jail/camel/libexec/ld-elf.so.1: Operation not permitted > mv: /usr/jail/camel/libexec: Directory not empty > mv: /usr/jail/camel/sbin/init: Operation not permitted > mv: /usr/jail/camel/sbin: Directory not empty > mv: /usr/jail/camel/var/empty: Operation not permitted > mv: /usr/jail/camel/var: Directory not empty > mv: /usr/jail/camel: Directory not empty > mv: /usr/jail: Directory not empty > mv: /bin/rm /usr/jail: terminated with 1 (non-zero) status > > I guess I ain't gotta worry about the sockets but what about the rest? > > Are the jails stopped? From reddvinylene at gmail.com Sat Oct 4 19:10:28 2008 From: reddvinylene at gmail.com (Redd Vinylene) Date: Sat Oct 4 19:10:34 2008 Subject: Problems moving my jails (mv: Operation not permitted) In-Reply-To: <20081004210436.N1546@wojtek.tensor.gdynia.pl> References: <20081004210436.N1546@wojtek.tensor.gdynia.pl> Message-ID: On Sat, Oct 4, 2008 at 9:04 PM, Wojciech Puchar wrote: >> mv: /usr/jail/camel/sbin: Directory not empty >> mv: /usr/jail/camel/var/empty: Operation not permitted >> mv: /usr/jail/camel/var: Directory not empty >> mv: /usr/jail/camel: Directory not empty >> mv: /usr/jail: Directory not empty >> mv: /bin/rm /usr/jail: terminated with 1 (non-zero) status >> >> I guess I ain't gotta worry about the sockets but what about the rest? >> > you need > > chflags -R noschg yourdir > So just "chflags -R /usr/jail" and then copy things the normal way? Sure that won't mess up my jails? -- http://www.home.no/reddvinylene From reddvinylene at gmail.com Sat Oct 4 19:16:33 2008 From: reddvinylene at gmail.com (Redd Vinylene) Date: Sat Oct 4 19:16:45 2008 Subject: Problems moving my jails (mv: Operation not permitted) In-Reply-To: References: <20081004210436.N1546@wojtek.tensor.gdynia.pl> Message-ID: On Sat, Oct 4, 2008 at 9:10 PM, Redd Vinylene wrote: > On Sat, Oct 4, 2008 at 9:04 PM, Wojciech Puchar > wrote: >>> mv: /usr/jail/camel/sbin: Directory not empty >>> mv: /usr/jail/camel/var/empty: Operation not permitted >>> mv: /usr/jail/camel/var: Directory not empty >>> mv: /usr/jail/camel: Directory not empty >>> mv: /usr/jail: Directory not empty >>> mv: /bin/rm /usr/jail: terminated with 1 (non-zero) status >>> >>> I guess I ain't gotta worry about the sockets but what about the rest? >>> >> you need >> >> chflags -R noschg yourdir >> > > So just "chflags -R /usr/jail" and then copy things the normal way? > Sure that won't mess up my jails? Sorry, what I meant to write was "chflags -R noschg /usr/jail". I apologize for the inconvenience. -- http://www.home.no/reddvinylene From hartzell at alerce.com Sat Oct 4 19:27:15 2008 From: hartzell at alerce.com (George Hartzell) Date: Sat Oct 4 19:27:22 2008 Subject: Problems moving my jails (mv: Operation not permitted) In-Reply-To: References: <48E7B80F.8040602@gmail.com> Message-ID: <18663.48601.45230.57747@almost.alerce.com> Redd Vinylene writes: > On Sat, Oct 4, 2008 at 8:53 PM, Redd Vinylene wrote: > > On Sat, Oct 4, 2008 at 8:40 PM, Redd Vinylene wrote: > >> On Sat, Oct 4, 2008 at 8:38 PM, Rodrigo Gonzalez wrote: > >>> > >>> Are the jails stopped? > >>> > >>> > >> > >> Yes, they are. Sorry, I should have mentioned this. > >> > >> -- > >> http://www.home.no/reddvinylene > >> > > > > Should I just do like this? > > > > cp /usr/jail/box/usr/bin/chpass /home/jail/box/usr/bin/chpass > > cp /usr/jail/box/usr/bin/chfn /home/jail/box/usr/bin/chfn > > cp /usr/jail/box/usr/bin/chsh /home/jail/box/usr/bin/chsh > > [...] > > rm -rf /usr/jail > > > > -- > > http://www.home.no/reddvinylene > > > > My bad, that's not permitted either. If you do an ls -lo /home/jail/box/usr/bin/chpass, you'll probably see the schg flag set. Man chflags for more info and instructions on how to unset it g. From peter.stosz at mentat.hu Sat Oct 4 19:31:18 2008 From: peter.stosz at mentat.hu (peter.stosz@mentat.hu) Date: Sat Oct 4 19:31:25 2008 Subject: Problems moving my jails (mv: Operation not permitted) In-Reply-To: References: <48E7B80F.8040602@gmail.com> Message-ID: man chflags From reddvinylene at gmail.com Sat Oct 4 20:27:11 2008 From: reddvinylene at gmail.com (Redd Vinylene) Date: Sat Oct 4 20:27:25 2008 Subject: Problems moving my jails (mv: Operation not permitted) In-Reply-To: <18663.49808.808955.271579@almost.alerce.com> References: <48E7B80F.8040602@gmail.com> <18663.48601.45230.57747@almost.alerce.com> <18663.49808.808955.271579@almost.alerce.com> Message-ID: On Sat, Oct 4, 2008 at 9:22 PM, George Hartzell wrote: > Redd Vinylene writes: > > On Sat, Oct 4, 2008 at 9:02 PM, George Hartzell wrote: > > > > > > If you do an ls -lo /home/jail/box/usr/bin/chpass, you'll probably see > > > the schg flag set. Man chflags for more info and instructions on how > > > to unset it > > > > > > g. > > > > > > > Yes: > > > > -r-sr-xr-x 6 root wheel schg 18468 Aug 2 19:47 /usr/jail/box/usr/bin/chpass > > > > So I'd simply have to "chflags noschg /usr/jail/box/usr/bin/chpass" > > and then "cp /usr/jail/box/usr/bin/chpass > > /home/jail/box/usr/bin/chpass"? > > I think that you ought to be able to cp it as is. You're just not > allowed to change the original (e.g. remove it), which is why your mv > and rm failed. > > g. > I've been told that changing flags might seriously mess things up. Is there any way to copy the remaining files from /usr/jail into /home/jail, or do I have to rebuild everything from scratch? Much obliged. -- http://www.home.no/reddvinylene From reddvinylene at gmail.com Sat Oct 4 20:39:10 2008 From: reddvinylene at gmail.com (Redd Vinylene) Date: Sat Oct 4 20:39:17 2008 Subject: Problems moving my jails (mv: Operation not permitted) In-Reply-To: References: <48E7B80F.8040602@gmail.com> <18663.48601.45230.57747@almost.alerce.com> <18663.49808.808955.271579@almost.alerce.com> Message-ID: On Sat, Oct 4, 2008 at 10:36 PM, wrote: > > 1st of all, (re)design your system. > 2nd, create separate partition for your jail(s) > 3rd, if (I were you, and) the jail is not too complex, recreate from > scratch. (You get a clean jail :)) ) > Actually I can't do that. I use Bjoern A. Zeeb's multi-IP patch which currently doesn't compile, so. Besides my ISP charges way too much for a reinstall and I can't afford that. -- http://www.home.no/reddvinylene From peter.stosz at mentat.hu Sat Oct 4 21:06:59 2008 From: peter.stosz at mentat.hu (peter.stosz@mentat.hu) Date: Sat Oct 4 21:07:05 2008 Subject: Problems moving my jails (mv: Operation not permitted) In-Reply-To: References: <48E7B80F.8040602@gmail.com> <18663.48601.45230.57747@almost.alerce.com> <18663.49808.808955.271579@almost.alerce.com> Message-ID: 1st of all, (re)design your system. 2nd, create separate partition for your jail(s) 3rd, if (I were you, and) the jail is not too complex, recreate from scratch. (You get a clean jail :)) ) "Redd Vinylene" wrote on 2008.10.04 22:27:09: > > > > I think that you ought to be able to cp it as is. You're just not > > allowed to change the original (e.g. remove it), which is why your mv > > and rm failed. > > > > g. > > > > I've been told that changing flags might seriously mess things up. Is > there any way to copy the remaining files from /usr/jail into > /home/jail, or do I have to rebuild everything from scratch? > > Much obliged. > > -- > http://www.home.no/reddvinylene From lists at peter.de.com Sat Oct 4 21:34:12 2008 From: lists at peter.de.com (Oliver Peter) Date: Sat Oct 4 21:34:18 2008 Subject: Problems moving my jails (mv: Operation not permitted) In-Reply-To: References: Message-ID: <20081004211445.GE84710@nemesis.frida.mouhaha.de> On Sat, Oct 04, 2008 at 08:35:27PM +0200, Redd Vinylene wrote: > Hello hello! I need to move my jails from /usr/jail to /home/jail. The > latter is where all my diskspace is. Not all files seem to want to > move though? Maybe the whole case is worth it to give ezjail a try. The newest release has some nice features to move/backup jails. http://www.freshports.org/sysutils/ezjail/ -- Oliver PETER, email: oliver@peter.de.com, ICQ# 113969174 "If it feels good, you're doing something wrong." -- Coach McTavish From smithi at nimnet.asn.au Sun Oct 5 05:31:49 2008 From: smithi at nimnet.asn.au (Ian Smith) Date: Sun Oct 5 05:31:57 2008 Subject: Problems moving my jails (mv: Operation not permitted) In-Reply-To: References: <48E7B80F.8040602@gmail.com> <18663.48601.45230.57747@almost.alerce.com> <18663.49808.808955.271579@almost.alerce.com> Message-ID: <20081005154926.V49572@sola.nimnet.asn.au> On Sat, 4 Oct 2008, Redd Vinylene wrote: > On Sat, Oct 4, 2008 at 9:22 PM, George Hartzell wrote: > > Redd Vinylene writes: > > > On Sat, Oct 4, 2008 at 9:02 PM, George Hartzell wrote: > > > > > > > > If you do an ls -lo /home/jail/box/usr/bin/chpass, you'll probably see > > > > the schg flag set. Man chflags for more info and instructions on how > > > > to unset it > > > > > > > > g. > > > > > > > > > > Yes: > > > > > > -r-sr-xr-x 6 root wheel schg 18468 Aug 2 19:47 /usr/jail/box/usr/bin/chpass > > > > > > So I'd simply have to "chflags noschg /usr/jail/box/usr/bin/chpass" > > > and then "cp /usr/jail/box/usr/bin/chpass > > > /home/jail/box/usr/bin/chpass"? > > > > I think that you ought to be able to cp it as is. You're just not > > allowed to change the original (e.g. remove it), which is why your mv > > and rm failed. > > > > g. > > > > I've been told that changing flags might seriously mess things up. Is > there any way to copy the remaining files from /usr/jail into > /home/jail, or do I have to rebuild everything from scratch? Having read the thread to date, I reckon you should: a) find(1) all schg files in your jails (was chpass the only one?) b) clear the schg flag on any such found as above (-R if you like) c) use mv as you originally intended (if they're still there :) d) chflags schg on all files that were originally set that way. If you do use cp instead of mv, make sure to use cp -p to preserve each file's owner/group/permissions/datestamp. e) make sure any and all symlinks still point to the right file/s. Personally I'd use cp -pR rather than mv in case I stuffed it up :) but then being perhaps overcautious I'd have started off with a 'ls -lR /usr/jail > listfile' (if I hadn't made a backup tar) to at least have a full list of what was where, with what user/perms etc .. Also read cp(1) re -R flag carefully .. if there are any hard linked files, as there may well be, then using tar to move these would be the safest bet anyway - plus you'd have a backup .. next time anyway :) Since it just failed to mv some files, you shouldn't need to rebuild if you can mv those files and reset their flags/permissions correctly. cheers, Ian From 000.fbsd at quip.cz Sun Oct 5 10:19:22 2008 From: 000.fbsd at quip.cz (Miroslav Lachman) Date: Sun Oct 5 10:19:29 2008 Subject: Problems moving my jails (mv: Operation not permitted) In-Reply-To: <20081005154926.V49572@sola.nimnet.asn.au> References: <48E7B80F.8040602@gmail.com> <18663.48601.45230.57747@almost.alerce.com> <18663.49808.808955.271579@almost.alerce.com> <20081005154926.V49572@sola.nimnet.asn.au> Message-ID: <48E890F5.70800@quip.cz> Ian Smith wrote: > On Sat, 4 Oct 2008, Redd Vinylene wrote: > > On Sat, Oct 4, 2008 at 9:22 PM, George Hartzell wrote: > > > Redd Vinylene writes: > > > > On Sat, Oct 4, 2008 at 9:02 PM, George Hartzell wrote: > > > > > > > > > > If you do an ls -lo /home/jail/box/usr/bin/chpass, you'll probably see > > > > > the schg flag set. Man chflags for more info and instructions on how > > > > > to unset it > > > > > > > > > > g. > > > > > > > > > > > > > Yes: > > > > > > > > -r-sr-xr-x 6 root wheel schg 18468 Aug 2 19:47 /usr/jail/box/usr/bin/chpass > > > > > > > > So I'd simply have to "chflags noschg /usr/jail/box/usr/bin/chpass" > > > > and then "cp /usr/jail/box/usr/bin/chpass > > > > /home/jail/box/usr/bin/chpass"? > > > > > > I think that you ought to be able to cp it as is. You're just not > > > allowed to change the original (e.g. remove it), which is why your mv > > > and rm failed. > > > > > > g. > > > > > > > I've been told that changing flags might seriously mess things up. Is > > there any way to copy the remaining files from /usr/jail into > > /home/jail, or do I have to rebuild everything from scratch? > > Having read the thread to date, I reckon you should: > > a) find(1) all schg files in your jails (was chpass the only one?) > b) clear the schg flag on any such found as above (-R if you like) > c) use mv as you originally intended (if they're still there :) > d) chflags schg on all files that were originally set that way. > > If you do use cp instead of mv, make sure to use cp -p to preserve > each file's owner/group/permissions/datestamp. > > e) make sure any and all symlinks still point to the right file/s. > > Personally I'd use cp -pR rather than mv in case I stuffed it up :) but > then being perhaps overcautious I'd have started off with a 'ls -lR > /usr/jail > listfile' (if I hadn't made a backup tar) to at least have a > full list of what was where, with what user/perms etc .. > > Also read cp(1) re -R flag carefully .. if there are any hard linked > files, as there may well be, then using tar to move these would be > the safest bet anyway - plus you'd have a backup .. next time anyway :) > > Since it just failed to mv some files, you shouldn't need to rebuild if > you can mv those files and reset their flags/permissions correctly. Yes, there are hardlinks, so "the best" way to move all files with preserving flags, permissions, links etc is something like this: [copy jails by tar (or use cpio if you prefer)] tar -cf - -C /usr/jail . | tar -xpf - -C /home/jail [remove flags from old jail files] chflags -R noschg /usr/jail [remove old jail files] rm -r /usr/jail But it applies only in case before you use chflags -R noschg on original files (as you post earlier - now you do not have flags anymore) Another way is to use getfacl/setfacl or mtree to get backup of original files permissions and restore them later. Miroslav Lachman From reddvinylene at gmail.com Sun Oct 5 11:23:16 2008 From: reddvinylene at