Current problem reports assigned to freebsd-jail@FreeBSD.org

2012-08-20 Thread FreeBSD bugmaster 
Note: to view an individual PR, use:
  http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).

The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.


S Tracker  Resp.  Description

o kern/169751  jail   [jail] reading routing information does not work in ja
o bin/167911   jail   new jail(8) problem with removal, ifconfg -alias and k
o kern/159918  jail   [jail] inter-jail communication failure
o docs/156853  jail   [patch] Update docs: jail(8) security issues with worl
o kern/156111  jail   [jail] procstat -b not supported in jail
o misc/155765  jail   [patch] `buildworld' does not honors WITHOUT_JAIL
o conf/154246  jail   [jail] [patch] Bad symlink created if devfs mount poin
o conf/149050  jail   [jail] rcorder ``nojail'' too coarse for Jail+VNET
s conf/142972  jail   [jail] [patch] Support JAILv2 and vnet in rc.d/jail
o conf/141317  jail   [patch] uncorrect jail stop in /etc/rc.d/jail
o kern/133265  jail   [jail] is there a solution how to run nfs client in ja
o kern/119842  jail   [smbfs] [jail] Bad address with smbfs inside a jail
o bin/99566jail   [jail] [patch] fstat(1) according to specified jid
o bin/32828jail   [jail] w(1) incorrectly handles stale utmp slots with 

14 problems total.

___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org

Re: IPv6 multicast sent to jail

2012-08-20 Thread Mars G. Miro 

On 08/20/12 01:35, Curtis Villamizar wrote:

I'm trying to run isc-dhcpd using dhcpd -6 in a jail.  No luck.

The following code is run in the jail and doesn't fail.

 if (inet_pton(AF_INET6, All_DHCP_Relay_Agents_and_Servers,
   mreq.ipv6mr_multiaddr)= 0) {
 log_fatal(inet_pton: unable to convert '%s',
   All_DHCP_Relay_Agents_and_Servers);
 }
 mreq.ipv6mr_interface = if_nametoindex(info-name);
 if (setsockopt(sock, IPPROTO_IPV6, IPV6_JOIN_GROUP,
mreq, sizeof(mreq))  0) {
 log_fatal(setsockopt: IPV6_JOIN_GROUP: %m);
 }

where All_DHCP_Relay_Agents_and_Servers is defined as FF02::1:2.

Later dhcpd binds to *.517 which can be seen in netstat -an.

Packets to ff02::1:2.517 are seen on the jailer (as opposed to the
jailee) using tcpdump, but no packets are received by the jailee.

When the same command from the jailer using a chroot to the jailee
directory, the multicast packets are received.



Probably because there is no bpf in a default jail ?

Try making bpf visible in the jail via devfs.



Is there a solution to this other than changing the jail from an
implied ip6=new with a specific address to ip6=inherit.  What I'd
really like is a yet to be invented ip6=new+multicast.

Using ip6=inherit would be OK, adding very little exposure (mostly
DoS attack exposure).  It would be nice if ip6=inherit were
supported in the rc.d/jail framework.

Before I go changing anything I'm asking whether allowing the
multicast join and then not passing multicast to the jail is
considered a bug and how it should behave (the join should have failed
or the packets should have arrived).  If the best workaround for now
is ip6=inherit would adding jail_jailname_ip[46] variables to the
rc files be viewed as a good solution (with a comment in
/etc/defaults/rc.conf indicating that the interaction between setting
addressing using _ip and _ip_multi and setting _ip4 or _ip6 (setting
an address for each family forces ip[46]=net for that AF.

Curtis


btw- not subscribed to freebsd-jail so please leave me on the Cc.
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org



--
When I was crossing the border into Canada, they asked if
I had any firearms with me.  I said, Well, what do you need?
-- Steven Wright
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org