raw sockets on 8.4 jails
Mars G. Miro
spry at anarchy.in.the.ph
Wed Oct 23 07:16:35 UTC 2013
Hi list,
On a jail on FreeBSD 8.4R-p4
root at waspb1:~# ping -a 4.2.2.2
ping: socket: Operation not permitted
root at waspb1:~# nc -uv 4.2.2.2 53
Connection to 4.2.2.2 53 port [udp/domain] succeeded!
^C
root at waspb1:~# sysctl security.jail.jailed
security.jail.jailed: 1
root at waspb1:~#
But I have set it properly on the host:
mars at wasp:~% sysctl -a | grep jail
security.jail.param.cpuset.id: 0
security.jail.param.host.hostid: 0
security.jail.param.host.hostuuid: 64
security.jail.param.host.domainname: 256
security.jail.param.host.hostname: 256
security.jail.param.children.max: 0
security.jail.param.children.cur: 0
security.jail.param.enforce_statfs: 0
security.jail.param.securelevel: 0
security.jail.param.path: 1024
security.jail.param.name: 256
security.jail.param.parent: 0
security.jail.param.jid: 0
security.jail.enforce_statfs: 2
security.jail.mount_allowed: 0
security.jail.chflags_allowed: 1
security.jail.allow_raw_sockets: 1
security.jail.sysvipc_allowed: 1
security.jail.socket_unixiproute_only: 1
security.jail.set_hostname_allowed: 1
security.jail.jail_max_af_ips: 255
security.jail.jailed: 0
mars at wasp:~% uname -a
FreeBSD wasp.spry.lan 8.4-RELEASE-p4 FreeBSD 8.4-RELEASE-p4 #0: Sun Oct
20 16:37:42 PHT 2013 root at XXX:/usr/obj/usr/src/sys/WASP amd64
mars at wasp:~%
On an 8.3R-p11 machine it works fine.
Problem ?
--
When you were born, a big chance was taken for you.
More information about the freebsd-jail
mailing list