gmail.com (Redd Vinylene) Date: Sun Oct 5 11:23:28 2008 Subject: Problems moving my jails (mv: Operation not permitted) In-Reply-To: <48E890F5.70800@quip.cz> References: <18663.48601.45230.57747@almost.alerce.com> <18663.49808.808955.271579@almost.alerce.com> <20081005154926.V49572@sola.nimnet.asn.au> <48E890F5.70800@quip.cz> Message-ID: Yes, this worked perfectly. Thank y'all so much. May this post be of help to others in the future as well. -- http://www.home.no/reddvinylene From bugmaster at FreeBSD.org Mon Oct 6 11:06:57 2008 From: bugmaster at FreeBSD.org (FreeBSD bugmaster) Date: Mon Oct 6 11:08:12 2008 Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org Message-ID: <200810061106.m96B6uxx035518@freefall.freebsd.org> Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/126368 jail [jail] Running ktrace/kdump in jail leads to stale jai o kern/120753 jail [jail] Zombie jails (jailed child process exits while o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o kern/97071 jail [jail] [patch] add security.jail.jid sysctl o kern/89989 jail [jail] [patch] Add option -I (ASCII 73) PID to specif s kern/89528 jail [jail] [patch] impossible to kill a jail o kern/84215 jail [jail] [patch] wildcard ip (INADDR_ANY) should not bin o kern/74314 jail [resolver] [jail] DNS resolver broken under certain ja o kern/72498 jail [libc] [jail] timestamp code on jailed SMP machine gen o kern/68192 jail [quotas] [jail] Cannot use quotas on jailed systems o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with 12 problems total. From jose.amengual at gmail.com Mon Oct 6 20:08:54 2008 From: jose.amengual at gmail.com (Jose Amengual M) Date: Mon Oct 6 20:09:01 2008 Subject: Performance and advice questions. Message-ID: <03D72289-28DD-4DA8-A4A2-3C15AF16E995@rdc.cl> Hi all. I have been working with jail for a couple of years now with awesome results. At first time I try creating Jails with the instructions of the handbook and then I move to ezjail that give me great useland tools for admin my jails and so on. But like any other technology there is performances tuning and new features to research and test and because of that I came across different approaches to achieve better performance of "easy" administration, so here are my questions : 1.- There is any benefit to run jails in images or virtual disk ? ( http://www.the-labs.com/FreeBSD/JailTools/README.virtual_disks ) ( the reason that I ask this is because of comparing with vmware workstation that looks to run faster in a virtual disk that a hardisk ). 2.- There is any disadvantage to use lo0 for virtual interface aliases for my jails ? 3.- with vimage or similar tool can I create a virtual interface ( like test0 or something like it ) and ad it to a jail ? ( I'm asking this because I will like to have a virtual interface for my jails and over it make the alias for my jails, but no using a real interface, so I can have a kind of DMZ and maybe achieve better performance if is possible( like vswitch in vmware ) ). 4.- There is any disadvantage to store and run jails on a NFS server ( I mean the jail directory in a NFS) ? Thanks. Jose Amengual. From scheidell at secnap.net Mon Oct 6 20:35:23 2008 From: scheidell at secnap.net (Michael Scheidell) Date: Mon Oct 6 20:35:33 2008 Subject: Performance and advice questions. In-Reply-To: <03D72289-28DD-4DA8-A4A2-3C15AF16E995@rdc.cl> References: <03D72289-28DD-4DA8-A4A2-3C15AF16E995@rdc.cl> Message-ID: <48EA714B.50805@secnap.net> I would thing NFS performance depends on your applications. many don't like the NFS locking, so, look into generic NFS performance for each application. (I don't think I would run postfix on an NFS partition, I would not run most sql servers ../db files on NFS partition. I would not want ANY 'tmp' files on NFS.) -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 > *| *SECNAP Network Security Corporation * Certified SNORT Integrator * Everything Channel Hot Product of 2008 * Shaping Information Security Award 2008 * CRN Magazine Top 40 Emerging Security Vendors _________________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.spammertrap.com _________________________________________________________________________ From 000.fbsd at quip.cz Mon Oct 6 22:06:23 2008 From: 000.fbsd at quip.cz (Miroslav Lachman) Date: Mon Oct 6 22:06:31 2008 Subject: Performance and advice questions. In-Reply-To: <03D72289-28DD-4DA8-A4A2-3C15AF16E995@rdc.cl> References: <03D72289-28DD-4DA8-A4A2-3C15AF16E995@rdc.cl> Message-ID: <48EA8BF8.3020907@quip.cz> Jose Amengual M wrote: > > Hi all. > > I have been working with jail for a couple of years now with awesome > results. > > At first time I try creating Jails with the instructions of the > handbook and then I move to ezjail that give me great useland tools for > admin my jails and so on. > > But like any other technology there is performances tuning and new > features to research and test and because of that I came across > different approaches to achieve better performance of "easy" > administration, so here are my questions : > > 1.- There is any benefit to run jails in images or virtual disk ? ( > http://www.the-labs.com/FreeBSD/JailTools/README.virtual_disks ) > ( the reason that I ask this is because of comparing with vmware > workstation that looks to run faster in a virtual disk that a hardisk ). > > 2.- There is any disadvantage to use lo0 for virtual interface aliases > for my jails ? > > 3.- with vimage or similar tool can I create a virtual interface ( like > test0 or something like it ) and ad it to a jail ? > ( I'm asking this because I will like to have a virtual interface for > my jails and over it make the alias for my jails, but no using a real > interface, so I can have a kind of DMZ and maybe achieve better > performance if is possible( like vswitch in vmware ) ). I am using jails on "virtual interface" - I have created lo1 with IPs from some private space (like 192.168.x.x) It can be created by hand by ifconfig create lo1, or from rc.conf at boot time: cloned_interfaces="lo1" ifconfig_lo1="inet 192.168.16.2 netmask 255.255.255.0" ifconfig_lo1_alias0="inet 192.168.16.3 netmask 255.255.255.255" ifconfig_lo1_alias1="inet 192.168.16.4 netmask 255.255.255.255" ... ifconfig_lo1_aliasX="inet 192.168.16.Y netmask 255.255.255.255" Then you can use those IPs for jails as usual. Or you can create more interfaces with single IP each, but I do not know the reason. > 4.- There is any disadvantage to store and run jails on a NFS server ( > I mean the jail directory in a NFS) ? I think that NFS is usable for low load jails or for storing read only portion of jail, but it will be the bottleneck for any high performance needs (databases, mailservers etc.) Miroslav Lachman From jendries at planetpyramid.com Tue Oct 7 14:14:32 2008 From: jendries at planetpyramid.com (Josh Endries) Date: Tue Oct 7 14:14:40 2008 Subject: Performance and advice questions. In-Reply-To: <03D72289-28DD-4DA8-A4A2-3C15AF16E995@rdc.cl> References: <03D72289-28DD-4DA8-A4A2-3C15AF16E995@rdc.cl> Message-ID: Hello, > 1.- There is any benefit to run jails in images or virtual disk ? ( > http://www.the-labs.com/FreeBSD/JailTools/README.virtual_disks Sure there are benefits. You can easily move an image around, encrypt it, copy it for a backup, etc.. There are trade-offs, though. I don't have any tests but it seems to me that this would be more prone to corruption/loss since it's all based on one huge file. A system crash and you could be in for more trouble than usual. Also, and I did test this (it's easy), performance is significantly slower when using an image file than a real filesystem. I would suggest that you mount separate filesystems/disks for your jails instead of using an image file, if possible (hooray for ZFS). If you have a ton of RAM, I suppose you could make a memory-backed filesystem though, and take snapshots. :) It may be worth looking into using a read-only memory-backed fs as your root image (e.g. in ezjail, unionfs) and mount /usr/local or whatever from a real filesystem for r/w access. Josh From alexus at gmail.com Wed Oct 8 00:36:44 2008 From: alexus at gmail.com (alexus) Date: Wed Oct 8 00:36:50 2008 Subject: multi-/no-ipv4/6 patch for releng_7 In-Reply-To: <48DC25A5.3010109@skoberne.net> References: <48DC25A5.3010109@skoberne.net> Message-ID: <6ae50c2d0810071736x3cb8eb92j54cc96c8e883c0f@mail.gmail.com> Bjoern A. Zeeb I would like to say thank you so much for your efforts! On Thu, Sep 25, 2008 at 7:58 PM, Nejc ?koberne wrote: > Hello, > > does this patch maybe also allow services in jail to listen at broadcast > addresses? If not, do you maybe know is there any way to achieve this? > > Thanks, > Nejc > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > -- http://alexus.org/ From pvanguardia at gmail.com Wed Oct 8 12:38:00 2008 From: pvanguardia at gmail.com (Patrick Vanguardia) Date: Wed Oct 8 12:38:16 2008 Subject: Patch problem Message-ID: <4f95f7db0810080514o4f510d79x486dc8f85792bfa2@mail.gmail.com> Hi, I downloaded the patch bz_jail7-20080920-01-at150161.diff and when i run # cd /usr/src # patch -p6 < bz_jail7-20080920-01-at150161.diff I'm getting a lot of below errors Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |--- //depot/vendor/freebsd_7/src/lib/libc/sys/cpuset_getaffinity.2 2008/07/25 18:10:49 |+++ //depot/user/bz/jail_7/src/lib/libc/sys/cpuset_getaffinity.2 2008/07/26 10:18:16 -------------------------- File to patch: Also i tried -p7and getting the same results. Any idea? Your help will be greatly appreciated. Thanks, Patrick From bzeeb-lists at lists.zabbadoz.net Wed Oct 8 22:35:08 2008 From: bzeeb-lists at lists.zabbadoz.net (Bjoern A. Zeeb) Date: Wed Oct 8 22:35:18 2008 Subject: Patch problem In-Reply-To: <4f95f7db0810080514o4f510d79x486dc8f85792bfa2@mail.gmail.com> References: <4f95f7db0810080514o4f510d79x486dc8f85792bfa2@mail.gmail.com> Message-ID: <20081008222808.G7528@maildrop.int.zabbadoz.net> On Wed, 8 Oct 2008, Patrick Vanguardia wrote: > Hi, > > I downloaded the patch bz_jail7-20080920-01-at150161.diff and when i run > > # cd /usr/src > # patch -p6 < bz_jail7-20080920-01-at150161.diff > > I'm getting a lot of below errors > > Hmm... Looks like a unified diff to me... > The text leading up to this was: > -------------------------- > |--- //depot/vendor/freebsd_7/src/lib/libc/sys/cpuset_getaffinity.2 > 2008/07/25 18:10:49 > |+++ //depot/user/bz/jail_7/src/lib/libc/sys/cpuset_getaffinity.2 > 2008/07/26 10:18:16 > -------------------------- > File to patch: > > Also i tried -p7and getting the same results. > > Any idea? > > Your help will be greatly appreciated. What is in /usr/src ? A 7-STABLE? If the /usr/src is from 7.0-R it won't have that file. /bz PS: I am just on a stop here; I'll be gone for another day. In case this isn't a RELENG_7_0 vs. RENENG_7 problem let me know and I'll try to help you along with the others people mails in my inbox in a day or two. -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From alexus at gmail.com Fri Oct 10 23:33:11 2008 From: alexus at gmail.com (alexus) Date: Fri Oct 10 23:33:17 2008 Subject: bz_jail7-20080920-01-at150161.diff In-Reply-To: <20081010163937.Q28777@maildrop.int.zabbadoz.net> References: <6ae50c2d0810071746m4ebb5f47x507a76612a5db279@mail.gmail.com> <20081010163937.Q28777@maildrop.int.zabbadoz.net> Message-ID: <6ae50c2d0810101633j389eb446y80cd885230421d5b@mail.gmail.com> 1. latest patch for 7.0-RELEASE isn't working 2. the only reason i'm on 7.0 is because 7.1 isn't out yet On Fri, Oct 10, 2008 at 12:41 PM, Bjoern A. Zeeb wrote: > On Tue, 7 Oct 2008, alexus wrote: > > Hi, > >> su-3.2# uname -a >> FreeBSD j.jothost.com 7.0-RELEASE-p3 FreeBSD 7.0-RELEASE-p3 #5: Sun >> Jul 13 18:43:46 EDT 2008 >> alexus@jot.jothost.com:/usr/obj/usr/src/sys/GENERIC i386 >> su-3.2# ls -ld /usr/local/src/bz_jail7-20080920-01-at150161.diff >> -rw-r--r-- 1 root wheel 125674 Sep 20 06:21 >> /usr/local/src/bz_jail7-20080920-01-at150161.diff >> su-3.2# >> >> would you please provide instructions on how to apply this patch to my >> system? >> >> Thank you in advance > > You cannot. The patch is for 7-STABLE (7.1-PRELEASE). > I have no up-to-date patch for 7.0-RELEASE anymore and I am not > plannign on any further. > > You can of course try to search the freebsd-jail list for the last > 7.0-RELEAS patch I had posted if you prefer to stay on 7.0. > > > Please direct further such questions to the freebsd-jail mailing list. > Thank you. > > > /bz > > -- > Bjoern A. Zeeb Stop bit received. Insert coin for new game. > -- http://alexus.org/ From bzeeb-lists at lists.zabbadoz.net Fri Oct 10 23:45:08 2008 From: bzeeb-lists at lists.zabbadoz.net (Bjoern A. Zeeb) Date: Fri Oct 10 23:45:15 2008 Subject: bz_jail7-20080920-01-at150161.diff In-Reply-To: <6ae50c2d0810101633j389eb446y80cd885230421d5b@mail.gmail.com> References: <6ae50c2d0810071746m4ebb5f47x507a76612a5db279@mail.gmail.com> <20081010163937.Q28777@maildrop.int.zabbadoz.net> <6ae50c2d0810101633j389eb446y80cd885230421d5b@mail.gmail.com> Message-ID: <20081010234424.M28777@maildrop.int.zabbadoz.net> On Fri, 10 Oct 2008, alexus wrote: > 1. latest patch for 7.0-RELEASE isn't working so which patch was that? Have an URL or filename? /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From pvanguardia at gmail.com Sat Oct 11 18:06:32 2008 From: pvanguardia at gmail.com (Patrick Vanguardia) Date: Sat Oct 11 18:06:37 2008 Subject: Question Message-ID: <4f95f7db0810111106k76d21a1cmebdc444304ccfd4a@mail.gmail.com> Hi, I was wondering if i stay to 7.0-RELEASE and just update my source to 7.1-PRERELEASE then patch it with the latest jail patch for 7.1-PRERELEASE without doing any make installworld, installkernel and buildkernel only make buildworld does it inherit the patch after doing a make installworld make distribution in my jail? Or it requires to recompile the kernel for it to work? Thanks Patrick From pvanguardia at gmail.com Sun Oct 12 14:19:25 2008 From: pvanguardia at gmail.com (Patrick Vanguardia) Date: Sun Oct 12 14:19:31 2008 Subject: FreeBSD 