Re: Problems with FreeRADIUS in a jail

not match because they would need both INADDR_ANY and inaddr_any = 1 for that (for whatever reason they need to duplicate that information). But that's just a wild guess... -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT Software is harder than hardware so better get it right

Re: FreeBSD 7 and multiple IP (mijail-patch in 6.x)

of pjd's multi-ip v4 jail patch I can give you a plain forward port to a FreeBSD 7 system (which might have possible locking issues I have never experienced). All depends on how quickly you need it. /bz -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT Software is harder than

Re: Jail resource limits

, virtualization work, might no longer be simply jails. There is more work in progress so the main target for this will be 7 with the plan to migrate as much as possible to whatever will be in 8. Regards, Bjoern -- Bjoern A. Zeeb Stop bit received. Insert coin for new game

Re: New wiki page - Jails

as part of jails but as part of a larger virtualization technique if they are going to happen at all. Basically virtualizing everything under the name of jails does ot make a lot of sense. At one point you want a hypervisor and simply boot different instances. /bz -- Bjoern A. Zeeb Stop bit

new set of multi-IPv4/v6/noIP jail patches

argument as empty string like . Warning: you'll find out yourself;) /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail

Re: new set of multi-IPv4/v6/noIP jail patches

Notice just went in (which my patch isn't aware of yet but should still apply). -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail

Re: new set of multi-IPv4/v6/noIP jail patches

netmask 0x lo2: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 inet 192.0.2.200 netmask 0x dopt# Works here. Greetings Bjoern -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. ___ freebsd-jail

Re: new set of multi-IPv4/v6/noIP jail patches

On Mon, 7 Jul 2008, Christopher Thunes wrote: Hi, I can reproduce this and I know the bug. I'll post an updated patch in a few days. /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. ___ freebsd-jail@freebsd.org mailing

Re: multi-ip jail patch on freebsd 7

multi-ip jail patch? freebsd-jail@ would be a better list. I would happily point you at one but my webserver is down at the moment. I hope you can waut anther few days as I am swamped... -- Bjoern A. Zeeb Stop bit received. Insert coin for new game

Re: Multiple IPs

PROTECTED] wrote: Big ups to Bjoern A. Zeeb for his multiple IP patch as well as his friendly support service ;) I'd just like to confirm, however, if this is how it's done? # cd /usr/src # wget http://people.freebsd.org/~bz/bz_jail7-20080727-11-at146062.diff preferably use fetch as it comes

Re: Can't SSH into my jails after a makeworld

actually run? Did it give an error/warning? What does netstat -an show? (in case this is long do not psate it into mail and/or make sure there are no extra line wraps). -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. ___ freebsd

Patch no longer applying cleanly

Hi, FYI: I am aware of that the jail patches are no longer applying cleanly. There are upcoming changes during this week which will add further conflicts. I'll update the patches once those changes are in and the tree should be stable again with regard to the jail work. /bz -- Bjoern

Re: identd on jail with multiple IPs

On Wed, 6 Aug 2008, Redd Vinylene wrote: I cannot seem to make identd work on a jail with multiple IPs (Bjoern Zeeb's patch): So do you have any kind of error message? packet traces or anything to further isolate the problem rather than does not work? -- Bjoern A. Zeeb Stop bit

Re: kern/126368: Running ktrace/kdump in jail leads to stale jails

* the various lists to avoid needlessly holding locks. */ ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to [EMAIL PROTECTED] -- Bjoern A. Zeeb

Re: Multiple IPs

generate a new patch but 7 has been hosed for a while and people are doing last minute MFCs now so I would have had to regen it every few hours. -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. ___ freebsd-jail@freebsd.org mailing

[CFR/T] multi-/no-IP jail patch for HEAD

PS: for anyone crying for RELENG_7. I am trying to put a patch together the next days. -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo

Re: request for (security) comments on this setup

a sysctl security.jail.enforce_statfs=1 If that's what you want you can add the following lines to /etc/sysctl.conf in the base system so it is automatically set upon boot: # jails security.jail.enforce_statfs=1 /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new

