raw sockets on 8.4 jails

Jase Thew jase at FreeBSD.org
Thu Oct 31 14:36:02 UTC 2013 

On 23/10/2013 08:16, Mars G. Miro wrote:
> Hi list,
> 
> 	On a jail on FreeBSD 8.4R-p4
> 
> root at waspb1:~# ping -a 4.2.2.2
> ping: socket: Operation not permitted
> root at waspb1:~# nc -uv 4.2.2.2 53
> Connection to 4.2.2.2 53 port [udp/domain] succeeded!
> ^C
> root at waspb1:~# sysctl security.jail.jailed
> security.jail.jailed: 1
> root at waspb1:~#
> 
> 
> 	But I have set it properly on the host:
> 
> mars at wasp:~% sysctl -a | grep jail
> security.jail.param.cpuset.id: 0
> security.jail.param.host.hostid: 0
> security.jail.param.host.hostuuid: 64
> security.jail.param.host.domainname: 256
> security.jail.param.host.hostname: 256
> security.jail.param.children.max: 0
> security.jail.param.children.cur: 0
> security.jail.param.enforce_statfs: 0
> security.jail.param.securelevel: 0
> security.jail.param.path: 1024
> security.jail.param.name: 256
> security.jail.param.parent: 0
> security.jail.param.jid: 0
> security.jail.enforce_statfs: 2
> security.jail.mount_allowed: 0
> security.jail.chflags_allowed: 1
> security.jail.allow_raw_sockets: 1
> security.jail.sysvipc_allowed: 1
> security.jail.socket_unixiproute_only: 1
> security.jail.set_hostname_allowed: 1
> security.jail.jail_max_af_ips: 255
> security.jail.jailed: 0
> 
> mars at wasp:~% uname -a
> FreeBSD wasp.spry.lan 8.4-RELEASE-p4 FreeBSD 8.4-RELEASE-p4 #0: Sun Oct
> 20 16:37:42 PHT 2013     root at XXX:/usr/obj/usr/src/sys/WASP  amd64
> mars at wasp:~%
> 
> 	On an 8.3R-p11 machine it works fine.
> 
> 	Problem ?
> 
> 

Hi,

Jails now have their own per-jail properties, so allow.raw_sockets needs
to be passed as a parameter upon jail creation (or alternatively can be
set by modifying an already running jail).

Please refer to jail(8) manpage for further details.

Regards,

Jase.

-- 
Jase Thew
jase at FreeBSD.org
FreeBSD Ports Committer


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1029 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-jail/attachments/20131031/1c27a22e/attachment.sig>

More information about the freebsd-jail mailing list