NIS client in a Jail

Ciro Scognamiglio moray at oltrelinux.com
Sun Feb 26 10:17:11 PST 2006 

Hullo,

I have a small server in my lan with FreeBSD 5.4-RELEASE-p11 that, among
others, is running a NIS server correctly configured.
I then configured a jail (as a virtual server) where I intend to run
Apache and where I would like to use NIS to let (some) of the host users
in instead of creating users also in the jail.

Googling around and reading various jail-howto I noticed that the
rcpbind daemon should not be run in the jail, but of course I need it to
run in the jail to have ypbind running.

Anyway, the client does not work, it tries to connect to the NIS server
but it times out and, at this point, I am not really sure if it is
possible to run it in a jail.

I actually managed to get it run once...but, with the same identical
configuration, once stopped the jail and rebooted the machine it didn't
work anymore.

The jail can resolve names and network works, here is its rc.conf:

hostname="shelob.wired.org"
network_interfaces=""
clear_tmp_enable="YES"

sendmail_enable="NO"
sshd_enable="YES"
rpcbind_enable="NO"

nisdomainname="linc-domain"
nis_client_enable="YES"
nis_client_flags="-S linc-domain,linc"

Is there anything wrong? (linc is of course the host machine)
The hosted machine NIS server and Jail configuration in rc.conf:

# NIS/YP
nisdomainname="linc-domain"
nis_server_enable="YES"
#nis_server_flags=""
nis_yppasswdd_enable="YES"
#nis_yppasswdd_flags=""
nis_client_enable="YES"
nis_client_flags="-S linc-domain,192.168.0.4"

#
# JAIL
#
jail_enable="YES"    # Set to NO to disable starting of any jails
jail_list="shelob"        # Space separated list of names of jails

jail_shelob_rootdir="/usr/jail/shelob"
jail_shelob_hostname="shelob.wired.org"
jail_shelob_ip="192.168.0.5"
jail_shelob_exec="/bin/sh /etc/rc"
jail_shelob_devfs_enable="YES"
jail_shelob_devfs_ruleset="devfsrules_jail"
jail_shelob_fdescfs_enable="YES"
jail_shelob_procfs_enable="YES"
jail_shelob_mount_enable="YES"


thnx in advance for your help.

Ciro.

P.S.
On the host machine I managed to get almost all running services
listening on the phisical interface IP address, I couldn't manage to get
mountd, nmdb, rcpbind and the yp* services to listen only on that IP.

P.P.S.
Inside the jail I got the following messages in /var/log/messages:

Feb 26 18:43:59 shelob /usr/sbin/ypbind[38440]: could not read from
child: Interrupted system call

Investigating ypbind.c it turned out to be an error caused by a read or
write from a pipe...
I stopped ypbind on the host machine and the error (in the jail)
disappeared...I guess ypbind is not really ready for jail isn't it?

More information about the freebsd-net mailing list