Re: multi-/no-ipv4/6 patch for releng_7

On Sat, 20 Sep 2008, Bjoern A. Zeeb wrote: Hi, here's a new patch for RELENG_7. In contrast to before I have NOT TESTED this patch THOROUGHLY. FYI: I know production machines with ipv4/ipv6 jails that have been up for two days running this patch. In case you find any problem let me know

Re: jail/broadcast IP [was: Multiple IPS - Freebsd 7.1]

On Wed, 1 Oct 2008, Nejc S(koberne wrote: Hi, does this patch maybe also makes it possible for a jail to listen at a broadcast address? So before you are going to post this to another thread -- what are you trying to achive? -- Bjoern A. Zeeb Stop bit received. Insert coin

Re: Multiple IPS - Freebsd 7.1

have changes it would be good to know what you did or what I do not have so the do not have forks as my version will hit HEAD soon and has changed (also the user space) since July. /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game

Re: samba inside jails [was: jail/broadcast IP [was: ...]]

good old braodcast stuff might not work but in any modern setup that should no longer be needed imho. Good luck. /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. ___ freebsd-jail@freebsd.org mailing list http

Re: bz_jail7-20080920-01-at150161.diff

On Fri, 10 Oct 2008, alexus wrote: 1. latest patch for 7.0-RELEASE isn't working so which patch was that? Have an URL or filename? /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. ___ freebsd-jail@freebsd.org

Re: FreeBSD 7.0-RELEASE

://people.freebsd.org/~bz/20080617-01-jail-7.0R.diff Do not expect any update for it or anything. /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman

Re: multi-ip v4/v6

you. I have no plan to support multi-ipv4/v6/no-IP patches for before 7.1-PRE (anymore) atm. /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo

Re: Compilation question 64bit, 32 bit

On Fri, 17 Oct 2008, Bjoern A. Zeeb wrote: Hi, On Fri, 17 Oct 2008, Andrew Snow wrote: Hi, Alexander Leidinger wrote: Sort of. You can install a 32bit world into the jail and make sure 32bit support is activated in the kernel. The 32bit programs will then run just fine in the jail

Re: correct syntax to bind ipv6 to jails?

family 28 not supported. Ignoring. : No such file or directory huh, are your sure you are running with my patch and that the kernel is compiled with INET6 support? /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game

Re: Anyone interested in jail patches?

On Thu, 27 Nov 2008, Mars G Miro wrote: Hi, Tried both on recent 7.X and 8.X. Used about 4,5 different IPs ( IPv4 and v6 ) for the jails. So far so good ;-) That was good news the next morning:) Thanks. Regards, Bjoern -- Bjoern A. Zeeb Stop bit received. Insert coin

HEADS UP: multi/no-IPv4/v6 jails going to hit HEAD

Date: Wed, 26 Nov 2008 23:56:55 + (UTC) From: Bjoern A. Zeeb [EMAIL PROTECTED] To: freebsd-jail@freebsd.org Subject: Anyone interested in jail patches? Hi, it's 1am and I am out of caffeine so excuse all those typos and in case

Re: Anyone interested in jail patches?

On Sun, 30 Nov 2008, Frank Behrens wrote: Hi, Bjoern A. Zeeb wrote: On Thu, 27 Nov 2008, Frank Behrens wrote: On the other side I still read in the patched jail(2) man page: Similarly, it might be a good idea to add an address alias flag such that daemons listening on all IPs (INADDR_ANY

HEADS UP: r185435 multi-IPv4/v6/no-IP jails in HEAD

@ . Regards, Bjoern PS: the MFC question was answered in the commit message so do not ask. -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. -- Forwarded message -- Date: Sat, 29 Nov 2008 14:32:14 + (UTC) Subject: svn commit: r185435 - in head: lib

Re: HEADS UP: r185435 multi-IPv4/v6/no-IP jails in HEAD

here). It's been just too late. Regards, Bjoern -- Bjoern A. Zeeb The greatest risk is not taking one. ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail

Re: HEADS UP: r185435 multi-IPv4/v6/no-IP jails in HEAD

: I trimmed the CC: list as noone was able to adhere to Reply-To. -- Bjoern A. Zeeb The greatest risk is not taking one.___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe

Re: HEADS UP: r185435 multi-IPv4/v6/no-IP jails in HEAD

be absoultely no change in the output format. Why do I get the new jls output then when I only use one ipaddr. for a jail and none of the new features at all? What are you using? The version from HEAD or are you running a patch on either HEAD or 7 and if so from when? /bz -- Bjoern A. Zeeb

