Getting Jail v2 working with 9-stable

Denny Schierz linuxmail at 4lin.net
Fri Jan 20 08:59:56 UTC 2012 

hi,

I'm try to get jails with there own network stack working under 9-stable and have "only" problems with removing / stopping the jail. I wrote most on the stable list, so I just copy the relevant parts here:

=================================
I've created a new patch (adapted the old freebsd-9RC2 patch) for /etc/rc.d/jail:

The original patch:


http://wiki.polymorf.fr/files/jail_rc.patch


My patch:


http://pastebin.com/9LdLwaNA


It works (was very happy) if you start the jail, but has problems with stopping: it shows in jls still as active:

 # jls
   JID  IP Address      Hostname                      Path
     1  -               template.domain /jails/template

If I try to remove with "jail -r 1" than first the process hang, second after while, the whole machine needs a reset. There is no process from the jail active, nor any epair* interfaces or mounts, which is quite good, but ...

If i try to create the jail again (after /etc/rc.d/jail stop), it tries to create the epair0a (the last I can see) interface and than it hangs again -> reset needed

Also nice to know:

# umount  /jails/template 
umount: unmount of /jails/template failed: Device busy

Also not possible: a normal reboot after starting / stopping the jail. -> reset needed

====================================

http://lists.freebsd.org/pipermail/freebsd-stable/2012-January/065556.html

One more thing: If you wait / do nothing (5-15min) after a while the machine hangs too -> Reset

My plattform is a Sun SPARC64 Sunfire v245: 9.0-STABLE FreeBSD 9.0-STABLE

So, maybe there is something missing.

My rc.conf:

cloned_interfaces="bridge0"
ifconfig_bridge0="addm bge0 up"
ifconfig_bridge0_alias0="inet CHANGEDnetmask 255.255.255.192 up"
ifconfig_bge0="up"
defaultrouter="CHANGED"
gateway_enable="YES"


# Jails
jail_enable="NO"
jail_v2_enable="YES"
jail_list=""
jail_sysvipc_allow="YES"
 
for file in /etc/jails/*.conf; do
	. $file
done 

cat /etc/jails/template.conf 

#JAIL template
jail_list="$jail_list template"
jail_template_name="template"
jail_template_hostname="template.CHANGED"
jail_template_devfs_enable="YES"
jail_template_rootdir="/jails/template"
jail_template_mount_enable="YES"
jail_template_fstab="/etc/jails/fstabs/template"
jail_template_vnet_enable="YES"
 jail_template_flags="-c vnet persist"
 
#network
jail_template_exec_prestart0="ifconfig epair0 create"
jail_template_exec_prestart1="ifconfig bridge0 addm epair0a"
jail_template_exec_prestart2="ifconfig epair0a up"
jail_template_exec_earlypoststart0="ifconfig epair0b vnet template"
jail_template_exec_afterstart0="ifconfig lo0 127.0.0.1"
jail_template_exec_afterstart1="ifconfig epair0b CHANGED netmask 255.255.255.192 up"
jail_template_exec_afterstart2="route add default CHANGED"
jail_template_exec_afterstart3="/bin/sh /etc/rc"
jail_template_exec_prestop0="/bin/sh /etc/rc.shutdown"
jail_template_exec_poststop="ifconfig epair0b destroy"
jail_template_exec_poststop0="ifconfig bridge0 deletem epair0a"
jail_template_exec_poststop1="ifconfig epair0a destroy"


sysctl:

security.jail.enforce_statfs: 2
security.jail.mount_allowed: 0
security.jail.chflags_allowed: 0
security.jail.allow_raw_sockets: 1
security.jail.sysvipc_allowed: 1
security.jail.socket_unixiproute_only: 0
security.jail.set_hostname_allowed: 1
security.jail.jail_max_af_ips: 255
security.jail.jailed: 0

Also nothing found with lsof/fuser ...


any suggestions?

cu denny

More information about the freebsd-jail mailing list