VNET jail and dhclient

Tue Oct 10 20:25:04 UTC 2017

On 9 Oct 2017, at 9:25, Goran Mekić wrote:
> Hello,
>
> TLDR: I can setup static IP or use dhcpcd to get address, but not dhclient.
>
> Let me elaborate. I run 12-CURRENT on my laptop and use CBSD as jail manager (I don't think it matters).
>
What version of CURRENT are you using?

> # dhclient eth0
> chroot
> exiting.
>
> This is what I found with truss: https://gist.github.com/anonymous/36a4e2bf1760198971934ff609a7d0de#file-gistfile1-txt-L227-L228. Selected lines are what I think is the problem. Offending line in the code is probably https://svnweb.freebsd.org/base/head/sbin/dhclient/dhclient.c?revision=317915&view=markup#l507. With that asumption, Oleg, CBSD author, noticed that the following "patch" works:
>
Is there any chance you don’t have /var/empty in your jail?

I do this to create a simple vnet jail:
sudo jail -c name=alcatraz persist vnet vnet.interface=epair0b
(in the jail) dhclient epair0b

And see:
…
fsync(0x9)                                       = 0 (0x0)
close(8)                                         = 0 (0x0)
socket(PF_ROUTE,SOCK_RAW,0)                      = 8 (0x8)
shutdown(8,SHUT_WR)                              = 0 (0x0)
cap_rights_limit(8,{ CAP_READ,CAP_EVENT })       = 0 (0x0)
chroot("/var/empty")                             = 0 (0x0)
chdir("/")                                       = 0 (0x0)
setgroups(0x1,0x800e2c1e4)                       = 0 (0x0)
…

I also see the DCHP request packets on the other end of the epair interface.

Regards,
Kristof
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 903 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-jail/attachments/20171010/7de260fd/attachment.sig>