Re: HEADS UP: r185435 multi-IPv4/v6/no-IP jails in HEAD

On Thu, 11 Dec 2008, Bjoern A. Zeeb wrote: Hi, ok, after another round of private mails I got it; I had been living with jail patches for too long; the jls output (without -v) should be on one line and not on two. That wasn't intended. Unfortunately noone had complained the months before

Re: HEADS UP: r185435 multi-IPv4/v6/no-IP jails in HEAD

.. I'll look at this. can you try this patch? http://people.freebsd.org/~bz/20081214-01-jls-v1.diff Works for me, jls without arguments now gives the old output, -v shows all the new features! Thanks for testing. Comitted it to HEAD. /bz -- Bjoern A. Zeeb The greatest risk

Re: Nagios Jail

On Tue, 6 Jan 2009, Albert Shih wrote: Le 06/01/2009 à 15:06:37+, Bjoern A. Zeeb a écrit On Tue, 6 Jan 2009, Albert Shih wrote: In fact I found the problem : When I compile nagios-plugin ports in a jail the «configure» don't find syntax of ping : checking for ping... /sbin/ping

jail startup script for multi-IPs + ifconfig *sigh* stuff

? 4) any other comments? In case there are bugs or problems, let me know - I'll update and repost links. /bz PS: special thanks to Ruben van Staveren who had maintained a (slightly) different version supporting v4/v6 ifconfig all the time! -- Bjoern A. Zeeb

Problems with Samba -- svn commit: r186948 - in head/sys: netinet netinet6 (fwd)

Hi, in case anyone had trouble for example with Samba inside a jail (and had to set interfaces = ...) you may want to update to this on HEAD or grab the patch form the PR if you are running the multi-IP jail patch. I'll include this in the next (upcoming) patchset. /bz -- Bjoern A. Zeeb

Re: kern/89528: [jail] [patch] impossible to kill a jail

The following reply was made to PR kern/89528; it has been noted by GNATS. From: Bjoern A. Zeeb b...@freebsd.org To: bug-follo...@freebsd.org Cc: Subject: Re: kern/89528: [jail] [patch] impossible to kill a jail Date: Sat, 10 Jan 2009 21:11:01 + (UTC) Before I am going to look it up

Re: bsnmp module for monitoring jails: bsnmp-jails

of xprison structures - ... I have the feeling that this will need a bit of polishing and separation of things... I hope Shteryana may join in here ... -- Bjoern A. Zeeb The greatest risk is not taking one. ___ freebsd-jail@freebsd.org

Re: HEADS UP: multi-IPv4/v6/no-IP jails merge to 7-STABLE ahead

On Wed, 28 Jan 2009, Bjoern A. Zeeb wrote: Hi, I have a possible MFC candidate patch at: http://people.freebsd.org/~bz/20090128-02-jail7-mfc.diff to merge the multi-IPv4/v6/no-IP jails to 7-STABLE. My plan would be to do so during the weekend of 6-8th February 2009. In addition

Re: Problem with ezjail: Manually restarted jails don't come up again

... /bz -- Bjoern A. Zeeb The greatest risk is not taking one. ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org

Re: BIND in jail problem

to 127.0.0.1. And 127.0.0.1 is the host 0 machine and does not run BIND. I start wondering if you are editing the correct resolve.conf inside the correct jail and run your commands inside the same jail? /bz -- Bjoern A. Zeeb The greatest risk is not taking one

Re: Problem using bz's multi-IP/IPv6/No-IP Jail Patch (7-STABLE)

suggest fixing ifconfig if (easily) possible; that would avoid us running into it again in a few months/year(s) when it might be possible to compile an INET6 but no INET kernel. -- Bjoern A. Zeeb The greatest risk is not taking one

Re: Problems with Jails and Samba3

!!! That sounds like the port has a problem. I'd try to mail ports@ and the port maintainer. You'll find it listed here: http://www.freebsd.org/cgi/ports.cgi?query=samba-3.0stype=namesektion=all /bz -- Bjoern A. Zeeb The greatest risk is not taking one

Re: Patching for multi-ip.

to get this without building world. there is no way w/o building a world and a kernel or waiting another few days for 7.2-{BETA,RC*,RELEASE} which will have all this. -- Bjoern A. Zeeb The greatest risk is not taking one.___ freebsd

Re: Adding ips to running jail.

