On Mon, 14 Jul 2025, Doug Rabson wrote:
I tried setting allow.socket_af for a jail which inherits the host vnet and
this still has problems creating interfaces:
$ jid=$(sudo jail -i -c host.hostname=foo vnet=inherit allow.socket_af
path=/ persist)
$ sudo jexec $jid
You have mail.
root@foo:/ # ifconfig bridge create
ifconfig: socket(family 2,SOCK_DGRAM): Protocol not supported
Can you use tracing like Dtrace to see where the error comes from?
There's not many places which report 'Proto not sup'.
root@foo:/ # exit
exit
$ sudo jail -r $jid
I still think this use of jails is reasonable as long as you trust the code
which will run in the jail. I think I can work around this and arrange for
the interface create and add to happen on the host.
--
Bjoern A. Zeeb r15:7
