EZJAIL and ping on FreeBSD-11.
James B. Byrne
byrnejb at harte-lyne.ca
Thu Feb 1 15:23:18 UTC 2018
I have read the various 'howtos' respecting this issue and I cannot
see where I have failed to properly follow the instructions. But
clearly I have not done it right.
I have setup a jail named hll124. it is configured and running. It
can connect to the network and the Internet without issue. DNS
resolution works fine using local_unbound.
In /etc/sysctl.conf on the host I have this:
# $FreeBSD: releng/11.1/etc/sysctl.conf 112200 2003-03-13 18:43:50Z mux $
#
# This file is read when going to multi-user and its contents piped thru
# ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for
details.
#
# Uncomment this to prevent users from seeing information about
processes that
# are being run under another UID.
#security.bsd.see_other_uids=0
security.bsd.see_other_uids=0
security.bsd.see_other_gids=0
security.bsd.unprivileged_read_msgbuf=0
security.bsd.unprivileged_proc_debug=0
security.bsd.stack_guard_page=1
# Required for Chrome/Chromium
kern.ipc.shm_allow_removed=1
# Add to allow jails to create sockets - 2018-01-31 JBB
security.jail.allow_raw_sockets=1
The host system shows this:
$ sudo sysctl security.jail.allow_raw_sockets
security.jail.allow_raw_sockets: 1
In the ezjail configuration file I have this:
# Allow ping, traceroute and other things 2018-01-31 JBB
export jail_hll124_allow_raw_sockets="YES"
When I connect to the ezjail instance with ezjail-admin console and
run ping then I see this:
# ping 192.168.71.44
ping: ssend socket: Operation not permitted
What else am I missing?
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
More information about the freebsd-questions
mailing list