On Thu, 2 Apr 2009, Peter Ankerstål wrote: Is it possible to add ip-addresses to an already running jail? Not yet but possibly soon (in FreeBSD 8). -- Bjoern A. Zeeb The greatest risk is not taking one.___ freebsd-jail

Re: lo0's IPv6 address overwritten

changes to the jail's IPv6 address. The routing table doesn't change. telnet to where? To the jail IP? To an IP of the base system? To world? Which version of RELENG_7 are you on (as what does a few days mean)? /bz -- Bjoern A. Zeeb The greatest risk is not taking one

Re: lo0's IPv6 address overwritten

metric 0 mtu 16384 inet6 2001:738:2001:1000::2 prefixlen 128 *wow*, that's indeed ... confusing. I'll try to (get someone to) look into this. /bz -- Bjoern A. Zeeb The greatest risk is not taking one. ___ freebsd-jail

Re: Regarding multi-ip Bjoern head patch

, all of FreeBSD 7.2 (BETA, RC1, upcomig RC2 and RELEASE) have and will have it. So if you are going to update your system to any of those versions you'll have it. /bz PS: in case of reply please remove the -virtualization Cc: -- Bjoern A. Zeeb The greatest risk is not taking

Re: changing cpuset of jail from inside of jail - is it feature?

On Wed, 22 Apr 2009, Miroslav Lachman wrote: Hi, Bjoern A. Zeeb wrote: On Wed, 22 Apr 2009, Miroslav Lachman wrote: Hi, I am running system FreeBSD 7.1-STABLE amd64 GENERIC (Wed Feb 11 09:56:08 CET 2009) hosting few jails. The machine has dual core CPU and some jails are set to run only

Re: bind()/sendto() behavior in RELENG_7

you switched on IPv6 as well 2) no longer works? 4) can you give me the output of sysctl net.inet6.ip6.v6only ? /bz -- Bjoern A. Zeeb The greatest risk is not taking one. ___ freebsd-jail@freebsd.org mailing list http

Re: Switching /etc/rc.d/jail to new syntax (+ new features)

=enforce_statfs=2 This config option can also take other jail parameters like allow.sysvipc and other ones described in the jail man-page (additional parameters need to be space separated). Feedback welcome. 1) it break various things that will no longer work 2) it's not a poper solution /bz -- Bjoern

Re: Can't login Jailed system

is the jailID from the jls output) and check with ps if sshd is running inside the jail, and check the usual things are up and there. /bz -- Bjoern A. Zeeb The greatest risk is not taking one. ___ freebsd-jail@freebsd.org mailing list

Re: Multicast in jail?

. /bz -- Bjoern A. Zeeb The greatest risk is not taking one. ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org

Re: 8.0 still allow creating ipv6 udp socket in jail without ipv6 ip

by the following patch: http://people.freebsd.org/~bz/20090727-01-jail8-legacy.diff Can you give it a try and report if that fixes your problem? Regards, Bjoern -- Bjoern A. Zeeb The greatest risk is not taking one. ___ freebsd-jail

Re: Not getting an IPv6 in a jail

the address. I cannot say if it'll work but it would be worth a try. /bz -- Bjoern A. Zeeb What was I talking about and who are you again? ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail

Re: Per Jail Memory Limits

this as we use 7.1 in production. Notes: * CPU limiting is not support is not supported unless you use shecd_4bsd. * I have not tested this on any system yet, just compile tested, I am putting it though its paces right now. Tom -- Bjoern A. Zeeb It will not break if you know what

Re: Setting the jail identifier from /etc/rc.conf

hostname yet? Or maybe we should at least provide a config tunable for this? Redirect to freebsd-jail@ ; you may even find the answers to those int he mail archive (unless those had been private threads I was on Cc: on;-) -- Bjoern A. Zeeb It will not break if you know what you are doing

Re: Broadcast under Jail problems

On Mon, 16 Nov 2009, Vagif Zeynalov wrote: Hi, ...I can provide more details if it will be necessary... error ogs from the application would be interesting to see which (sys)call return which error so that we can narrow it down. /bz -- Bjoern A. Zeeb It will not break if you know