7.0-RELEASE Message-ID: <4f95f7db0810120719j323efd4eh1923f1744f0f4fd6@mail.gmail.com> Hi, Is there anyone of you have a working multi-ip patch for RELENG_7_0_0? The reason im using RELENG_7_0_0 is because i cant just upgrade my kernel to my dedicated hosting since it has a WHM and a CPANEL that might not work after the update. I'm seeing some patches in the mailing list like the ff.. (see below) and i just want to confirmed if thats the patch for RELENG_7_0_0 HEAD: bz_jail-20080727-10-at146056.diff STABLE: bz_jail7-20080727-11-at146062.diff Thanks, Patrick From bzeeb-lists at lists.zabbadoz.net Sun Oct 12 15:40:08 2008 From: bzeeb-lists at lists.zabbadoz.net (Bjoern A. Zeeb) Date: Sun Oct 12 15:40:14 2008 Subject: FreeBSD 7.0-RELEASE In-Reply-To: <4f95f7db0810120719j323efd4eh1923f1744f0f4fd6@mail.gmail.com> References: <4f95f7db0810120719j323efd4eh1923f1744f0f4fd6@mail.gmail.com> Message-ID: <20081012153425.I2978@maildrop.int.zabbadoz.net> On Sun, 12 Oct 2008, Patrick Vanguardia wrote: > Hi, > > Is there anyone of you have a working multi-ip patch for RELENG_7_0_0? The > reason im using RELENG_7_0_0 is because i cant just upgrade my kernel to my > dedicated hosting since it has a WHM and a CPANEL that might not work after > the update. > > I'm seeing some patches in the mailing list like the ff.. (see below) and i > just want to confirmed if thats the patch for RELENG_7_0_0 > > HEAD: bz_jail-20080727-10-at146056.diff > STABLE: bz_jail7-20080727-11-at146062.diff I have put the latest 7.0-R patch I had done and found here tmeporary: http://people.freebsd.org/~bz/20080617-01-jail-7.0R.diff Do not expect any update for it or anything. /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From sodynet1 at gmail.com Sun Oct 12 16:28:31 2008 From: sodynet1 at gmail.com (Sami Halabi) Date: Sun Oct 12 16:28:38 2008 Subject: udp problem in multiple ips jail?? Message-ID: Hi, I have the latest Multiple ips jail patch from bz, my problem is that the outer world can't reach the jail which i installed in it a DNS server... from the jail/host enviromet it works, but from other hosts it simply refuses. dns uses udp port 53... help... Sami From bzeeb-lists at lists.zabbadoz.net Sun Oct 12 16:35:07 2008 From: bzeeb-lists at lists.zabbadoz.net (Bjoern A. Zeeb) Date: Sun Oct 12 16:35:13 2008 Subject: udp problem in multiple ips jail?? In-Reply-To: References: Message-ID: <20081012163117.H2978@maildrop.int.zabbadoz.net> On Sun, 12 Oct 2008, Sami Halabi wrote: > Hi, > > I have the latest Multiple ips jail patch from bz, my problem is that the > outer world > can't reach the jail which i installed in it a DNS server... > from the jail/host enviromet it works, but from other hosts > it simply refuses. > > dns uses udp port 53... > > > help... netstat -an tcpdump sockstat ps ax netatst -rn ifconfig -a firewall ping check that all of those are ok. I'd start to see if I can reach the jail from outside the local network by ping/ssh and more forward... -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From pvanguardia at gmail.com Sun Oct 12 18:43:57 2008 From: pvanguardia at gmail.com (Patrick Vanguardia) Date: Sun Oct 12 18:44:03 2008 Subject: FreeBSD 7.0-RELEASE In-Reply-To: <20081012161551.B2978@maildrop.int.zabbadoz.net> References: <4f95f7db0810120719j323efd4eh1923f1744f0f4fd6@mail.gmail.com> <20081012153425.I2978@maildrop.int.zabbadoz.net> <4f95f7db0810120852l18e44fdbp26ad9adc5a59bc4c@mail.gmail.com> <20081012161551.B2978@maildrop.int.zabbadoz.net> Message-ID: <4f95f7db0810121143u1f6aaaa8jb363490f3ef42195@mail.gmail.com> ic, thanks, i think i successfully run it one thing i noticed is that when i run ifconfig it only shows 1 IP On Mon, Oct 13, 2008 at 12:22 AM, Bjoern A. Zeeb < bzeeb-lists@lists.zabbadoz.net> wrote: > On Sun, 12 Oct 2008, Patrick Vanguardia wrote: > > Hi, > > Thanks Bjoern. Yes I will not expect any update from it but is it already >> stable (fully functional)? any known bugs in this release? >> > > well people ran it as they had asked for it. if you would have Cc:ed > the lists someone might have showed up next week end told you. Run a > poll there;-) > > I have never ran it for production or anything. > You may want to check if there had been any follow-ups to tha patch > (take the date from the filename) and check to find the posting where > I had posted the patch: > http://lists.freebsd.org/pipermail/freebsd-jail/ > > > It's not as complete as a releng_7 patch as releng_7 has cpuset that > 7.0-R did not have yet, sctp still was disabled, ... > > Apart from that nothing pops out of my head. > > > /bz > > -- > Bjoern A. Zeeb Stop bit received. Insert coin for new game. > From bugmaster at FreeBSD.org Mon Oct 13 11:06:52 2008 From: bugmaster at FreeBSD.org (FreeBSD bugmaster) Date: Mon Oct 13 11:08:11 2008 Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org Message-ID: <200810131106.m9DB6pon029469@freefall.freebsd.org> Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/126368 jail [jail] Running ktrace/kdump in jail leads to stale jai o kern/120753 jail [jail] Zombie jails (jailed child process exits while o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o kern/97071 jail [jail] [patch] add security.jail.jid sysctl o kern/89989 jail [jail] [patch] Add option -I (ASCII 73) PID to specif s kern/89528 jail [jail] [patch] impossible to kill a jail o kern/84215 jail [jail] [patch] wildcard ip (INADDR_ANY) should not bin o kern/74314 jail [resolver] [jail] DNS resolver broken under certain ja o kern/72498 jail [libc] [jail] timestamp code on jailed SMP machine gen o kern/68192 jail [quotas] [jail] Cannot use quotas on jailed systems o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with 12 problems total. From sodynet1 at gmail.com Tue Oct 14 18:24:35 2008 From: sodynet1 at gmail.com (Sami Halabi) Date: Tue Oct 14 18:24:42 2008 Subject: udp problem in multiple ips jail?? In-Reply-To: References: <20081012163117.H2978@maildrop.int.zabbadoz.net> Message-ID: Hi, It wasn't jail problem after all. seems a local dns problem in my computer. DNS and UDP packets works very good under multiple ips jail. Sami On Sun, Oct 12, 2008 at 9:22 PM, Sami Halabi wrote: > thanks, > the problem was that the dns conf didn't allow queries for > non-authoritative > requests so it always failed. > > jail works fine:) > > Sami > > On Sun, Oct 12, 2008 at 6:32 PM, Bjoern A. Zeeb < > bzeeb-lists@lists.zabbadoz.net> wrote: > >> On Sun, 12 Oct 2008, Sami Halabi wrote: >> >> Hi, >>> >>> I have the latest Multiple ips jail patch from bz, my problem is that the >>> outer world >>> can't reach the jail which i installed in it a DNS server... >>> from the jail/host enviromet it works, but from other hosts >>> it simply refuses. >>> >>> dns uses udp port 53... >>> >>> >>> help... >>> >> >> netstat -an >> tcpdump >> sockstat >> ps ax >> netatst -rn >> ifconfig -a >> firewall >> ping >> >> check that all of those are ok. >> >> I'd start to see if I can reach the jail from outside the local >> network by ping/ssh and more forward... >> >> >> -- >> Bjoern A. Zeeb Stop bit received. Insert coin for new game. >> > > From nejc at skoberne.net Wed Oct 15 22:03:57 2008 From: nejc at skoberne.net (Nejc Skoberne) Date: Wed Oct 15 22:04:03 2008 Subject: samba inside jails [was: jail/broadcast IP [was: ...]] In-Reply-To: <20081003140255.40813qif4rznqaec@webmail.leidinger.net> References: <48E365FB.10104@skoberne.net> <20081001120836.X7528@maildrop.int.zabbadoz.net> <48E36B2F.1070707@skoberne.net> <20081003081218.J7528@maildrop.int.zabbadoz.net> <20081003140255.40813qif4rznqaec@webmail.leidinger.net> Message-ID: <48F668C9.9020804@skoberne.net> Hello, > I have samba running in a jail (8-current from a month or two ago, no > multi-IP patch). No problems here. I haven't tried 8-CURRENT, though. > I use it with network drives, so I'm not sure about broadcasts... Do you use WINS server on Windows hosts or not? Thanks, Nejc From Alexander at Leidinger.net Thu Oct 16 07:41:18 2008 From: Alexander at Leidinger.net (Alexander Leidinger) Date: Thu Oct 16 07:41:25 2008 Subject: samba inside jails [was: jail/broadcast IP [was: ...]] In-Reply-To: <48F668C9.9020804@skoberne.net> References: <48E365FB.10104@skoberne.net> <20081001120836.X7528@maildrop.int.zabbadoz.net> <48E36B2F.1070707@skoberne.net> <20081003081218.J7528@maildrop.int.zabbadoz.net> <20081003140255.40813qif4rznqaec@webmail.leidinger.net> <48F668C9.9020804@skoberne.net> Message-ID: <20081016094044.98413dr9tmbp4pog@webmail.leidinger.net> Quoting Nejc Skoberne (from Thu, 16 Oct 2008 00:03:53 +0200): > Hello, > >> I have samba running in a jail (8-current from a month or two ago, no >> multi-IP patch). No problems here. > > I haven't tried 8-CURRENT, though. > >> I use it with network drives, so I'm not sure about broadcasts... > > Do you use WINS server on Windows hosts or not? The only windows systems which use this are lone warriors (laptops). They get an IP and DNS via DHCP from an unix box. There's no Windows domain or any other Windows setup there, just the samba server. Samba is configured with wins support = yes dns proxy = no Bye, Alexander. -- "Your son still sliding down the banisters?" "We wound barbed wire around them." "That stop him?" "No, but it sure slowed him up." http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 From jose.amengual at gmail.com Thu Oct 16 11:43:20 2008 From: jose.amengual at gmail.com (Jose Amengual) Date: Thu Oct 16 11:43:27 2008 Subject: Compilation question 64bit, 32 bit Message-ID: <9251237E-8054-4B52-BFF7-B3B67189FABC@gmail.com> Hi Guys. The other day I install a server with jails with FreeBSD 7 32 bit in a 64 bit capable processor. After I install I start wondering some things that I point out here : Any benefit to install 64 bit vs 32 bit with the purpose of use jails ? Can I install a 32 bit FreeBSD and create 64 bit jails ? ( using ezjail or downloading the full 64 bit source to create the jail ). Can I install 32 bit FreeBSD and then made a make world and change it to 64 bit ? ( is recommended ?) Can I install a FreeBSD 64 bit and create 32 bit jails ? I know that some questions are not jail related but because my focus is jail, I'm sending this email to this list. Thanks in Advance. Jose Amengual. From sodynet1 at gmail.com Thu Oct 16 16:22:56 2008 From: sodynet1 at gmail.com (Sami Halabi) Date: Thu Oct 16 16:23:03 2008 Subject: ezjails Message-ID: Hi, i just read about the ezjail tool, nasicly i used my own tools, but it sound nice tool. my question is if there is a modified version of ezjails that administrates the multiple ips patched jails. thanks in advance, Sami From bazerka at beardz.net Thu Oct 16 17:05:57 2008 From: bazerka at beardz.net (Jase Thew) Date: Thu Oct 16 17:06:20 2008 Subject: ezjails In-Reply-To: References: Message-ID: <48F771DA.1020308@beardz.net> Sami Halabi wrote: > Hi, > > i just read about the ezjail tool, nasicly i used my own tools, but it sound > nice tool. > my question is if there is a modified version of ezjails that administrates > the multiple > ips patched jails. > > thanks in advance, > Sami > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > Hi, The last time I checked, the author of ezjail stated that he would only support multi-ip jails within ezjail once they became an official feature of FreeBSD, rather than just a patchset. Regards, Jase. From sodynet1 at gmail.com Thu Oct 16 17:20:04 2008 From: sodynet1 at gmail.com (Sami Halabi) Date: Thu Oct 16 17:20:10 2008 Subject: ezjails In-Reply-To: <48F771DA.1020308@beardz.net> References: <48F771DA.1020308@beardz.net> Message-ID: any idea where to find that patchset??? On Thu, Oct 16, 2008 at 6:54 PM, Jase Thew wrote: > Sami Halabi wrote: > >> Hi, >> >> i just read about the ezjail tool, nasicly i used my own tools, but it >> sound >> nice tool. >> my question is if there is a modified version of ezjails that >> administrates >> the multiple >> ips patched jails. >> >> thanks in advance, >> Sami >> _______________________________________________ >> freebsd-jail@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-jail >> To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" >> >> > Hi, > > The last time I checked, the author of ezjail stated that he would only > support multi-ip jails within ezjail once they became an official feature of > FreeBSD, rather than just a patchset. > > Regards, > > Jase. > From acidmax at sbcglobal.net Fri Oct 17 00:41:17 2008 From: acidmax at sbcglobal.net (Brian) Date: Fri Oct 17 00:41:24 2008 Subject: multi-ip v4/v6 Message-ID: <434247.34127.qm@web81008.mail.mud.yahoo.com> Is there a patch for multi-ip/ipv4/ipv6 for freebsd 6.3-release-p5? From bazerka at beardz.net Fri Oct 17 01:01:19 2008 From: bazerka at beardz.net (Jase Thew) Date: Fri Oct 17 01:01:26 2008 Subject: ezjails In-Reply-To: References: <48F771DA.1020308@beardz.net> Message-ID: <48F7E3D1.7030804@beardz.net> Sami Halabi wrote: > any idea where to find that patchset??? > Hi, I think you might have misunderstood my reply. To clarify, the author stated he would not introduce support in ezjail for multi-ip jails which use FreeBSD patched with a multi-ip patchset. As far as I'm aware, there are no patchsets for ezjail itself, to support multi-ip jails. Rgs, Jase. From frank at harz.behrens.de Fri Oct 17 06:07:57 2008 From: frank at harz.behrens.de (Frank Behrens) Date: Fri Oct 17 06:08:03 2008 Subject: ezjails In-Reply-To: Message-ID: <200810170607.m9H67nQ1079937@post.behrens.de> Sami Halabi wrote on 16 Oct 2008 18:22: > i just read about the ezjail tool, nasicly i used my own tools, but it sound > nice tool. > my question is if there is a modified version of ezjails that administrates > the multiple > ips patched jails. I don't know, if you can _create_ a multi-ip jail with ezjail, but you can add your additional addresses to your ezjail configuration file and start/stop your jail with ezjail without any problem. -- Frank Behrens, Osterwieck, Germany PGP-key 0x5B7C47ED on public servers available. From Alexander at Leidinger.net