VNET jail and dhclient
Goran Mekić
meka at tilda.center
Mon Oct 9 07:31:29 UTC 2017
Hello,
TLDR: I can setup static IP or use dhcpcd to get address, but not dhclient.
Let me elaborate. I run 12-CURRENT on my laptop and use CBSD as jail manager (I don't think it matters).
# dhclient eth0
chroot
exiting.
This is what I found with truss: https://gist.github.com/anonymous/36a4e2bf1760198971934ff609a7d0de#file-gistfile1-txt-L227-L228. Selected lines are what I think is the problem. Offending line in the code is probably https://svnweb.freebsd.org/base/head/sbin/dhclient/dhclient.c?revision=317915&view=markup#l507. With that asumption, Oleg, CBSD author, noticed that the following "patch" works:
diff -ruN dhclient.c-o dhclient.c
--- dhclient.c-o 2017-10-08 13:06:59.134921000 +0300
+++ dhclient.c 2017-10-08 13:07:48.047004000 +0300
-504,8 +504,8
if (cap_rights_limit(routefd, &rights) < 0 && errno != ENOSYS)
error("can't limit route socket: %m");
- if (chroot(_PATH_VAREMPTY) == -1)
- error("chroot");
+// if (chroot(_PATH_VEREMPTY) == -1)
+// error("chroot");
if (chdir("/") == -1)
error("chdir(\"/\")");
I just assume that commenting out capsicum part of code would do the same (didn't try it) as I can create files under /var/empty and perms look normal.
Does anyone have a fairly recent 12-CURRENT VNET jail running with dhclient? If yes, what jail manager, if any? Also, could you recommend the way continue from this point given I never worked with capsicum? Thank you!
Regards,
meka
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-jail/attachments/20171009/2a071b00/attachment.sig>
More information about the freebsd-jail
mailing list