Re: Networking from jail - errata

255.255.255.255 Note that the alias has a /32 netmask. /bz -- Bjoern A. Zeeb It will not break if you know what you are doing.___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any

Re: AW: Networking from jail - errata

to an IP address rather than the name (don't use 127.0.0.1 as address, just to rule that out as well). /bz -- Bjoern A. Zeeb It will not break if you know what you are doing. ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman

Re: [patch] Improved jail fstab functionality inside rc.d (needs testers and review)

On Sun, 29 Nov 2009, Merijn Verstraaten wrote: My apologies if these are the wrong lists for this sort of thing but it was unclear to me where else to go with additions like this. You may try freebsd-jail@ Make sure to get a review from simon@ for this. /bz -- Bjoern A. Zeeb

Re: ezjail with vimage

On Mon, 7 Dec 2009, Miroslav Lachman wrote: Hi Miroslav, The last time I wrote with Bjoern A. Zeeb about jailname, cpuset etc. support in rc.conf (back in March 2009) he stated that there is no need to add anything because it can be done by jail_NAME_flags. AFAIK current system still doesn't

Re: ezjail with vimage

On Mon, 7 Dec 2009, Miroslav Lachman wrote: Bjoern A. Zeeb wrote: On Mon, 7 Dec 2009, Miroslav Lachman wrote: Hi Miroslav, The last time I wrote with Bjoern A. Zeeb about jailname, cpuset etc. support in rc.conf (back in March 2009) he stated that there is no need to add anything because

Re: ioctl call freebsd 7.2 in jail

if it'll work easily w/o the other infrastructure but I'll see what I can do. I can see no chance that it'll ever make it into 7.1 as an Errata Notice though, so you would have to keep patching your system yourself. /bz -- Bjoern A. Zeeb It will not break if you know what you are doing

Re: ioctl call freebsd 7.2 in jail

On Fri, 18 Dec 2009, Axel Scheepers wrote: hi, Bjoern A. Zeeb bzeeb-li...@lists.zabbadoz.net writes: I think I remember the patch; I guess it was the samba patch. I can extract it for you; not sure if it'll work easily w/o the other infrastructure but I'll see what I can do. I can see

Re: Jail on 2 interfaces?

the jail_squid_interface=.. line. HTH /bz -- Bjoern A. Zeeb It will not break if you know what you are doing. ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail

Re: kern/142341: [jail] Jail escape when cwd is moved from the host system

The following reply was made to PR kern/142341; it has been noted by GNATS. From: Bjoern A. Zeeb b...@freebsd.org To: bug-follo...@freebsd.org, ve...@kajtaz.net Cc: Subject: Re: kern/142341: [jail] Jail escape when cwd is moved from the host system Date: Tue, 5 Jan 2010 19:36:36 + (UTC

Re: configuration of multiple IPs for a jail

the right thing. /bz -- Bjoern A. Zeeb It will not break if you know what you are doing. ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr

Re: sysvipc in jails + CURRENT

) should be working the other way round I think. Anyway, the summary is: if you don't change the default a jail -c enforce_statfs=1 ... should just work fine. Hope this helps. /bz -- Bjoern A. Zeeb This signature is about you not me

Re: Mutiple ipv4 and ipv6.

:db8: (which are the example/docmentation prefixes) or, if you want, send them to me privately. /bz -- Bjoern A. Zeeb Welcome a new stage of life. ks Going to jail sucks -- bz All my daemons like it! http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook

Re: loopback in jail

the primary address of the jail for the given address family. /bz -- Bjoern A. Zeeb Welcome a new stage of life. ks Going to jail sucks -- bz All my daemons like it! http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails.html

Re: FTPD not working properly on jail

On Wed, 8 Dec 2010, Redd Vinylene wrote: On Wed, Dec 8, 2010 at 4:52 PM, Bjoern A. Zeeb bzeeb-li...@lists.zabbadoz.net wrote: a) have you tried without SSL? b) have you tried ftpd from base? It pretty much smells like a bug in vsftpd. Out of curiosity - which version of freebsd