Fri Oct 17 08:44:01 2008 From: Alexander at Leidinger.net (Alexander Leidinger) Date: Fri Oct 17 08:44:08 2008 Subject: Compilation question 64bit, 32 bit In-Reply-To: <9251237E-8054-4B52-BFF7-B3B67189FABC@gmail.com> References: <9251237E-8054-4B52-BFF7-B3B67189FABC@gmail.com> Message-ID: <20081017104321.18262zf6lz4uk7c4@webmail.leidinger.net> Quoting Jose Amengual (from Thu, 16 Oct 2008 08:43:15 -0300): > Hi Guys. > > The other day I install a server with jails with FreeBSD 7 32 bit in > a 64 bit capable processor. > > After I install I start wondering some things that I point out here : > > Any benefit to install 64 bit vs 32 bit with the purpose of use jails ? It depends. If you want to use more than 4G: yes. > Can I install a 32 bit FreeBSD and create 64 bit jails ? ( using > ezjail or downloading the full 64 bit source to create the jail ). No. > Can I install 32 bit FreeBSD and then made a make world and change > it to 64 bit ? ( is recommended ?) IIRC this depends upon your FreeBSD version. I think in CURRENT there's code which supports that now. No guarantees. > Can I install a FreeBSD 64 bit and create 32 bit jails ? Sort of. You can install a 32bit world into the jail and make sure 32bit support is activated in the kernel. The 32bit programs will then run just fine in the jail (but 64bit ones should run fine too). It's the same way as you can run linux programs in a jail. Bye, Alexander. -- If life gives you lemons, make lemonade. http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 From andrew at modulus.org Fri Oct 17 09:37:48 2008 From: andrew at modulus.org (Andrew Snow) Date: Fri Oct 17 09:37:55 2008 Subject: Compilation question 64bit, 32 bit In-Reply-To: <20081017104321.18262zf6lz4uk7c4@webmail.leidinger.net> References: <9251237E-8054-4B52-BFF7-B3B67189FABC@gmail.com> <20081017104321.18262zf6lz4uk7c4@webmail.leidinger.net> Message-ID: <48F858B7.1060304@modulus.org> Alexander Leidinger wrote: > Sort of. You can install a 32bit world into the jail and make sure 32bit > support is activated in the kernel. The 32bit programs will then run > just fine in the jail (but 64bit ones should run fine too). How is this done? I've never been able to find out how, it doesn't appear to be documented anywhere. - Andrew From Alexander at Leidinger.net Fri Oct 17 09:44:32 2008 From: Alexander at Leidinger.net (Alexander Leidinger) Date: Fri Oct 17 09:44:39 2008 Subject: Compilation question 64bit, 32 bit In-Reply-To: <48F858B7.1060304@modulus.org> References: <9251237E-8054-4B52-BFF7-B3B67189FABC@gmail.com> <20081017104321.18262zf6lz4uk7c4@webmail.leidinger.net> <48F858B7.1060304@modulus.org> Message-ID: <20081017114355.12775yvj1q5pktc0@webmail.leidinger.net> Quoting Andrew Snow (from Fri, 17 Oct 2008 20:19:51 +1100): > Alexander Leidinger wrote: >> Sort of. You can install a 32bit world into the jail and make sure >> 32bit support is activated in the kernel. The 32bit programs will >> then run just fine in the jail (but 64bit ones should run fine too). > > How is this done? > > I've never been able to find out how, it doesn't appear to be > documented anywhere. Take a 32bit world (e.g. NFS mount from/on another machine, or the stuff which comes in releases on CD or the network) and put it into the directory where you want to have the jail (this is replacing the "Setting up a Jail Directory Tree" in the example section of "man jail"). Bye, Alexander. -- You recoil from the crude; you tend naturally toward the exquisite. http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 From 000.fbsd at quip.cz Fri Oct 17 09:47:32 2008 From: 000.fbsd at quip.cz (Miroslav Lachman) Date: Fri Oct 17 09:47:41 2008 Subject: Compilation question 64bit, 32 bit In-Reply-To: <20081017104321.18262zf6lz4uk7c4@webmail.leidinger.net> References: <9251237E-8054-4B52-BFF7-B3B67189FABC@gmail.com> <20081017104321.18262zf6lz4uk7c4@webmail.leidinger.net> Message-ID: <48F85F53.8040005@quip.cz> Alexander Leidinger wrote: > Quoting Jose Amengual (from Thu, 16 Oct 2008 > 08:43:15 -0300): > >> Hi Guys. >> >> The other day I install a server with jails with FreeBSD 7 32 bit in >> a 64 bit capable processor. >> >> After I install I start wondering some things that I point out here : >> >> Any benefit to install 64 bit vs 32 bit with the purpose of use jails ? > > > It depends. If you want to use more than 4G: yes. > >> Can I install a 32 bit FreeBSD and create 64 bit jails ? ( using >> ezjail or downloading the full 64 bit source to create the jail ). > > > No. > >> Can I install 32 bit FreeBSD and then made a make world and change it >> to 64 bit ? ( is recommended ?) > > > IIRC this depends upon your FreeBSD version. I think in CURRENT there's > code which supports that now. No guarantees. > >> Can I install a FreeBSD 64 bit and create 32 bit jails ? > > > Sort of. You can install a 32bit world into the jail and make sure > 32bit support is activated in the kernel. The 32bit programs will then > run just fine in the jail (but 64bit ones should run fine too). It's > the same way as you can run linux programs in a jail. Do you mean installing whole 32bit world instead of 64bit, for example from ftp.freebsd.cz:/pub/FreeBSD/releases/i386/7.0-RELEASE/base/ or just /lib32 /usr/lib32 libraries? Will it be possible in this (32bit) jail to install ports marked as arch i386 only, or some voodoo is needed to trick the ports system? What do you mean by "32bit support in kernel"? Is it just options COMPAT_IA32 as is in amd64 GENERIC or anything else? I am interested in running 32bit ports on amd64 bit machine. Miroslav Lachman From bzeeb-lists at lists.zabbadoz.net Fri Oct 17 10:00:09 2008 From: bzeeb-lists at lists.zabbadoz.net (Bjoern A. Zeeb) Date: Fri Oct 17 10:00:15 2008 Subject: multi-ip v4/v6 In-Reply-To: <434247.34127.qm@web81008.mail.mud.yahoo.com> References: <434247.34127.qm@web81008.mail.mud.yahoo.com> Message-ID: <20081017095232.E2978@maildrop.int.zabbadoz.net> On Thu, 16 Oct 2008, Brian wrote: > Is there a patch for multi-ip/ipv4/ipv6 for freebsd 6.3-release-p5? no; there is an multi-IPv4 patch for 6.x somehere around ... let mevfind it ... here it is: http://people.freebsd.org/~bz/multi-ip-jail-6.4-pre-20080926-01.diff That's the best I can give you. I have no plan to support multi-ipv4/v6/no-IP patches for before 7.1-PRE (anymore) atm. /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From tdcmystere at gmail.com Fri Oct 17 10:05:41 2008 From: tdcmystere at gmail.com (Antipov Dima) Date: Fri Oct 17 10:05:47 2008 Subject: Network configuration for KVM - Config reseau pour kvm In-Reply-To: References: Message-ID: *English* Hi all sorry for my english i have little problem whis a network configuration for my freebsd used whis KVM so my probleme is simple ip of my host 91.121.156.206 ip oh my guest 91.121.234.115 from Gust i can ping any ip's but no domaines i can not ping my Guest from anywhere esolv.conf nameserver 231.186.33.99 domaine ovh.net search ovh.net on my host i have network interface wmbr0 so i add ip route add 91.121.234.115 (ip of my gust) dev vmbr0 on my guest i add a default route ip route add default 91.121.234.115 Thank you for all *French* bonjour a tous voila j ai jamais utilis? freebsd et la j en ais besoin mon soucis j arrive a pinguer depuis le guest l exterieur et l interieur depuis host impossible pourtant la route est bien mise puis depuis guest je sais pinguer que les ip pas de domaines dans mon resolv.conf nameserver 231.186.33.99 domaine ovh.net je sais que il faut rajouter search ovh.net ou remplacer domaine par search faut il faire encore qqch? et que dois je faire sur le host pour pinguer le gust? Merci d'avance From tdcmystere at gmail.com Fri Oct 17 10:11:11 2008 From: tdcmystere at gmail.com (Antipov Dima) Date: Fri Oct 17 10:11:18 2008 Subject: Network configuration for KVM - Config reseau pour kvm Message-ID: *English* Hi all sorry for my english i have little problem whis a network configuration for my freebsd used whis KVM so my probleme is simple ip of my host 91.121.156.206 ip oh my guest 91.121.234.115 from Gust i can ping any ip's but no domaines i can not ping my Guest from anywhere esolv.conf nameserver 231.186.33.99 domaine ovh.net search ovh.net on my host i have network interface wmbr0 so i add ip route add 91.121.234.115 (ip of my gust) dev vmbr0 on my guest i add a default route ip route add default 91.121.234.115 Thank you for all *French* bonjour a tous voila j ai jamais utilis? freebsd et la j en ais besoin mon soucis j arrive a pinguer depuis le guest l exterieur et l interieur depuis host impossible pourtant la route est bien mise puis depuis guest je sais pinguer que les ip pas de domaines dans mon resolv.conf nameserver 231.186.33.99 domaine ovh.net je sais que il faut rajouter search ovh.net ou remplacer domaine par search faut il faire encore qqch? et que dois je faire sur le host pour pinguer le gust? Merci d'avance From bzeeb-lists at lists.zabbadoz.net Fri Oct 17 10:15:06 2008 From: bzeeb-lists at lists.zabbadoz.net (Bjoern A. Zeeb) Date: Fri Oct 17 10:15:13 2008 Subject: Compilation question 64bit, 32 bit In-Reply-To: <48F858B7.1060304@modulus.org> References: <9251237E-8054-4B52-BFF7-B3B67189FABC@gmail.com> <20081017104321.18262zf6lz4uk7c4@webmail.leidinger.net> <48F858B7.1060304@modulus.org> Message-ID: <20081017100924.I2978@maildrop.int.zabbadoz.net> On Fri, 17 Oct 2008, Andrew Snow wrote: Hi, > Alexander Leidinger wrote: >> Sort of. You can install a 32bit world into the jail and make sure 32bit >> support is activated in the kernel. The 32bit programs will then run just >> fine in the jail (but 64bit ones should run fine too). > > How is this done? > > I've never been able to find out how, it doesn't appear to be documented > anywhere. I have been trying to get the people who know best to document it (at least roughly) and have failed so far. It' is more than simply installing a 32bit world as jails and starting the jail. /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From bzeeb-lists at lists.zabbadoz.net Fri Oct 17 13:25:08 2008 From: bzeeb-lists at lists.zabbadoz.net (Bjoern A. Zeeb) Date: Fri Oct 17 13:25:18 2008 Subject: Compilation question 64bit, 32 bit In-Reply-To: <20081017100924.I2978@maildrop.int.zabbadoz.net> References: <9251237E-8054-4B52-BFF7-B3B67189FABC@gmail.com> <20081017104321.18262zf6lz4uk7c4@webmail.leidinger.net> <48F858B7.1060304@modulus.org> <20081017100924.I2978@maildrop.int.zabbadoz.net> Message-ID: <20081017132351.F2978@maildrop.int.zabbadoz.net> On Fri, 17 Oct 2008, Bjoern A. Zeeb wrote: Hi, > On Fri, 17 Oct 2008, Andrew Snow wrote: > > Hi, > >> Alexander Leidinger wrote: >>> Sort of. You can install a 32bit world into the jail and make sure 32bit >>> support is activated in the kernel. The 32bit programs will then run just >>> fine in the jail (but 64bit ones should run fine too). >> >> How is this done? >> >> I've never been able to find out how, it doesn't appear to be documented >> anywhere. > > I have been trying to get the people who know best to document it (at > least roughly) and have failed so far. > > It' is more than simply installing a 32bit world as jails and starting > the jail. ok, it turns out that if you just want to run things it should just work. If you want to build ports or things in there, there are a bunch of enviroment variables to set. /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From Alexander at Leidinger.net Fri Oct 17 14:28:11 2008 From: Alexander at Leidinger.net (Alexander Leidinger) Date: Fri Oct 17 14:28:18 2008 Subject: Compilation question 64bit, 32 bit In-Reply-To: <48F85F53.8040005@quip.cz> References: <9251237E-8054-4B52-BFF7-B3B67189FABC@gmail.com> <20081017104321.18262zf6lz4uk7c4@webmail.leidinger.net> <48F85F53.8040005@quip.cz> Message-ID: <20081017162738.10251xmx8c2i8dlw@webmail.leidinger.net> Quoting Miroslav Lachman <000.fbsd@quip.cz> (from Fri, 17 Oct 2008 11:48:03 +0200): > Alexander Leidinger wrote: >> Quoting Jose Amengual (from Thu, 16 Oct >> 2008 08:43:15 -0300): >> >>> Hi Guys. >>> >>> The other day I install a server with jails with FreeBSD 7 32 bit >>> in a 64 bit capable processor. >>> >>> After I install I start wondering some things that I point out here : >>> >>> Any benefit to install 64 bit vs 32 bit with the purpose of use jails ? >> >> >> It depends. If you want to use more than 4G: yes. >> >>> Can I install a 32 bit FreeBSD and create 64 bit jails ? ( using >>> ezjail or downloading the full 64 bit source to create the jail ). >> >> >> No. >> >>> Can I install 32 bit FreeBSD and then made a make world and change >>> it to 64 bit ? ( is recommended ?) >> >> >> IIRC this depends upon your FreeBSD version. I think in CURRENT >> there's code which supports that now. No guarantees. >> >>> Can I install a FreeBSD 64 bit and create 32 bit jails ? >> >> >> Sort of. You can install a 32bit world into the jail and make sure >> 32bit support is activated in the kernel. The 32bit programs will >> then run just fine in the jail (but 64bit ones should run fine >> too). It's the same way as you can run linux programs in a jail. > > Do you mean installing whole 32bit world instead of 64bit, for > example from > ftp.freebsd.cz:/pub/FreeBSD/releases/i386/7.0-RELEASE/base/ or just > /lib32 /usr/lib32 libraries? I haven't tested it myself. I know that it is possible. It may need some twiddling. I haven't carefully looked at the kernel code, but as it uses the same infrastructure as the linuxulator (see compat/ia32/ia32_sysvec.c), it should be able to run with a plain i386 world (maybe you have to make a link /libexec/ld-elf32.so.1 -> /libexec/ld-elf.so.1 as the compat32 stuff is trying to access this... or maybe even moving ld-elf.so.1 to a different name and linking to the new name, in case this may cause some kind of loop in the kernel). > Will it be possible in this (32bit) jail to install ports marked as > arch i386 only, or some voodoo is needed to trick the ports system? As the compiler is responsible to create the XXbit stuff, and you are using the 32bit compiler, it should be possible. Investigate the stuff which is used to change the uname output on the ports build cluster. This will be needed. Not all ports may work, in this case either fix the port, or use a package. Some ports will never be able to work (use of features which are not available in compat32). > What do you mean by "32bit support in kernel"? Is it just options > COMPAT_IA32 as is in amd64 GENERIC or anything else? COMPAT_IA32 > I am interested in running 32bit ports on amd64 bit machine. If you mean 64bit jail instead of machine: should be possible. If not: mixing without restrictions is not possible. It's an all or nothing approach for the userland. Bye, Alexander. -- If society fits you comfortably enough, you call it freedom. -- Robert Frost http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 From uros.gruber at gmail.com Sat Oct 18 08:28:35 2008 From: uros.gruber at gmail.com (=?UTF-8?Q?Uro=C5=A1_Gruber?