problems with jail

Jim Stapleton stapleton.41 at
Fri Feb 23 01:22:55 UTC 2007

I'd like to get Apache running in jail, but I can't seem to get
network working in jail.

I followed the instructions in the man page for jail so far, breating
the world install in my jail directory (/jail), which is the only BSD
partition on the drive (ad8s3d, ad8s3b is swap, and ad8s3c is that
weird partition chunk that always appears after a swap chunk).

In doing this I should be able to remove the main system disk from the
devfs in the jail, which seemed to be a good idea. But I hadn't gotten
that far yet...

Regardless, I didn't squash out any devices just yet with devfs,
instead, I ensure any 'net*' device had mode 755 (basic jail test,
ping the tail on the router), an modified the rc.conf files as the
manual page suggested.

Anyway, when I go to jail, running csh (as root) in jail, I try/get:
    ping: socket: Operation not permitted

from my normal system prompt (out of jail):
 > ping
PING ( 56 data bytes
64 bytes from icmp_seq=0 ttl=150 time=0.489 ms
64 bytes from icmp_seq=1 ttl=150 time=0.468 ms
64 bytes from icmp_seq=2 ttl=150 time=0.465 ms

I figure I messed something up pretty oddy for this not to work.
FreeBSD 6.2 i386
CSUP run 2007-02-10
Ports [and their required deps] installed
x11/xorg, x11/kde3, editors/xemacs, editors/,
editors/nano, editors/pico, x11-wm/WMaker, lang/python25, net-im/gaim,

System rc.conf
ifconfig_nve0="inet netmask"
inetd_flags="-wW -a"

jail rc.conf
#I had the nve0 interface setup with and with "" assigned
to it also

jail command (run from root for testing purposes only - I'll narrow it
down to a less privledged host/jailed system user later)
jail /jail/ legolas at /bin/csh

The machine was rebooted since I set everything up.

Thank you,
-Jim Stapleton

