Re: SSH from host to jail
Pat Lashley wrote:
I'm trying to set up some jails in a 5.1R system. I've pretty much
copied a setup that was working fine in 4.8; but on 5.1 I can't seem
to SSH from the host system into one of its jails. It acts like the
packets just aren't getting through.
I would really appreciate it if somebody would send me rc.conf fragments
that are known to work for setting up a jail's IP alias and routing on
5.1.
sure, but this isn't going to fix your problem:
ifconfig_wi0=inet 192.168.0.140 netmask 255.255.255.0
ifconfig_wi0_alias0=inet 192.168.0.131 netmask 255.255.255.255
jail_enable=YES
jail_list=shiba
jail_shiba_hostname=shiba
jail_shiba_ip=192.168.0.131
jail_shiba_rootdir=/usr/prison/192_168_0_130/
jail_shiba_exec=/bin/sh /etc/rc
To fix your problem you should try to mount a devfs for the jail so the
tty device is available for sshd to open when you login. I simply added
one line to my /etc/rc.d/jail script to test for the dev mount-point
in jail. Like so:
[ -d ${jail_rootdir}/dev ] mount -t devfs ${jail_rootdir}\dev
I suppose we could avoid this little fau pax in the future by adding a
new jail specific rc.conf var like this example:
jail_shiba_devfs=/usr/prison/192_168_0_130/dev
It could be easy to have it simply exist, or be non-null, to imply a
desire for devfs, and further checked for the existence of the
mount-point as I wrote above.
I could have a pr+patch made in 5 minutes if anybody thinks this is not
a bad idea?
-Jon
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: File system deadlock. GBDE(4) and/or MD(4) related.
Poul-Henning Kamp wrote: In message [EMAIL PROTECTED], Pawel Jakub Dawidek writ es: # touch /mnt/test.file You are probably missing: dd if=/dev/null of=/mnt/test.file bs=1m count=512 # mdconfig -a -t vnode -f /mnt/test.file -s 512M -u 1 What you have found has nothing to do with GBDE, I think it is the usual vnode backed md(4) deadlock. I wrote a howto that is somewhat similare to the desired steps in case anybody is interested in another way: http://www.ezunix.org/modules.php?op=modloadname=Sectionsfile=indexreq=viewarticleartid=67page=1 I've used gbde extensivly and have doubts about any issues. However, maybe some sanity checks in gbde would catch the problem? shrugs -Jon ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Annoucning DragonFly BSD!
Matthew Dillon wrote: snip A Packaging system is a very important piece of any distribution. Our goal will be to create a packaging system that, via VFS 'environments', causes any particular package to see only the dependancies that it depends on, and the proper version of said dependancies as well. Multiple versions of third party apps that normally conflict with each other could be installed simultaniously. The packaging-system-controlled VFS environment would also hide everything a package does not depend on, like other libraries in the system, in order to guarentee that the dependancies listed in the packaging system are in fact what the application depends on. There's no point in having a packaging system that can't detect broken and incorrect dependancies or we wind up with the same mess that we have with ports. Wouldn't it be possible to achive the same result without the VFS with well organized lib subdirs? like usr/lib/xyzlib1.2/ and usr/lib/xyzlib1.3/ which would maintain the install for any given version of a lib? In other words, instead of just dumping all the libs into the one place, you simply place them into sub folders instead and then link them as needed? Granted this would cause havoc for things like LD_LIBRARY_PATH. I never did like the way we dump things in the lib dir's, its messy. The VFS idea is interesting, but it like cleaning the mess by sending parts of the big mess into another dimention, making it a trans-dimentional mess (technically a larger mess). This throws away the KISS principle. To make this work the VFS environment would have to be able to run as a userland process. Otherwise we would never be able to throw in the type of flexibility and sophistication required to make it do what we want it to do, and the kernel interfacing would have to be quite robust. I want to make these environments so ubiquitous that they are simply taken for granted. Begin userland VFSs with the capability of overlaying the entire filesystem space, these environments would be extremely powerful. I suspect this ability would usefull for other things too, possibly for security lock-downs on shell users env's without chrooting them as an example. -Jon It might be possible to build this new packaging system on top of the existing ports infrastructure. It will be several months (possibly 6-12 months) before the kernelland is sufficienctly progressed to be able to imlpement the userland VFS concept so we have a lot of time to think about how to do it. -Matt Matthew Dillon [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Bug filing broken?
You might try to investigate the issue first. Try http://www.dnsreport.com;, and see if any red flags appear in the MX record section, or in another area that might affect mail. Its a common technique to reject mail from domains that do not follow the RFC specs. Also, you might try to send word about this to the postmaster of freebsd.org. Best, -Jon Andrew P. Lentvorski, Jr. wrote: I tried to file a bug for one of my -CURRENT machines using send-pr and got the following result back: - The following addresses had permanent fatal errors - [EMAIL PROTECTED] (reason: 450 taz.allcaps.org.: Helo command rejected: Host not found) Presumably this means that the mailer is trying to reverse lookup my hostname, and it doesn't exist. That's true, as I have been experimenting with this stuff behind my firewall on my private net. Fine. I'll file a bug via the web interface. Go to: http://www.freebsd.org/send-pr.html The web-based bug interface is currently disabled. This is annoying. A user is already peeved that FreeBSD has a bug, and now the bug sending mechanism has a bug. In addition, the web bug submission is offline. The send to [EMAIL PROTECTED] should not have failed in the first place. Even if [EMAIL PROTECTED] needs spam protection, all of the emails coming into it have a signature which makes spam analysis incredibly easy. Please reopen FreeBSD-gnats-submit so that it accepts all input and rejects based upon content. Another idea is to rewrite send-pr so that it submits bug reports directly to a port on a server somewhere. Using port 80 and a dedicated receive server would get around firewalling issues. The alternative is to reopen the web form. However, I find send-pr much more useful (less cutting and pasting). Submitting a bug report should be the easiest, most robust and error free task the system carries out. Thanks, -a ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [current] hostap+wi
Ruslan Ermilov wrote: On Sat, Jul 05, 2003 at 04:48:09PM -0400, David Gilbert wrote: [...] The hostap machine is 4.8-STABLE and the client is 5.1-RELEASE. One nice thing about the hostap is that bridge(4) works with wi(4) that is in hostap mode. Does anybody know if only Intersil cards have the hostap mode, or some Prism's also do? Well yeah. Considering Intersil makes the Prism brand of 802.11 chips. =) I'm not aware of any other chips that allow for this groovy hostap mode unless the formerly unsupported atheros chips do. I figure the idea is not unique, and the feature seems logical for vendors to build their AP's based on common hardware. -Jon ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: nss_ldap
Wasn't there a patch floating around to build a dynamic world with the placment of libc et'al in /lib ??? I'd actually like to try that patch for building a tiny fbsd image for my net4501. Thanks in advance, -Jon Disnard Dan Nelson wrote: In the last episode (Jun 27), Andrey Nepomnyaschih said: Well playing with it nss_ldap in 5.1R. I have found that ls -la Will not show the names of the owner if the owner resides in LDAP Directory only the corresponding uidNumbers. Is there a way to show the usernames instead of uidNumbers? Make sure ls is dynamically-linked. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