=) Date: Sat Oct 18 08:28:43 2008 Subject: Local IP in jail Message-ID: <3ef844230810180107k6d1c4c67vd33f83aa25960ee@mail.gmail.com> Hi, I'm setting up new jail and I was thinking enabling it on some local IP (10.1.1.1 for example). I added an alias in rc.conf and also created the jail. The only problem I have is routing is not working as it should. I don't know if it is because of jail or do I need to add manual routing for this IP to be able comunicate with outside world. Is it even possible to work this way and than use ipf to redirect trafic onto jail itself? Thanks in advance Uros From 000.fbsd at quip.cz Sat Oct 18 09:53:17 2008 From: 000.fbsd at quip.cz (Miroslav Lachman) Date: Sat Oct 18 09:53:24 2008 Subject: Local IP in jail In-Reply-To: <3ef844230810180107k6d1c4c67vd33f83aa25960ee@mail.gmail.com> References: <3ef844230810180107k6d1c4c67vd33f83aa25960ee@mail.gmail.com> Message-ID: <48F9B22B.4060200@quip.cz> Uro? Gruber wrote: > Hi, > > I'm setting up new jail and I was thinking enabling it on some local > IP (10.1.1.1 for example). I added an alias in rc.conf and also > created the jail. The only problem I have is routing is not working as > it should. I don't know if it is because of jail or do I need to add > manual > routing for this IP to be able comunicate with outside world. Is it > even possible to work this way and than use ipf to redirect trafic > onto jail itself? It is possible. I am using Jails only this way (with private IPs and NAT+RDR in PF) Maybe you need to set net.inet.ip.forwarding=1 (in sysctl.conf) or gateway_enable="YES" in rc.conf Miroslav Lachman From bugmaster at FreeBSD.org Mon Oct 20 11:06:54 2008 From: bugmaster at FreeBSD.org (FreeBSD bugmaster) Date: Mon Oct 20 11:08:12 2008 Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org Message-ID: <200810201106.m9KB6rWC082702@freefall.freebsd.org> Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/126368 jail [jail] Running ktrace/kdump in jail leads to stale jai o kern/120753 jail [jail] Zombie jails (jailed child process exits while o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o kern/97071 jail [jail] [patch] add security.jail.jid sysctl o kern/89989 jail [jail] [patch] Add option -I (ASCII 73) PID to specif s kern/89528 jail [jail] [patch] impossible to kill a jail o kern/84215 jail [jail] [patch] wildcard ip (INADDR_ANY) should not bin o kern/74314 jail [resolver] [jail] DNS resolver broken under certain ja o kern/72498 jail [libc] [jail] timestamp code on jailed SMP machine gen o kern/68192 jail [quotas] [jail] Cannot use quotas on jailed systems o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with 12 problems total. From acidmax at sbcglobal.net Mon Oct 20 12:48:36 2008 From: acidmax at sbcglobal.net (Brian) Date: Mon Oct 20 12:48:42 2008 Subject: correct syntax to bind ipv6 to jails? Message-ID: <527343.64794.qm@web81006.mail.mud.yahoo.com> im running releng_7_0 with bz's muli ipv4/6/none patch, i cant get ipv6 to bind, ive tried every possible way, i keep getting this error: ? ??(/home/brian)--> # jail /usr/jails/test.jinxshells.com test.jinxshells.com 2a02:780:a002::3 /bin/sh jail: Address family 28 not supported. Ignoring. : No such file or directory From bzeeb-lists at lists.zabbadoz.net Mon Oct 20 14:20:08 2008 From: bzeeb-lists at lists.zabbadoz.net (Bjoern A. Zeeb) Date: Mon Oct 20 14:20:16 2008 Subject: correct syntax to bind ipv6 to jails? In-Reply-To: <527343.64794.qm@web81006.mail.mud.yahoo.com> References: <527343.64794.qm@web81006.mail.mud.yahoo.com> Message-ID: <20081020141637.H2978@maildrop.int.zabbadoz.net> On Mon, 20 Oct 2008, Brian wrote: Hi, > im running releng_7_0 with bz's muli ipv4/6/none patch, i cant get ipv6 to bind, ive tried every possible way, i keep getting this error: > ? > ??(/home/brian)--> # jail /usr/jails/test.jinxshells.com test.jinxshells.com 2a02:780:a002::3 /bin/sh > jail: Address family 28 not supported. Ignoring. > : No such file or directory huh, are your sure you are running with my patch and that the kernel is compiled with INET6 support? /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From acidmax at sbcglobal.net Mon Oct 20 14:24:45 2008 From: acidmax at sbcglobal.net (Brian) Date: Mon Oct 20 14:24:51 2008 Subject: correct syntax to bind ipv6 to jails? In-Reply-To: <20081020141637.H2978@maildrop.int.zabbadoz.net> Message-ID: <682816.37700.qm@web81003.mail.mud.yahoo.com> yeah, im running 20080617-01-jail-7.0R.diff, and ipv6 is compiled in the kernel, i can use it on the main host, just not the jail ? brian --- On Mon, 10/20/08, Bjoern A. Zeeb wrote: From: Bjoern A. Zeeb Subject: Re: correct syntax to bind ipv6 to jails? To: "Brian" Cc: freebsd-jail@FreeBSD.org Date: Monday, October 20, 2008, 10:17 AM On Mon, 20 Oct 2008, Brian wrote: Hi, > im running releng_7_0 with bz's muli ipv4/6/none patch, i cant get ipv6 to bind, ive tried every possible way, i keep getting this error: > ? > ??(/home/brian)--> # jail /usr/jails/test.jinxshells.com test.jinxshells.com 2a02:780:a002::3 /bin/sh > jail: Address family 28 not supported. Ignoring. > : No such file or directory huh, are your sure you are running with my patch and that the kernel is compiled with INET6 support? /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From bzeeb-lists at lists.zabbadoz.net Mon Oct 20 15:25:09 2008 From: bzeeb-lists at lists.zabbadoz.net (Bjoern A. Zeeb) Date: Mon Oct 20 15:25:15 2008 Subject: correct syntax to bind ipv6 to jails? In-Reply-To: <682816.37700.qm@web81003.mail.mud.yahoo.com> References: <682816.37700.qm@web81003.mail.mud.yahoo.com> Message-ID: <20081020151900.J2978@maildrop.int.zabbadoz.net> On Mon, 20 Oct 2008, Brian wrote: Hi, >>> im running releng_7_0 with bz's muli ipv4/6/none patch, i cant get >> ipv6 to bind, ive tried every possible way, i keep getting this error: >>> ? >>> ??(/home/brian)--> # jail /usr/jails/test.jinxshells.com >> test.jinxshells.com 2a02:780:a002::3 /bin/sh >>> jail: Address family 28 not supported. Ignoring. >>> : No such file or directory >> >> huh, are your sure you are running with my patch and that the kernel >> is compiled with INET6 support? >> > yeah, im running 20080617-01-jail-7.0R.diff, and ipv6 is compiled in the kernel, i can use it on the main host, just not the jail From the above error message I would expect that you cannot tart the jail, right? Can you ktrace the jail command and see what returns the EAFNOSUPPORT analysing the output with kdump? /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From alexus at gmail.com Mon Oct 20 21:37:52 2008 From: alexus at gmail.com (alexus) Date: Mon Oct 20 21:37:59 2008 Subject: FreeBSD 7.0-RELEASE In-Reply-To: <4f95f7db0810121143u1f6aaaa8jb363490f3ef42195@mail.gmail.com> References: <4f95f7db0810120719j323efd4eh1923f1744f0f4fd6@mail.gmail.com> <20081012153425.I2978@maildrop.int.zabbadoz.net> <4f95f7db0810120852l18e44fdbp26ad9adc5a59bc4c@mail.gmail.com> <20081012161551.B2978@maildrop.int.zabbadoz.net> <4f95f7db0810121143u1f6aaaa8jb363490f3ef42195@mail.gmail.com> Message-ID: <6ae50c2d0810201437j7a866be1q3ca46c3bb8886069@mail.gmail.com> I dont know seems like for me it's missing something d# patch -C < ~alexus/20080617-01-jail-7.0R.diff Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: lib/libc/sys/jail.2 |=================================================================== |RCS file: /shared/mirror/FreeBSD/r/ncvs/src/lib/libc/sys/jail.2,v |retrieving revision 1.28 |diff -u -p -r1.28 jail.2 |--- lib/libc/sys/jail.2 9 Feb 2005 18:03:14 -0000 1.28 |+++ lib/libc/sys/jail.2 18 Jun 2008 22:30:42 -0000 -------------------------- Patching file lib/libc/sys/jail.2 using Plan A... Hunk #1 succeeded at 8. Hunk #2 succeeded at 32. Hunk #3 succeeded at 58. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: sys/compat/freebsd32/freebsd32.h |=================================================================== |RCS file: /shared/mirror/FreeBSD/r/ncvs/src/sys/compat/freebsd32/freebsd32.h,v |retrieving revision 1.6.2.1 |diff -u -p -r1.6.2.1 freebsd32.h |--- sys/compat/freebsd32/freebsd32.h 19 Dec 2007 20:37:53 -0000 1.6.2.1 |+++ sys/compat/freebsd32/freebsd32.h 18 Jun 2008 22:30:54 -0000 -------------------------- Patching file sys/compat/freebsd32/freebsd32.h using Plan A... Hunk #1 failed at 153. 1 out of 1 hunks failed--saving rejects to sys/compat/freebsd32/freebsd32.h.rej Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: sys/compat/freebsd32/freebsd32_misc.c |=================================================================== |RCS file: /shared/mirror/FreeBSD/r/ncvs/src/sys/compat/freebsd32/freebsd32_misc.c,v |retrieving revision 1.67.2.3 |diff -u -p -r1.67.2.3 freebsd32_misc.c |--- sys/compat/freebsd32/freebsd32_misc.c 20 Dec 2007 19:43:55 -0000 1.67.2.3 |+++ sys/compat/freebsd32/freebsd32_misc.c 18 Jun 2008 22:30:54 -0000 -------------------------- Patching file sys/compat/freebsd32/freebsd32_misc.c using Plan A... Hunk #1 succeeded at 37 with fuzz 2 (offset -1 lines). Hunk #2 succeeded at 1778 with fuzz 1 (offset -186 lines). Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: sys/compat/freebsd32/freebsd32_proto.h |=================================================================== |RCS file: /shared/mirror/FreeBSD/r/ncvs/src/sys/compat/freebsd32/freebsd32_proto.h,v |retrieving revision 1.78.2.1 |diff -u -p -r1.78.2.1 freebsd32_proto.h |--- sys/compat/freebsd32/freebsd32_proto.h 19 Dec 2007 20:48:53 -0000 1.78.2.1 |+++ sys/compat/freebsd32/freebsd32_proto.h 18 Jun 2008 22:30:54 -0000 -------------------------- Patching file sys/compat/freebsd32/freebsd32_proto.h using Plan A... Hunk #1 failed at 223. Hunk #2 failed at 367. Hunk #3 failed at 571. 3 out of 3 hunks failed--saving rejects to sys/compat/freebsd32/freebsd32_proto.h.rej Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: sys/compat/freebsd32/freebsd32_syscall.h |=================================================================== |RCS file: /shared/mirror/FreeBSD/r/ncvs/src/sys/compat/freebsd32/freebsd32_syscall.h,v |retrieving revision 1.76.2.1 |diff -u -p -r1.76.2.1 freebsd32_syscall.h |--- sys/compat/freebsd32/freebsd32_syscall.h 19 Dec 2007 20:48:53 -0000 1.76.2.1 |+++ sys/compat/freebsd32/freebsd32_syscall.h 18 Jun 2008 22:30:54 -0000 -------------------------- Patching file sys/compat/freebsd32/freebsd32_syscall.h using Plan A... Hunk #1 succeeded at 254 with fuzz 2. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: sys/compat/freebsd32/freebsd32_syscalls.c |=================================================================== |RCS file: /shared/mirror/FreeBSD/r/ncvs/src/sys/compat/freebsd32/freebsd32_syscalls.c,v |retrieving revision 1.67.2.1 |diff -u -p -r1.67.2.1 freebsd32_syscalls.c |--- sys/compat/freebsd32/freebsd32_syscalls.c 19 Dec 2007 20:48:53 -0000 1.67.2.1 |+++ sys/compat/freebsd32/freebsd32_syscalls.c 18 Jun 2008 22:30:54 -0000 -------------------------- Patching file sys/compat/freebsd32/freebsd32_syscalls.c using Plan A... Hunk #1 succeeded at 345 with fuzz 2. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: sys/compat/freebsd32/freebsd32_sysent.c |=================================================================== |RCS file: /shared/mirror/FreeBSD/r/ncvs/src/sys/compat/freebsd32/freebsd32_sysent.c,v |retrieving revision 1.77.2.1 |diff -u -p -r1.77.2.1 freebsd32_sysent.c |--- sys/compat/freebsd32/freebsd32_sysent.c 19 Dec 2007 20:48:53 -0000 1.77.2.1 |+++ sys/compat/freebsd32/freebsd32_sysent.c 18 Jun 2008 22:30:54 -0000 -------------------------- Patching file sys/compat/freebsd32/freebsd32_sysent.c using Plan A... Hunk #1 failed at 377. 1 out of 1 hunks failed--saving rejects to sys/compat/freebsd32/freebsd32_sysent.c.rej Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: sys/compat/freebsd32/syscalls.master |=================================================================== |RCS file: /shared/mirror/FreeBSD/r/ncvs/src/sys/compat/freebsd32/syscalls.master,v |retrieving revision 1.91.2.2 |diff -u -p -r1.91.2.2 syscalls.master |--- sys/compat/freebsd32/syscalls.master 19 Dec 2007 20:43:41 -0000 1.91.2.2 |+++ sys/compat/freebsd32/syscalls.master 18 Jun 2008 22:30:54 -0000 -------------------------- Patching file sys/compat/freebsd32/syscalls.master using Plan A... Hunk #1 failed at 566. 1 out of 1 hunks failed--saving rejects to sys/compat/freebsd32/syscalls.master.rej Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: sys/compat/linux/linux_misc.c |=================================================================== |RCS file: /shared/mirror/FreeBSD/r/ncvs/src/sys/compat/linux/linux_misc.c,v |retrieving revision 1.214 |diff -u -p -r1.214 linux_misc.c |--- sys/compat/linux/linux_misc.c 28 Aug 2007 12:26:35 -0000 1.214 |+++ sys/compat/linux/linux_misc.c 18 Jun 2008 22:30:55 -0000 -------------------------- Patching file sys/compat/linux/linux_misc.c using Plan A... Hunk #1 succeeded at 38 with fuzz 1 (offset -1 lines). Hunk #2 succeeded at 48 with fuzz 2 (offset -1 lines). Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: sys/ddb/db_ps.c |=================================================================== |RCS file: /shared/mirror/FreeBSD/r/ncvs/src/sys/ddb/db_ps.c,v |retrieving revision 1.66 |diff -u -p -r1.66 db_ps.c |--- sys/ddb/db_ps.c 17 Sep 2007 05:27:19 -0000 1.66 |+++ sys/ddb/db_ps.c 18 Jun 2008 22:30:56 -0000 -------------------------- Patching file sys/ddb/db_ps.c using Plan A... Hunk #1 succeeded at 32. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: sys/kern/kern_jail.c |=================================================================== |RCS file: /shared/mirror/FreeBSD/r/ncvs/src/sys/kern/kern_jail.c,v |retrieving revision 1.70 |diff -u -p -r1.70 kern_jail.c |--- sys/kern/kern_jail.c 13 Apr 2007 23:54:22 -0000 1.70 |+++ sys/kern/kern_jail.c 18 Jun 2008 22:31:00 -0000 -------------------------- Patching file sys/kern/kern_jail.c using Plan A... Hunk #1 succeeded at 10 with fuzz 2. Hunk #2 succeeded at 36 with fuzz 2 (offset -1 lines). Hunk #3 succeeded at 58 (offset -1 lines). Hunk #4 failed at 85. Hunk #5 succeeded at 111 with fuzz 2 (offset -21 lines). Hunk #6 failed at 242. Hunk #7 succeeded at 364 with fuzz 1 (offset -21 lines). Hunk #8 succeeded at 449 (offset -14 lines). Hunk #9 succeeded at 570 (offset -27 lines). Hunk #10 failed at 589. Hunk #11 succeeded at 1021 (offset -382 lines). Hunk #12 failed at 1034. Hunk #13 succeeded at 1458 (offset -18 lines). 4 out of 13 hunks failed--saving rejects to sys/kern/kern_jail.c.rej Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: sys/kern/kern_priv.c |=================================================================== |RCS file: /shared/mirror/FreeBSD/r/ncvs/src/sys/kern/kern_priv.c,v |retrieving revision 1.4 |diff -u -p -r1.4 kern_priv.c |--- sys/kern/kern_priv.c 2 Jul 2007 14:03:29 -0000 1.4 |+++ sys/kern/kern_priv.c 18 Jun 2008 22:31:00 -0000 -------------------------- File to patch: On Sun, Oct 12, 2008 at 2:43 PM, Patrick Vanguardia wrote: > ic, thanks, i think i successfully run it one thing i noticed is that when i > run ifconfig it only shows 1 IP > > On Mon, Oct 13, 2008 at 12:22 AM, Bjoern A. Zeeb < > bzeeb-lists@lists.zabbadoz.net> wrote: > >> On Sun, 12 Oct 2008, Patrick Vanguardia wrote: >> >> Hi, >> >> Thanks Bjoern. Yes I will not expect any update from it but is it already >>> stable (fully functional)? any known bugs in this release? >>> >> >> well people ran it as they had asked for it. if you would have Cc:ed >> the lists someone might have showed up next week end told you. Run a >> poll there;-) >> >> I have never ran it for production or anything. >> You may want to check if there had been any follow-ups to tha patch >> (take the date from the filename) and check to find the posting where >> I had posted the patch: >> http://lists.freebsd.org/pipermail/freebsd-jail/ >> >> >> It's not as complete as a releng_7 patch as releng_7 has cpuset that >> 7.0-R did not have yet, sctp still was disabled, ... >> >> Apart from that nothing pops out of my head. >> >> >> /bz >> >> -- >> Bjoern A. Zeeb Stop bit received. Insert coin for new game. >> > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > -- http://alexus.org/ From alexus at gmail.com Mon Oct 20 21:40:14 2008 From: alexus at gmail.com (alexus) Date: Mon Oct 20 21:40:21 2008 Subject: FreeBSD 7.0-RELEASE In-Reply-To: <6ae50c2d0810201437j7a866be1q3ca46c3bb8886069@mail.gmail.com> References: <4f95f7db0810120719j323efd4eh1923f1744f0f4fd6@mail.gmail.com> <20081012153425.I2978@maildrop.int.zabbadoz.net> <4f95f7db0810120852l18e44fdbp26ad9adc5a59bc4c@mail.gmail.com> <20081012161551.B2978@maildrop.int.zabbadoz.net> <4f95f7db0810121143u1f6aaaa8jb363490f3ef42195@mail.gmail.com> <6ae50c2d0810201437j7a866be1q3ca46c3bb8886069@mail.gmail.com> Message-ID: <6ae50c2d0810201440p70c9cc86h8de33bd3569723e7@mail.gmail.com> Bjoern A. Zeeb Do you know if we going see your patch in 7.1-RELEASE? On Mon, Oct 20, 2008 at 5:37 PM, alexus wrote: > I dont know seems like for me it's missing something > > > d# patch -C < ~alexus/20080617-01-jail-7.0R.diff > Hmm... Looks like a unified diff to me... > The text leading up to this was: > -------------------------- > |Index: lib/libc/sys/jail.2 > |=================================================================== > |RCS file: /shared/mirror/FreeBSD/r/ncvs/src/lib/libc/sys/jail.2,v > |retrieving revision 1.28 > |diff -u -p -r1.28 jail.2 > |--- lib/libc/sys/jail.2 9 Feb 2005 18:03:14 -0000 1.28 > |+++ lib/libc/sys/jail.2 18 Jun 2008 22:30:42 -0000 > -------------------------- > Patching file lib/libc/sys/jail.2 using Plan A... > Hunk #1 succeeded at 8. > Hunk #2 succeeded at 32. > Hunk #3 succeeded at 58. > Hmm... The next patch looks like a unified diff to me... > The text leading up to this was: > -------------------------- > |Index: sys/compat/freebsd32/freebsd32.h > |=================================================================== > |RCS file: /shared/mirror/FreeBSD/r/ncvs/src/sys/compat/freebsd32/freebsd32.h,v > |retrieving revision 1.6.2.1 > |diff -u -p -r1.6.2.1 freebsd32.h > |--- sys/compat/freebsd32/freebsd32.h 19 Dec 2007 20:37:53 -0000 1.6.2.1 > |+++ sys/compat/freebsd32/freebsd32.h 18 Jun 2008 22:30:54 -0000 > -------------------------- > Patching file sys/compat/freebsd32/freebsd32.h using Plan A... > Hunk #1 failed at 153. > 1 out of 1 hunks failed--saving rejects to sys/compat/freebsd32/freebsd32.h.rej > Hmm... The next patch looks like a unified diff to me... > The text leading up to this was: > -------------------------- > |Index: sys/compat/freebsd32/freebsd32_misc.c > |=================================================================== > |RCS file: /shared/mirror/FreeBSD/r/ncvs/src/sys/compat/freebsd32/freebsd32_misc.c,v > |retrieving revision 1.67.2.3 > |diff -u -p -r1.67.2.3 freebsd32_misc.c > |--- sys/compat/freebsd32/freebsd32_misc.c 20 Dec 2007 19:43:55 -0000 1.67.2.3 > |+++ sys/compat/freebsd32/freebsd32_misc.c 18 Jun 2008 22:30:54 -0000 > -------------------------- > Patching file sys/compat/freebsd32/freebsd32_misc.c using Plan A... > Hunk #1 succeeded at 37 with fuzz 2 (offset -1 lines). > Hunk #2 succeeded at 1778 with fuzz 1 (offset -186 lines). > Hmm... The next patch looks like a unified diff to me... > The text leading up to this was: > -------------------------- > |Index: sys/compat/freebsd32/freebsd32_proto.h > |=================================================================== > |RCS file: /shared/mirror/FreeBSD/r/ncvs/src/sys/compat/freebsd32/freebsd32_proto.h,v > |retrieving revision 1.78.2.1 > |diff -u -p -r1.78.2.1 freebsd32_proto.h > |--- sys/compat/freebsd32/freebsd32_proto.h 19 Dec 2007 20:48:53 -0000 1.78.2.1 > |+++ sys/compat/freebsd32/freebsd32_proto.h 18 Jun 2008 22:30:54 -0000 > -------------------------- > Patching file sys/compat/freebsd32/freebsd32_proto.h using Plan A... > Hunk #1 failed at 223. > Hunk #2 failed at 367. > Hunk #3 failed at 571. > 3 out of 3 hunks failed--saving rejects to > sys/compat/freebsd32/freebsd32_proto.h.rej > Hmm... The next patch looks like a unified diff to me... > The text leading up to this was: > -------------------------- > |Index: sys/compat/freebsd32/freebsd32_syscall.h > |=================================================================== > |RCS file: /shared/mirror/FreeBSD/r/ncvs/src/sys/compat/freebsd32/freebsd32_syscall.h,v > |retrieving revision 1.76.2.1 > |diff -u -p -r1.76.2.1 freebsd32_syscall.h > |--- sys/compat/freebsd32/freebsd32_syscall.h 19 Dec 2007 20:48:53 > -0000 1.76.2.1 > |+++ sys/compat/freebsd32/freebsd32_syscall.h 18 Jun 2008 22:30:54 -0000 > -------------------------- > Patching file sys/compat/freebsd32/freebsd32_syscall.h using Plan A... > Hunk #1 succeeded at 254 with fuzz 2. > Hmm... The next patch looks like a unified diff to me... > The text leading up to this was: > -------------------------- > |Index: sys/compat/freebsd32/freebsd32_syscalls.c > |=================================================================== > |RCS file: /shared/mirror/FreeBSD/r/ncvs/src/sys/compat/freebsd32/freebsd32_syscalls.c,v > |retrieving revision 1.67.2.1 > |diff -u -p -r1.67.2.1 freebsd32_syscalls.c > |--- sys/compat/freebsd32/freebsd32_syscalls.c 19 Dec 2007 20:48:53 > -0000 1.67.2.1 > |+++ sys/compat/freebsd32/freebsd32_syscalls.c 18 Jun 2008 22:30:54 -0000 > -------------------------- > Patching file sys/compat/freebsd32/freebsd32_syscalls.c using Plan A... > Hunk #1 succeeded at 345 with fuzz 2. > Hmm... The next patch looks like a unified diff to me... > The text leading up to this was: > -------------------------- > |Index: sys/compat/freebsd32/freebsd32_sysent.c > |=================================================================== > |RCS file: /shared/mirror/FreeBSD/r/ncvs/src/sys/compat/freebsd32/freebsd32_sysent.c,v > |retrieving revision 1.77.2.1 > |diff -u -p -r1.77.2.1 freebsd32_sysent.c > |--- sys/compat/freebsd32/freebsd32_sysent.c 19 Dec 2007 20:48:53 -0000 1.77.2.1 > |+++ sys/compat/freebsd32/freebsd32_sysent.c 18 Jun 2008 22:30:54 -0000 > -------------------------- > Patching file sys/compat/freebsd32/freebsd32_sysent.c using Plan A... > Hunk #1 failed at 377. > 1 out of 1 hunks failed--saving rejects to > sys/compat/freebsd32/freebsd32_sysent.c.rej > Hmm... The next patch looks like a unified diff to me... > The text leading up to this was: > -------------------------- > |Index: sys/compat/freebsd32/syscalls.master > |=================================================================== > |RCS file: /shared/mirror/FreeBSD/r/ncvs/src/sys/compat/freebsd32/syscalls.master,v > |retrieving revision 1.91.2.2 > |diff -u -p -r1.91.2.2 syscalls.master > |--- sys/compat/freebsd32/syscalls.master 19 Dec 2007 20:43:41 -0000 1.91.2.2 > |+++ sys/compat/freebsd32/syscalls.master 18 Jun 2008 22:30:54 -0000 > -------------------------- > Patching file sys/compat/freebsd32/syscalls.master using Plan A... > Hunk #1 failed at 566. > 1 out of 1 hunks failed--saving rejects to > sys/compat/freebsd32/syscalls.master.rej > Hmm... The next patch looks like a unified diff to me... > The text leading up to this was: > -------------------------- > |Index: sys/compat/linux/linux_misc.c > |=================================================================== > |RCS file: /shared/mirror/FreeBSD/r/ncvs/src/sys/compat/linux/linux_misc.c,v > |retrieving revision 1.214 > |diff -u -p -r1.214 linux_misc.c > |--- sys/compat/linux/linux_misc.c 28 Aug 2007 12:26:35 -0000 1.214 > |+++ sys/compat/linux/linux_misc.c 18 Jun 2008 22:30:55 -0000 > -------------------------- > Patching file sys/compat/linux/linux_misc.c using Plan A... > Hunk #1 succeeded at 38 with fuzz 1 (offset -1 lines). > Hunk #2 succeeded at 48 with fuzz 2 (offset -1 lines). > Hmm... The next patch looks like a unified diff to me... > The text leading up to this was: > -------------------------- > |Index: sys/ddb/db_ps.c > |=================================================================== > |RCS file: /shared/mirror/FreeBSD/r/ncvs/src/sys/ddb/db_ps.c,v > |retrieving revision 1.66 > |diff -u -p -r1.66 db_ps.c > |--- sys/ddb/db_ps.c 17 Sep 2007 05:27:19 -0000 1.66 > |+++ sys/ddb/db_ps.c 18 Jun 2008 22:30:56 -0000 > -------------------------- > Patching file sys/ddb/db_ps.c using Plan A... > Hunk #1 succeeded at 32. > Hmm... The next patch looks like a unified diff to me... > The text leading up to this was: > -------------------------- > |Index: sys/kern/kern_jail.c > |=================================================================== > |RCS file: /shared/mirror/FreeBSD/r/ncvs/src/sys/kern/kern_jail.c,v > |retrieving revision 1.70 > |diff -u -p -r1.70 kern_jail.c > |--- sys/kern/kern_jail.c 13 Apr 2007 23:54:22 -0000 1.70 > |+++ sys/kern/kern_jail.c 18 Jun 2008 22:31:00 -0000 > -------------------------- > Patching file sys/kern/kern_jail.c using Plan A... > Hunk #1 succeeded at 10 with fuzz 2. > Hunk #2 succeeded at 36 with fuzz 2 (offset -1 lines). > Hunk #3 succeeded at 58 (offset -1 lines). > Hunk #4 failed at 85. > Hunk #5 succeeded at 111 with fuzz 2 (offset -21 lines). > Hunk #6 failed at 242. > Hunk #7 succeeded at 364 with fuzz 1 (offset -21 lines). > Hunk #8 succeeded at 449 (offset -14 lines). > Hunk #9 succeeded at 570 (offset -27 lines). > Hunk #10 failed at 589. > Hunk #11 succeeded at 1021 (offset -382 lines). > Hunk #12 failed at 1034. > Hunk #13 succeeded at 1458 (offset -18 lines). > 4 out of 13 hunks failed--saving rejects to sys/kern/kern_jail.c.rej > Hmm... The next patch looks like a unified diff to me... > The text leading up to this was: > -------------------------- > |Index: sys/kern/kern_priv.c > |=================================================================== > |RCS file: /shared/mirror/FreeBSD/r/ncvs/src/sys/kern/kern_priv.c,v > |retrieving revision 1.4 > |diff -u -p -r1.4 kern_priv.c > |--- sys/kern/kern_priv.c 2 Jul 2007 14:03:29 -0000 1.4 > |+++ sys/kern/kern_priv.c 18 Jun 2008 22:31:00 -0000 > -------------------------- > File to patch: > > > On Sun, Oct 12, 2008 at 2:43 PM, Patrick Vanguardia > wrote: >> ic, thanks, i think i successfully run it one thing i noticed is that when i >> run ifconfig it only shows 1 IP >> >> On Mon, Oct 13, 2008 at 12:22 AM, Bjoern A. Zeeb < >> bzeeb-lists@lists.zabbadoz.net> wrote: >> >>> On Sun, 12 Oct 2008, Patrick Vanguardia wrote: >>> >>> Hi, >>> >>> Thanks Bjoern. Yes I will not expect any update from it but is it already >>>> stable (fully functional)? any known bugs in this release? >>>> >>> >>> well people ran it as they had asked for it. if you would have Cc:ed >>> the lists someone might have showed up next week end told you. Run a >>> poll there;-) >>> >>> I have never ran it for production or anything. >>> You may want to check if there had been any follow-ups to tha patch >>> (take the date from the filename) and check to find the posting where >>> I had posted the patch: >>> http://lists.freebsd.org/pipermail/freebsd-jail/ >>> >>> >>> It's not as complete as a releng_7 patch as releng_7 has cpuset that >>> 7.0-R did not have yet, sctp still was disabled, ... >>> >>> Apart from that nothing pops out of my head. >>> >>> >>> /bz >>> >>> -- >>> Bjoern A. Zeeb Stop bit received. Insert coin for new