[Bug 195838] New: ezjail generates wrong /var/run/jail.<name>.conf
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Dec 10 00:10:30 UTC 2014
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195838
Bug ID: 195838
Summary: ezjail generates wrong /var/run/jail.<name>.conf
Product: Ports Tree
Version: Latest
Hardware: amd64
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: freebsd-ports-bugs at FreeBSD.org
Reporter: pasko.boris at gmail.com
ezjail generates multiple "allow.raw_sockets" entries in the
/var/run/jail.<name>.conf which resutls in non-working ping inside jail.
Specifics:
1) I have a jail named AProxy. Here is it's ezjail config:
$ cat /usr/local/etc/ezjail/AProxy
# create a Jail dependency tree. See rcorder(8) for more details.
#
# PROVIDE: standard_ezjail
# REQUIRE:
# BEFORE:
#
export jail_AProxy_hostname="AProxy.serv6.home"
export jail_AProxy_parameters="allow.raw_sockets=1"
export jail_AProxy_ip="192.168.98.3"
export jail_AProxy_rootdir="/usr/jails/AProxy"
export jail_AProxy_exec_start="/bin/sh /etc/rc"
export jail_AProxy_exec_stop=""
export jail_AProxy_mount_enable="YES"
export jail_AProxy_devfs_enable="YES"
export jail_AProxy_devfs_ruleset="devfsrules_jail"
export jail_AProxy_procfs_enable="YES"
export jail_AProxy_fdescfs_enable="YES"
export jail_AProxy_image=""
export jail_AProxy_imagetype="zfs"
export jail_AProxy_attachparams=""
export jail_AProxy_attachblocking=""
export jail_AProxy_forceblocking=""
export jail_AProxy_zfs_datasets=""
export jail_AProxy_cpuset=""
export jail_AProxy_fib="1"
2) I don't have any /etc/jail.conf (Tried to create empty /etc/jail.conf, tried
to add AProxy-specific or global settings to it: nothing changes the behavior
described below).
3) ezjail generates following runtime config for my jail:
$ cat /var/run/jail.AProxy.conf
# Generated by rc.d/jail at 2014-12-09 19:08:21
AProxy {
host.hostname = "AProxy.serv6.home";
path = "/usr/jails/AProxy";
ip4.addr += "192.168.98.3/32";
exec.fib = "1";
allow.raw_sockets = 0;
exec.clean;
exec.system_user = "root";
exec.jail_user = "root";
exec.start += "/bin/sh /etc/rc";
exec.stop = "";
exec.consolelog = "/var/log/jail_AProxy_console.log";
mount.fstab = "/etc/fstab.AProxy";
mount.devfs;
mount.fdescfs;
mount += "procfs /usr/jails/AProxy/proc procfs rw 0 0";
allow.mount;
allow.set_hostname = 0;
allow.sysvipc = 0;
allow.raw_sockets=1;
}
Note that there are two conflicting entries:
allow.raw_sockets = 0;
allow.raw_sockets=1;
4) freebsd version and such:
$ uname -a
FreeBSD serv6.home 10.1-RELEASE FreeBSD 10.1-RELEASE #6: Sun Dec 7 15:09:33
EST 2014 root at serv6.home:/usr/obj/usr/src/sys/SERV6.10.1 amd64
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list