EZJAIL and ping on FreeBSD-11.

James B. Byrne byrnejb at harte-lyne.ca
Thu Feb 1 15:23:18 UTC 2018

I have read the various 'howtos' respecting this issue and I cannot
see where I have failed to properly follow the instructions. But
clearly I have not done it right.

I have setup a jail named hll124.  it is configured and running.  It
can connect to the network and the Internet without issue. DNS
resolution works fine using local_unbound.

In /etc/sysctl.conf on the host I have this:

# $FreeBSD: releng/11.1/etc/sysctl.conf 112200 2003-03-13 18:43:50Z mux $
#  This file is read when going to multi-user and its contents piped thru
#  ``sysctl'' to adjust kernel values.  ``man 5 sysctl.conf'' for

# Uncomment this to prevent users from seeing information about
processes that
# are being run under another UID.

# Required for Chrome/Chromium

# Add to allow jails to create sockets - 2018-01-31 JBB

The host system shows this:

$ sudo sysctl security.jail.allow_raw_sockets
security.jail.allow_raw_sockets: 1

In the ezjail configuration file I have this:

# Allow ping, traceroute and other things 2018-01-31 JBB
export jail_hll124_allow_raw_sockets="YES"

When I connect to the ezjail instance with ezjail-admin console and
run ping then I see this:

# ping
ping: ssend socket: Operation not permitted

What else am I missing?

***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

More information about the freebsd-questions mailing list