game. >>> >> _______________________________________________ >> freebsd-jail@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-jail >> To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" >> > > > > -- > http://alexus.org/ > -- http://alexus.org/ From bzeeb-lists at lists.zabbadoz.net Tue Oct 21 06:00:10 2008 From: bzeeb-lists at lists.zabbadoz.net (Bjoern A. Zeeb) Date: Tue Oct 21 06:00:17 2008 Subject: FreeBSD 7.0-RELEASE In-Reply-To: <6ae50c2d0810201440p70c9cc86h8de33bd3569723e7@mail.gmail.com> References: <4f95f7db0810120719j323efd4eh1923f1744f0f4fd6@mail.gmail.com> <20081012153425.I2978@maildrop.int.zabbadoz.net> <4f95f7db0810120852l18e44fdbp26ad9adc5a59bc4c@mail.gmail.com> <20081012161551.B2978@maildrop.int.zabbadoz.net> <4f95f7db0810121143u1f6aaaa8jb363490f3ef42195@mail.gmail.com> <6ae50c2d0810201437j7a866be1q3ca46c3bb8886069@mail.gmail.com> <6ae50c2d0810201440p70c9cc86h8de33bd3569723e7@mail.gmail.com> Message-ID: <20081021055850.B2978@maildrop.int.zabbadoz.net> On Mon, 20 Oct 2008, alexus wrote: Hi, > Do you know if we going see your patch in 7.1-RELEASE? what keeps you from using the latest patch I had posted for 7-STABLE? /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From alexus at gmail.com Wed Oct 22 16:09:30 2008 From: alexus at gmail.com (alexus) Date: Wed Oct 22 16:09:37 2008 Subject: FreeBSD 7.0-RELEASE In-Reply-To: <20081021055850.B2978@maildrop.int.zabbadoz.net> References: <4f95f7db0810120719j323efd4eh1923f1744f0f4fd6@mail.gmail.com> <20081012153425.I2978@maildrop.int.zabbadoz.net> <4f95f7db0810120852l18e44fdbp26ad9adc5a59bc4c@mail.gmail.com> <20081012161551.B2978@maildrop.int.zabbadoz.net> <4f95f7db0810121143u1f6aaaa8jb363490f3ef42195@mail.gmail.com> <6ae50c2d0810201437j7a866be1q3ca46c3bb8886069@mail.gmail.com> <6ae50c2d0810201440p70c9cc86h8de33bd3569723e7@mail.gmail.com> <20081021055850.B2978@maildrop.int.zabbadoz.net> Message-ID: <6ae50c2d0810220909k442b8a53j791f1b2fad384e11@mail.gmail.com> alexus@d ~ 506$ ls -la *.diff -rw-r--r-- 1 alexus wheel 117476 Jun 18 18:40 20080617-01-jail-7.0R.diff -rw-r--r-- 1 alexus wheel 125768 Oct 1 14:54 bz_jail7-20080727-11-at146062-Fixed_By_Sody_1.10.08.diff -rw-r--r-- 1 alexus wheel 125674 Sep 20 06:21 bz_jail7-20080920-01-at150161.diff alexus@d ~ 507$ which one is patch that you referring too? We use -RELEASE only, not -STABLE, would your patch work with -RELEASE? On Tue, Oct 21, 2008 at 1:59 AM, Bjoern A. Zeeb wrote: > On Mon, 20 Oct 2008, alexus wrote: > > Hi, > >> Do you know if we going see your patch in 7.1-RELEASE? > > what keeps you from using the latest patch I had posted for 7-STABLE? > > /bz > > -- > Bjoern A. Zeeb Stop bit received. Insert coin for new game. > -- http://alexus.org/ From lopez.on.the.lists at yellowspace.net Fri Oct 24 16:17:45 2008 From: lopez.on.the.lists at yellowspace.net (Lorenzo Perone) Date: Fri Oct 24 16:17:51 2008 Subject: Succesful patch on several hosts with RELENG_7 Message-ID: Hi, Just wanted to give my feedback on Your patch bz_jail7-20080920-01-at150161.diff, which I got by reading this list, on http://people.freebsd.org/~bz/bz_jail7-20080920-01-at150161.diff Just patched several RELENG_7 hosts (FreeBSD 7.0-PRERELEASE, last one yesterday), and for the time being, it works like a charm. THANK YOU VERY MUCH for this patch and Your efforts, as this is a very important feature for me and for several others. I hope so much that it will be included into RELENG_7o fficially, and/or that You will be update it eventually, if necessary. Kudos, Regards && lots of free beer.. Lorenzo From sodynet1 at gmail.com Fri Oct 24 22:24:23 2008 From: sodynet1 at gmail.com (Sami Halabi) Date: Fri Oct 24 22:24:31 2008 Subject: Succesful patch on several hosts with RELENG_7 In-Reply-To: References: Message-ID: I'm joining the compliments... its for about 2 months now and working as a charm also... bz, Your great.. this feature MUST be in the official production fbsd for everyone. thanks for your efforts Sami On Fri, Oct 24, 2008 at 6:07 PM, Lorenzo Perone < lopez.on.the.lists@yellowspace.net> wrote: > > Hi, > > Just wanted to give my feedback > on Your patch bz_jail7-20080920-01-at150161.diff, which I got > by reading this list, on > > http://people.freebsd.org/~bz/bz_jail7-20080920-01-at150161.diff > > Just patched several RELENG_7 hosts (FreeBSD 7.0-PRERELEASE, > last one yesterday), and for the time being, it works like a > charm. THANK YOU VERY MUCH for this patch and Your efforts, > as this is a very important feature for me and for several > others. I hope so much that it will be included into RELENG_7o > fficially, and/or that You will be update it eventually, > if necessary. > > Kudos, Regards && lots of free beer.. > > Lorenzo > > > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > From reddvinylene at gmail.com Fri Oct 24 23:32:30 2008 From: reddvinylene at gmail.com (Redd Vinylene) Date: Fri Oct 24 23:32:37 2008 Subject: Succesful patch on several hosts with RELENG_7 In-Reply-To: References: Message-ID: Oh yeah absolutely, let me in too. If it wasn't for Bjoern Zeeb I'd probably be sleeping on the street by now! Thanks a lot dude! On Sat, Oct 25, 2008 at 12:24 AM, Sami Halabi wrote: > I'm joining the compliments... > its for about 2 months now and working as a charm also... > > bz, > Your great.. this feature MUST be in the official production fbsd for > everyone. > thanks for your efforts > > Sami > > On Fri, Oct 24, 2008 at 6:07 PM, Lorenzo Perone < > lopez.on.the.lists@yellowspace.net> wrote: > >> >> Hi, >> >> Just wanted to give my feedback >> on Your patch bz_jail7-20080920-01-at150161.diff, which I got >> by reading this list, on >> >> http://people.freebsd.org/~bz/bz_jail7-20080920-01-at150161.diff >> >> Just patched several RELENG_7 hosts (FreeBSD 7.0-PRERELEASE, >> last one yesterday), and for the time being, it works like a >> charm. THANK YOU VERY MUCH for this patch and Your efforts, >> as this is a very important feature for me and for several >> others. I hope so much that it will be included into RELENG_7o >> fficially, and/or that You will be update it eventually, >> if necessary. >> >> Kudos, Regards && lots of free beer.. >> >> Lorenzo >> >> >> _______________________________________________ >> freebsd-jail@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-jail >> To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" >> > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > -- http://www.home.no/reddvinylene From bazerka at beardz.net Sat Oct 25 02:04:40 2008 From: bazerka at beardz.net (Jase Thew) Date: Sat Oct 25 02:04:46 2008 Subject: Succesful patch on several hosts with RELENG_7 In-Reply-To: References: Message-ID: <49027EA9.9090808@beardz.net> Lorenzo Perone wrote: > Hi, > > Just wanted to give my feedback > on Your patch bz_jail7-20080920-01-at150161.diff, which I got > by reading this list, on > > http://people.freebsd.org/~bz/bz_jail7-20080920-01-at150161.diff > > Just patched several RELENG_7 hosts (FreeBSD 7.0-PRERELEASE, > last one yesterday), and for the time being, it works like a > charm. THANK YOU VERY MUCH for this patch and Your efforts, > as this is a very important feature for me and for several > others. I hope so much that it will be included into RELENG_7o > fficially, and/or that You will be update it eventually, > if necessary. > > Kudos, Regards && lots of free beer.. > > Lorenzo Hi, Is this patch for both i386 and amd64, or just i386? Regards, Jase. From bzeeb-lists at lists.zabbadoz.net Sat Oct 25 08:35:07 2008 From: bzeeb-lists at lists.zabbadoz.net (Bjoern A. Zeeb) Date: Sat Oct 25 08:35:15 2008 Subject: Succesful patch on several hosts with RELENG_7 In-Reply-To: <49027EA9.9090808@beardz.net> References: <49027EA9.9090808@beardz.net> Message-ID: <20081025083021.S2978@maildrop.int.zabbadoz.net> On Sat, 25 Oct 2008, Jase Thew wrote: Hi, > Is this patch for both i386 and amd64, or just i386? the patch should be architecture independent. There was some alignment concern lately for non-itellish architectures but it should be right (not yet verified). So amd64 and i386 are not a problem, both work, ... /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From bazerka at beardz.net Sat Oct 25 15:22:52 2008 From: bazerka at beardz.net (Jase Thew) Date: Sat Oct 25 15:23:02 2008 Subject: Succesful patch on several hosts with RELENG_7 In-Reply-To: <20081025083021.S2978@maildrop.int.zabbadoz.net> References: <49027EA9.9090808@beardz.net> <20081025083021.S2978@maildrop.int.zabbadoz.net> Message-ID: <490339C9.3080104@beardz.net> Bjoern A. Zeeb wrote: > On Sat, 25 Oct 2008, Jase Thew wrote: > > Hi, > >> Is this patch for both i386 and amd64, or just i386? > > the patch should be architecture independent. There was some alignment > concern lately for non-itellish architectures but it should be right > (not yet verified). > > So amd64 and i386 are not a problem, both work, ... > > > /bz > Hi Bjoern, Thanks for the quick clarification. Regards, Jase. From lopez.on.the.lists at yellowspace.net Sat Oct 25 20:50:46 2008 From: lopez.on.the.lists at yellowspace.net (Lorenzo Perone) Date: Sat Oct 25 20:50:53 2008 Subject: Succesful patch on several hosts with RELENG_7 In-Reply-To: References: Message-ID: Hi, Just a few additions to my post: # Nice thing: Patch is widely compatible with current /etc/rc.d/jail script, so just adding the ips comma separated to the jail_xxxx_ip variable in rc.conf, like jail_xxx_ip="10.190.40.10,10.190.40.11" does all the tricks (no matter on which iface the ips are) # Small bug: jls does not show all the IPs, for whichever reason (just noting it, as for the rest, You patched everything..) # Platform Jase: I patched only amd64 systems so far (for the sake of precision: DELL PowerEdge 1950 III machines and one "home brewn" old athlon64), but as Bjoern says, there should be no problems with i386.. Regards, and tons of free beer.. .) Lorenzo On 24.10.2008, at 18:07, Lorenzo Perone wrote: > > Hi, > > Just wanted to give my feedback > on Your patch bz_jail7-20080920-01-at150161.diff, which I got > by reading this list, on > > http://people.freebsd.org/~bz/bz_jail7-20080920-01-at150161.diff > > Just patched several RELENG_7 hosts (FreeBSD 7.0-PRERELEASE, > last one yesterday), and for the time being, it works like a > charm. THANK YOU VERY MUCH for this patch and Your efforts, > as this is a very important feature for me and for several > others. I hope so much that it will be included into RELENG_7o > fficially, and/or that You will be update it eventually, > if necessary. > > Kudos, Regards && lots of free beer.. > > Lorenzo > > > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail- > unsubscribe@freebsd.org" From bz at FreeBSD.org Sat Oct 25 22:13:55 2008 From: bz at FreeBSD.org (Bjoern A. Zeeb) Date: Sat Oct 25 22:14:01 2008 Subject: Succesful patch on several hosts with RELENG_7 In-Reply-To: References: Message-ID: <20081025214545.J2978@maildrop.int.zabbadoz.net> On Sat, 25 Oct 2008, Lorenzo Perone wrote: Hi, > Just a few additions to my post: > > # Nice thing: > > Patch is widely compatible with current /etc/rc.d/jail > script, so just adding the ips comma separated to > the jail_xxxx_ip variable in rc.conf, like > jail_xxx_ip="10.190.40.10,10.190.40.11" > does all the tricks (no matter on which iface the ips are) yes that was intentional, but does not work with all features people use - especially the "configure the IP for me as well" ones. > # Small bug: > > jls does not show all the IPs, for whichever reason > (just noting it, as for the rest, You patched everything..) oh it does; you are seeing the "compat" output introduced lately to make as many scripts happy as possible. man jls should tell you that you want `jls -v'. > Regards, and tons of free beer.. .) As I have received a few similar comments before and as most of the world has never seen me drinking beer, people may want to consider http://www.freebsdfoundation.org/donate/ Regards, Bjoern -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From lopez.on.the.lists at yellowspace.net Sun Oct 26 12:26:29 2008 From: lopez.on.the.lists at yellowspace.net (Lorenzo Perone) Date: Sun Oct 26 12:26:35 2008 Subject: Succesful patch on several hosts with RELENG_7 In-Reply-To: <20081025214545.J2978@maildrop.int.zabbadoz.net> References: <20081025214545.J2978@maildrop.int.zabbadoz.net> Message-ID: <1f251259102d2078ce186caba07aaa9c@yellowspace.net> On Sat, 25 Oct 2008 21:57:13 +0000 (UTC), "Bjoern A. Zeeb" wrote: >> # Nice thing: >> >> Patch is widely compatible with current /etc/rc.d/jail >> script, so just adding the ips comma separated to >> the jail_xxxx_ip variable in rc.conf, like >> jail_xxx_ip="10.190.40.10,10.190.40.11" >> does all the tricks (no matter on which iface the ips are) > > yes that was intentional, but does not work with all features > people use - especially the "configure the IP for me as well" > ones. Anyone _really_ using this feature? ;) >> # Small bug: >> >> jls does not show all the IPs, for whichever reason >> (just noting it, as for the rest, You patched everything..) > > oh it does; you are seeing the "compat" output introduced lately to > make as many scripts happy as possible. man jls should tell you > that you want `jls -v'. Really cool, great. Sorry for overseeing it. That's someone who cares... (who has not written that jailme/jme script grepping around jls, or even more...)