Re: ipv6 loopback behaviour inside jail

On Wed, 30 Mar 2011, Rob Evers wrote: P.S. I can supply any further information needed. Which verison of FreeBSD are you running? -- Bjoern A. Zeeb You have to have visions! Stop bit received. Insert coin for new address family

Re: Passing additional options to jail(8) via rc.conf

On Sep 20, 2011, at 5:25 PM, Moritz Wilhelmy wrote: On Tue, Sep 20, 2011 at 16:54:33 +, Bjoern A. Zeeb wrote: On Sep 20, 2011, at 3:21 PM, Moritz Wilhelmy wrote: Please keep me in CC, I am not subscribed to freebsd-jail. Which is your problem as the real solution is being discussed

Re: mtr doesn't work in a jail even with security.jail.allow_raw_sockets: 1

which version of freebsd? Anything newer than incl. 8.0 the systls are not what you want anymore; it's per jail flags. /bz -- Bjoern A. Zeeb You have to have visions! It does not matter how good you are. It matters what good you do

Re: * Re: * Re: Getting Jail v2 working with 9-stable

-platforms VIMAGE is supported. VIMAGE should be arch independent. -- Bjoern A. Zeeb You have to have visions! It does not matter how good you are. It matters what good you do! ___ freebsd-jail@freebsd.org mailing list

Re: Practical limit to number of jails on a given host?

? ISTR that way back when, the IP addresses associated with a particular interface were stored in a linked list, so as you added more you would start seeing O(N) slowdown on a lot of network stuff in the kernel. Yeah, we still do list walks here and there. /bz -- Bjoern A. Zeeb

Re: Jail source address selection broken, patch for ping

-around and prove of concept that this really was the issue: http://people.freebsd.org/~bz/20120407-01-ping-source-addr.diff /bz -- Bjoern A. Zeeb You have to have visions! It does not matter how good you are. It matters what good you do

Re: [jail] Allowing root privledged users to renice

sysctls are a bad idea given jails have per-jail flags these days. Maybe also only allow re-nicing to be nicer but not less nice? /bz -- Bjoern A. Zeeb You have to have visions! It does not matter how good you are. It matters what good you do

Re: [patch] etc/rc.d/jail: allow extra parameters for each jails

will not prevent jamie's recent/next work for rc.d/jail. I'll commit this if there is no objection. Why not just use his work? -- Bjoern A. Zeeb You have to have visions! Stop bit received. Insert coin for new address family

Re: Fixed Jail ID for ZFS - need proper mgmt?

is not the only thing in theory. Assume your management does not make sure the same users gets the same jail; you elak a lot of (possibly security related) information. Would also make it quite hard in terms of auditing etc. to get this right unless done knowingly and on purpose. -- Bjoern

Re: IPv6 multicast sent to jail

On Wed, 5 Sep 2012, Curtis Villamizar wrote: In message alpine.bsf.2.00.1209031219120.76...@ai.fobar.qr Bjoern A. Zeeb writes: On Sat, 25 Aug 2012, Jamie Gritton wrote: ... Curtis Offhand, it does sound like a bug. I imagine the solution would be to reject the join - at least the easy

Re: kern/68189 and kern/169751: what jails are allowed to see in a routing socket

anymore if they suddently could fiddle with the routing table - even read-only, should that really be enough. I would explicitly advertise it as 'do not use - will go away again' feature and it should the moment vnets are declared non-experimental. Just my 2cts. /bz -- Bjoern A. Zeeb

Re: VNET performance

games. I wonder what a vale switch for vnets could achieve. — Bjoern A. Zeeb Come on. Learn, goddamn it., WarGames, 1983 ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any

Re: Current state of VIMAGE on 10-STABLE?

if the harder problem is indeed solved :-) — Bjoern A. Zeeb Charles Haddon Spurgeon: Friendship is one of the sweetest joys of life. Many might have failed beneath the bitterness of their trial had they not found a friend

Re: How to implement jail-aware SysV IPC (with my nasty patch)

Hi, removed hackers, added virtualization. On 12 Jun 2015, at 01:17 , kikuc...@uranus.dti.ne.jp wrote: Hello, I’m (still) trying to figure out how jail-aware SysV IPC mechanism should be. The best way probably is to finally get the “common” VIMAGE framework into HEAD to allow easy

