Jails

Leonardo M. Ramé martinrame at yahoo.com
Sun Jan 13 22:01:36 UTC 2013 


----- Original Message -----

> From: Devin Teske <devin.teske at fisglobal.com>
> To: Leonardo M. Ramé <martinrame at yahoo.com>
> Cc: "freebsd-questions at FreeBSD.org" <freebsd-questions at FreeBSD.org>
> Sent: Sunday, January 13, 2013 2:23 PM
> Subject: Re: Jails
> 
> 
> On Jan 13, 2013, at 7:45 AM, Leonardo M. Ramé wrote:
> 
>>>  ________________________________
>> 
>>>  From: "Zyumbilev, Peter" <peter at aboutsupport.com>
>>>  To: freebsd-questions at FreeBSD.org 
>>>  Cc: Mark Felder <feld at feld.me>; Devin Teske 
> <dteske at freebsd.org>; Devin Teske <devin.teske at fisglobal.com> 
>>>  Sent: Sunday, January 13, 2013 7:09 AM
>>>  Subject: Re: Jails
>>> 
>>> 
>>>  On 12/01/2013 18:41, Devin Teske wrote:
>>>> 
>>>>  On Jan 11, 2013, at 11:31 PM, Zyumbilev, Peter wrote:
>>>> 
>>>>>  Hi,
>>>>> 
>>>>>  I have not tested it, but so far things do not look 
> promising...
>>>>> 
>>>>>  I cannot even run "netstat -nvatp" properly, however 
> sopcast seemed to
>>>>>  run, but have not tested it, for plex - have not tried yet.
>>>>> 
>>>> 
>>>>  netstat isn't allowed in traditional jails (but is allowed in 
> "vimage" jails which have their own network stack).
>>>> 
>>>>  If you're able/willing to compile a new kernel to enable the 
> "VIMAGE" feature, then this can be improved so that you can indeed use 
> netstat within the jail.
>>>> 
>>>>  NOTE: netstat is not allowed within traditional (non-VIMAGE) jails 
> due to security restrictions.
>>>> 
>>> 
>>>  My  host os is Nas4Free and is stripped version of freebsd - e.g I
>>>  cannot even compile ports - that is why I use jails - so no new kernel
>>>  for me there :)
>>> 
>>>  So far I am quite happy with it  - I use it mainly as DLNA
>>>  server(Serviio), ZFS,UPS support & Transmission made it quite good
>>>  platform - would take plenty of time to get all this in plain FreeBSD
>>>  install.
>>> 
>>>  The only thing that I might be missing is Plex, but due to lack 
> "browser
>>>  per folder feature", I will stick to open standard - DLNA.
>>> 
>>>  Peter
>> 
>> 
>>  Hi, I've installed debian 6 in a jail, from FreeBsd 9.1 x86-64 by 
> following the instructions from this thread. However, I also updated my 
> /etc/resolv.conf inside the jail, but I get this error when I do ping:
> 
> ping is usually denied from within a jail (for security purposes).
> 
> Add the following to /etc/rc.conf:
> 
> jail_sysvipc_allow="YES"
> 
> And then reboot.

I've tried that, but I got the same results:

root at debian:/# ping www.google.com
WARNING: setsockopt(ICMP_FILTER): Protocol not available
WARNING: your kernel is veeery old. No problems.
PING www.google.com (173.194.42.16) 56(84) bytes of data.
ping: recvmsg: Invalid argument
ping: recvmsg: Invalid argument
ping: recvmsg: Invalid argument
ping: recvmsg: Invalid argument

--- www.google.com ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3078ms

root at debian:/#



 
Leonardo M. Ramé
http://leonardorame.blogspot.com

More information about the freebsd-questions mailing list