! >> Regards, and tons of free beer.. .) > > As I have received a few similar comments before and as most of the > world has never seen me drinking beer, people may want to consider > http://www.freebsdfoundation.org/donate/ My apologies for this assumption! Here in Oktoberfest-City we tend to have huge difficulties in imagining someone not drinking beer. However: yes it's overdue, I'll be using that link for a contribution next week. Thanx so much 4 your work and 4 listening! Lorenzo From bugmaster at FreeBSD.org Mon Oct 27 11:07:16 2008 From: bugmaster at FreeBSD.org (FreeBSD bugmaster) Date: Mon Oct 27 11:08:22 2008 Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org Message-ID: <200810271107.m9RB7FBB001985@freefall.freebsd.org> Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/126368 jail [jail] Running ktrace/kdump in jail leads to stale jai o kern/120753 jail [jail] Zombie jails (jailed child process exits while o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o kern/97071 jail [jail] [patch] add security.jail.jid sysctl o kern/89989 jail [jail] [patch] Add option -I (ASCII 73) PID to specif s kern/89528 jail [jail] [patch] impossible to kill a jail o kern/84215 jail [jail] [patch] wildcard ip (INADDR_ANY) should not bin o kern/74314 jail [resolver] [jail] DNS resolver broken under certain ja o kern/72498 jail [libc] [jail] timestamp code on jailed SMP machine gen o kern/68192 jail [quotas] [jail] Cannot use quotas on jailed systems o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with 12 problems total. From imb at protected-networks.net Tue Oct 28 18:20:20 2008 From: imb at protected-networks.net (Michael Butler) Date: Tue Oct 28 18:20:31 2008 Subject: 7.x and multiple IPs in jails In-Reply-To: <20081028181744.Q2978@maildrop.int.zabbadoz.net> References: <487086DA-4514-44E7-AB9F-F1D98C652980@yellowspace.net> <490754D5.8050202@protected-networks.net> <20081028181744.Q2978@maildrop.int.zabbadoz.net> Message-ID: <490757D1.6080709@protected-networks.net> Bjoern A. Zeeb wrote: >> This seems to imply that, at last, IPv6 addresses can be used in jails - >> is that true? > yes Woohoo! THANKS! :-) Michael From bzeeb-lists at lists.zabbadoz.net Wed Oct 29 07:45:08 2008 From: bzeeb-lists at lists.zabbadoz.net (Bjoern A. Zeeb) Date: Wed Oct 29 07:45:15 2008 Subject: 7.x and multiple IPs in jails In-Reply-To: <49078377.2090807@smartt.com> References: <487086DA-4514-44E7-AB9F-F1D98C652980@yellowspace.net> <49078377.2090807@smartt.com> Message-ID: <20081029072821.S2978@maildrop.int.zabbadoz.net> On Tue, 28 Oct 2008, Chris St Denis wrote: Hi, [ jail patches ] > Serious question here (not trolling). > > These patches have been around for years, why have they never been committed > to trunk/stable? Well, the multi-ipv4 patch has been for a while - what we are talking about at the moment is more. If you look at older status reports they said soemthing like "there is the need for this at the moment but it's not considered to be the right thing". There are multiple reasons for that, that I can think of: 1) some larger parts (of the network stack|kernel) get plastered with all kinds of if (this) if (that) checks complicating code, making it unreadbale, having to be maintained, not ignored for security, ... It's important to really catch all the places, .. which it seems we had been doing well though not 100% well as I just found out currerntly preparing more if (this) if (that) checks for something not really important but still being a problem - since the first day it turns out. 2) there is questionable logic in them and while we had been living with it up to now, it came up during review process for the commit to HEAD (so it could be merged to stable) and it turns out that properly solving it isn't a easy or simple task and multiple people have been pondering over this for days now. Even after removing some optional code paths for simplicity things are still not always definite in what would happen. 3) Nonetheless they are very helpful and very usable (else I wouldn't have worked on it). The plan as the status report will say is to get this in, merge it to stable/7 before 7.2 and keep it in 8. 8 will also have vimages and ideally I'd like to see this entire jail IP hacks be gone for 9, when vimage will provide the infrastructure, etc. This means that 8 would be the transition period. But that's just me and my ideas - we'll see how it'll go. /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From lists at lozenetz.org Wed Oct 29 09:17:08 2008 From: lists at lozenetz.org (Anton - Valqk) Date: Wed Oct 29 09:17:15 2008 Subject: 7.x and multiple IPs in jails In-Reply-To: <20081029072821.S2978@maildrop.int.zabbadoz.net> References: <487086DA-4514-44E7-AB9F-F1D98C652980@yellowspace.net> <49078377.2090807@smartt.com> <20081029072821.S2978@maildrop.int.zabbadoz.net> Message-ID: <4908264A.5080003@lozenetz.org> Hi there group, Just a quick question regarding full virtualization net stack? Is vimage the name of the virtualization stack? :) I'd *LOVE* to see it in stable!!! :) Are there any plans when it will be in HEAD or something? (I'm not following head and not running even 7.x yet). These patches also have been for years (as far as I can remember from 4.10?) and we haven't seen it working.... just asking curiously (no trolling)! cheers, valqk. Bjoern A. Zeeb wrote: > On Tue, 28 Oct 2008, Chris St Denis wrote: > > Hi, > > [ jail patches ] > >> Serious question here (not trolling). >> >> These patches have been around for years, why have they never been >> committed to trunk/stable? > > Well, the multi-ipv4 patch has been for a while - what we are talking > about at the moment is more. > > If you look at older status reports they said soemthing like "there is > the need for this at the moment but it's not considered to be the > right thing". > > There are multiple reasons for that, that I can think of: > > 1) some larger parts (of the network stack|kernel) get plastered with > all kinds of if (this) if (that) checks complicating code, making > it unreadbale, having to be maintained, not ignored for security, ... > It's important to really catch all the places, .. which it seems we > had been doing well though not 100% well as I just found out > currerntly preparing more if (this) if (that) checks for something > not really important but still being a problem - since the first > day it turns out. > > 2) there is questionable logic in them and while we had been living > with it up to now, it came up during review process for the commit > to HEAD (so it could be merged to stable) and it turns out that > properly solving it isn't a easy or simple task and multiple people > have been pondering over this for days now. Even after removing > some optional code paths for simplicity things are still not always > definite in what would happen. > > 3) > > > Nonetheless they are very helpful and very usable (else I wouldn't > have worked on it). > > The plan as the status report will say is to get this in, merge it to > stable/7 before 7.2 and keep it in 8. > > 8 will also have vimages and ideally I'd like to see this entire jail > IP hacks be gone for 9, when vimage will provide the infrastructure, > etc. This means that 8 would be the transition period. But that's > just me and my ideas - we'll see how it'll go. > > > /bz > From bzeeb-lists at lists.zabbadoz.net Wed Oct 29 09:45:07 2008 From: bzeeb-lists at lists.zabbadoz.net (Bjoern A. Zeeb) Date: Wed Oct 29 09:46:09 2008 Subject: 7.x and multiple IPs in jails In-Reply-To: <4908264A.5080003@lozenetz.org> References: <487086DA-4514-44E7-AB9F-F1D98C652980@yellowspace.net> <49078377.2090807@smartt.com> <20081029072821.S2978@maildrop.int.zabbadoz.net> <4908264A.5080003@lozenetz.org> Message-ID: <20081029094128.M2978@maildrop.int.zabbadoz.net> On Wed, 29 Oct 2008, Anton - Valqk wrote: Hi, > Just a quick question regarding full virtualization net stack? > Is vimage the name of the virtualization stack? :) > I'd *LOVE* to see it in stable!!! :) > Are there any plans when it will be in HEAD or something? > (I'm not following head and not running even 7.x yet). > These patches also have been for years (as far as I can remember from > 4.10?) and we haven't seen it working.... > > just asking curiously (no trolling)! It will not be in stable before 8-STABLE though I think Marko has it also for 7-STABLE (in perforce). Parts of the framework have been merged to HEAD already and more is to come. freebsd-virtualization@ is the list for this. /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From chris at smartt.com Wed Oct 29 17:52:34 2008 From: chris at smartt.com (Chris St Denis) Date: Wed Oct 29 17:52:40 2008 Subject: 7.x and multiple IPs in jails In-Reply-To: <20081029072821.S2978@maildrop.int.zabbadoz.net> References: <487086DA-4514-44E7-AB9F-F1D98C652980@yellowspace.net> <49078377.2090807@smartt.com> <20081029072821.S2978@maildrop.int.zabbadoz.net> Message-ID: <49089D14.7040603@smartt.com> Bjoern A. Zeeb wrote: > On Tue, 28 Oct 2008, Chris St Denis wrote: > > Hi, > > [ jail patches ] > >> Serious question here (not trolling). >> >> These patches have been around for years, why have they never been >> committed to trunk/stable? > > Well, the multi-ipv4 patch has been for a while - what we are talking > about at the moment is more. > > If you look at older status reports they said soemthing like "there is > the need for this at the moment but it's not considered to be the > right thing". > > There are multiple reasons for that, that I can think of: > > 1) some larger parts (of the network stack|kernel) get plastered with > all kinds of if (this) if (that) checks complicating code, making > it unreadbale, having to be maintained, not ignored for security, ... > It's important to really catch all the places, .. which it seems we > had been doing well though not 100% well as I just found out > currerntly preparing more if (this) if (that) checks for something > not really important but still being a problem - since the first > day it turns out. > > 2) there is questionable logic in them and while we had been living > with it up to now, it came up during review process for the commit > to HEAD (so it could be merged to stable) and it turns out that > properly solving it isn't a easy or simple task and multiple people > have been pondering over this for days now. Even after removing > some optional code paths for simplicity things are still not always > definite in what would happen. > > 3) > > > Nonetheless they are very helpful and very usable (else I wouldn't > have worked on it). > > The plan as the status report will say is to get this in, merge it to > stable/7 before 7.2 and keep it in 8. > > 8 will also have vimages and ideally I'd like to see this entire jail > IP hacks be gone for 9, when vimage will provide the infrastructure, > etc. This means that 8 would be the transition period. But that's > just me and my ideas - we'll see how it'll go. > > > /bz > Thanks for the info from all who responded. I hadn't heard of vimage before, but after doing some searching on it it sounds like it will be very good improvement to jails. If we can get resource limits on jails too in a near future release, Jails will become a competitive solution for VPS systems. From jamie at gritton.org Wed Oct 29 22:15:41 2008 From: jamie at gritton.org (James Gritton) Date: Wed Oct 29 22:15:47 2008 Subject: 7.x and multiple IPs in jails In-Reply-To: <20081029072821.S2978@maildrop.int.zabbadoz.net> References: <487086DA-4514-44E7-AB9F-F1D98C652980@yellowspace.net> <49078377.2090807@smartt.com> <20081029072821.S2978@maildrop.int.zabbadoz.net> Message-ID: <4908DA35.7070905@gritton.org> Bjoern A. Zeeb wrote: > The plan as the status report will say is to get this in, merge it to > stable/7 before 7.2 and keep it in 8. > > 8 will also have vimages and ideally I'd like to see this entire jail > IP hacks be gone for 9, when vimage will provide the infrastructure, > etc. This means that 8 would be the transition period. But that's > just me and my ideas - we'll see how it'll go. I'm not convinced vimage is the only kind of network virtualization we want to give the option of. The IP addresses assigned to jails seems a lighter weight alternative, and allows some things that vimage doesn't do easily, such as system processes that listen on the virtual addresses for some services, leaving the jail to handle others. - Jamie From imb at protected-networks.net Thu Oct 30 12:02:09 2008 From: imb at protected-networks.net (Michael Butler) Date: Thu Oct 30 12:02:15 2008 Subject: 7.x and multiple IPs in jails In-Reply-To: <20081028181744.Q2978@maildrop.int.zabbadoz.net> References: <487086DA-4514-44E7-AB9F-F1D98C652980@yellowspace.net> <490754D5.8050202@protected-networks.net> <20081028181744.Q2978@maildrop.int.zabbadoz.net> Message-ID: <490A048E.8000907@protected-networks.net> >>> Hi, there's a patch by Bjoern A.Zeeb, available at >>> http://people.freebsd.org/~bz/bz_jail7-20080920-01-at150161.diff >>> >>> which succeeds and works well with 7.1-PRERELEASE currently. >>> I had similar issues to solve and patched several hosts >>> with it, so far with success. Sadly, SVN rev 184481 (of today) breaks these patches :-( Is there an updated patch-set available or planned? Michael From bzeeb-lists at lists.zabbadoz.net Thu Oct 30 17:45:07 2008 From: bzeeb-lists at lists.zabbadoz.net (Bjoern A. Zeeb) Date: Thu Oct 30 17:45:14 2008 Subject: 7.x and multiple IPs in jails In-Reply-To: <490A048E.8000907@protected-networks.net> References: <487086DA-4514-44E7-AB9F-F1D98C652980@yellowspace.net> <490754D5.8050202@protected-networks.net> <20081028181744.Q2978@maildrop.int.zabbadoz.net> <490A048E.8000907@protected-networks.net> Message-ID: <20081031003552.A4973@maildrop.int.zabbadoz.net> On Thu, 30 Oct 2008, Michael Butler wrote: Hi, >>>> Hi, there's a patch by Bjoern A.Zeeb, available at >>>> http://people.freebsd.org/~bz/bz_jail7-20080920-01-at150161.diff >>>> >>>> which succeeds and works well with 7.1-PRERELEASE currently. >>>> I had similar issues to solve and patched several hosts >>>> with it, so far with success. > > Sadly, SVN rev 184481 (of today) breaks these patches :-( > > Is there an updated patch-set available or planned? I wonder if that was one of my MFCs - I guess so. One of the reasons I am doing those MFCs is to keep the diff between HEAD and 7 down to a minimum so that I have to ship less patches integrated into the jail patch for 7. So yes the plan is to finish the MFCs and generate a new patch for 7 the next days (most likely beginning of next week). Regards, Bjoern -- Bjoern A. Zeeb Stop bit received. Insert coin for new game.