Hello, TLDR: I can setup static IP or use dhcpcd to get address, but not dhclient.
Let me elaborate. I run 12-CURRENT on my laptop and use CBSD as jail manager (I don't think it matters). # dhclient eth0 chroot exiting. This is what I found with truss: https://gist.github.com/anonymous/36a4e2bf1760198971934ff609a7d0de#file-gistfile1-txt-L227-L228. Selected lines are what I think is the problem. Offending line in the code is probably https://svnweb.freebsd.org/base/head/sbin/dhclient/dhclient.c?revision=317915&view=markup#l507. With that asumption, Oleg, CBSD author, noticed that the following "patch" works: diff -ruN dhclient.c-o dhclient.c --- dhclient.c-o 2017-10-08 13:06:59.134921000 +0300 +++ dhclient.c 2017-10-08 13:07:48.047004000 +0300 -504,8 +504,8 if (cap_rights_limit(routefd, &rights) < 0 && errno != ENOSYS) error("can't limit route socket: %m"); - if (chroot(_PATH_VAREMPTY) == -1) - error("chroot"); +// if (chroot(_PATH_VEREMPTY) == -1) +// error("chroot"); if (chdir("/") == -1) error("chdir(\"/\")"); I just assume that commenting out capsicum part of code would do the same (didn't try it) as I can create files under /var/empty and perms look normal. Does anyone have a fairly recent 12-CURRENT VNET jail running with dhclient? If yes, what jail manager, if any? Also, could you recommend the way continue from this point given I never worked with capsicum? Thank you! Regards, meka
signature.asc
Description: PGP signature