Re: How to implement jail-aware SysV IPC (with my nasty patch)

On 15 Jun 2015, at 17:10 , kikuc...@uranus.dti.ne.jp wrote: On Mon, 15 Jun 2015 09:53:53 +, Bjoern A. Zeeb bzeeb-li...@lists.zabbadoz.net wrote: Hi, removed hackers, added virtualization. On 12 Jun 2015, at 01:17 , kikuc...@uranus.dti.ne.jp wrote: Hello, I’m (still

VNET jails not going away

Hi, has anyone else experienced VNET jails to not fully go away anymore on a recent HEAD kernel (or possibly an older kernel)? I have test cases with which I can have them in DYING state (see jls -av) for ever or at least more than half a day. I am in the process of trying to find the cause

VNET teardown changes (part I)

Hi, sorry for the cross-post; Reply-To set. I extracted a patch from projects VNET which tries to get the VNET teardown more robust (and in a next step plug the remaining [TCP] memory leaks). If anyone has an interest in testing some parts on a non-production setup (you have been warned)

Re: (VNET) jails not going away

Hi, sorry for the cross-post, Reply-To: set. > On 22 Feb 2016, at 13:41 , Bjoern A. Zeeb <bzeeb-li...@lists.zabbadoz.net> > wrote: > > Hi, > > has anyone else experienced VNET jails to not fully go away anymore on a > recent HEAD kernel (or possibly an older kern

Re: jails in different private subnets on the same host

> On 18 May 2016, at 14:00 , Grzegorz Junka wrote: > > Is it possible to have two jails on the same host each one in a different > private subnet, e.g. 192.168.1.0 and 10.33.1.0, and have routing between them > working without issues? > > I know it's possible to run jails

Request for VIMAGE testing in 11.0-ALPHA6 and later

f you find problems please file a bug report and make sure to set "vimage" in the Keywords field but feel also free to post to freebsd-virtualisation@ which I'll be monitoring. Thanks a lot to everyone! Bjoern -- Bjoern A. Zeeb

Re: testing 11.0-RC1 vnet jails with ipfilter

On 15 Aug 2016, at 15:37, Ernie Luzar wrote: Hello list; Running 11.0-RC1 with only option vimage compiled into the generic kernel. I can run ipfilter on the host and start vnet jails containing no firewalls just fine. But when I try to also have ipfilter run in the vnet jail nothing

Re: testing 11.0-RC1 vnet jails with ipfilter

On 16 Aug 2016, at 12:47, krad wrote: is ipfilter supported in vnet jails? Last time I looked and tried pf didnt work (kernel panics), and only ipfw was supported. In 11-RC* it is present for all 3 firewalls; like VIMAGE due to memory footprint you might have to compile the firewall into

Re: Issue with 127.0.0.1 when reconfiguring running Jail

On 6 Aug 2018, at 16:32, Support SimpleRezo wrote: Hi ! I'm fancing an issue when i'm using "jail -m ip4.addr=..." for reconfiguring ip4.addr of a running jail: accessing or binding 127.0.0.1 is not redirect anymore by kernel to the jail IP. Is it expected? Do I missing something there?

Re: Time for those old global jail sysctls to go

On 22 Mar 2018, at 4:13, James Gritton wrote: I've got a revision in the works to remove the security.jail.foo_allowed sysctls: The old jail system had sysctls to set jail permissions for all jails (e.g. security.jail.mount_allowed), which were superseded

Re: enforce_statfs showing leading path

On 9 Jan 2019, at 9:42, Alexander Leidinger via freebsd-jail wrote: Hi, I’ll be a bit verbose also for mwlucas. You see the dataset name of zfs without stripping. The mount point is correctly stripped. I don't remember how this looks on ufs. /dev/ada0p19 on / (ufs, local, journaled

Re: icmp (IPv4) issues with VIMAGE JAILs and IPv6

On 28 Jan 2019, at 12:44, O. Hartmann wrote: I ran into severe problems on CURRENT ( FreeBSD 13.0-CURRENT #193 r343521: Mon Jan 28 10:26:36 CET 2019 amd64), VIMAGE enabled host with jails utilizing IPv6. and you forget to mention in the subject that it seems to be an ipfw problem and thus

  1   2   >