Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
FreeBSD, jail, ping
108 views
Skip to first unread message
James B. Byrne via freebsd-questions
Feb 1, 2018, 12:59:07 PM2/1/18
to
On the jail I see this behaviour:
root@hll124:~ # sysctl security.jail.allow_raw_sockets
security.jail.allow_raw_sockets: 0
root@hll124:~ # sysctl security.jail.allow_raw_sockets=1
security.jail.allow_raw_sockets: 0
sysctl: security.jail.allow_raw_sockets=1: Operation not permitted
So, how is this fixed?
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:Byr...@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
_______________________________________________
freebsd-...@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questi...@freebsd.org"
root@hll124:~ # sysctl security.jail.allow_raw_sockets
security.jail.allow_raw_sockets: 0
root@hll124:~ # sysctl security.jail.allow_raw_sockets=1
security.jail.allow_raw_sockets: 0
sysctl: security.jail.allow_raw_sockets=1: Operation not permitted
So, how is this fixed?
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:Byr...@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
_______________________________________________
freebsd-...@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questi...@freebsd.org"
Valeri Galtsev
Feb 1, 2018, 1:08:13 PM2/1/18
to
On 02/01/18 11:55, James B. Byrne via freebsd-questions wrote:
> On the jail I see this behaviour:
>
> root@hll124:~ # sysctl security.jail.allow_raw_sockets
> security.jail.allow_raw_sockets: 0
>
> root@hll124:~ # sysctl security.jail.allow_raw_sockets=1
> security.jail.allow_raw_sockets: 0
> sysctl: security.jail.allow_raw_sockets=1: Operation not permitted
host system, right?
Tahnks.
Valeri
>
> So, how is this fixed?
>
--
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
James B. Byrne via freebsd-questions
Feb 1, 2018, 1:08:48 PM2/1/18
to
On Thu, February 1, 2018 12:55, James B. Byrne wrote:
> On the jail I see this behaviour:
>
> root@hll124:~ # sysctl security.jail.allow_raw_sockets
> security.jail.allow_raw_sockets: 0
>
> root@hll124:~ # sysctl security.jail.allow_raw_sockets=1
> security.jail.allow_raw_sockets: 0
> sysctl: security.jail.allow_raw_sockets=1: Operation not permitted
>
> So, how is this fixed?
>
# jls
JID IP Address Hostname Path
6 127.0.124.1 hll124.hamilton.harte-lyne.ca /usr/jails/hll124
# jail -m jid=6 allow.raw_sockets=1
On jail:
# sysctl security.jail.allow_raw_sockets
security.jail.allow_raw_sockets: 1
root@hll124:~ # ping 192.168.71.1
PING 192.168.71.1 (192.168.71.1): 56 data bytes
64 bytes from 192.168.71.1: icmp_seq=0 ttl=64 time=0.253 ms
So, how does one get the jail to automatically configure this setting?
Valeri Galtsev
Feb 1, 2018, 1:19:22 PM2/1/18
to
On 02/01/18 12:05, James B. Byrne via freebsd-questions wrote:
>
> On Thu, February 1, 2018 12:55, James B. Byrne wrote:
>> On the jail I see this behaviour:
>>
>> root@hll124:~ # sysctl security.jail.allow_raw_sockets
>> security.jail.allow_raw_sockets: 0
>>
>> root@hll124:~ # sysctl security.jail.allow_raw_sockets=1
>> security.jail.allow_raw_sockets: 0
>> sysctl: security.jail.allow_raw_sockets=1: Operation not permitted
>>
>> So, how is this fixed?
>>
>
> On host:
>
> # jls
> JID IP Address Hostname Path
> 6 127.0.124.1 hll124.hamilton.harte-lyne.ca /usr/jails/hll124
>
> # jail -m jid=6 allow.raw_sockets=1
>
> On jail:
>
> # sysctl security.jail.allow_raw_sockets
> security.jail.allow_raw_sockets: 1
>
> root@hll124:~ # ping 192.168.71.1
> PING 192.168.71.1 (192.168.71.1): 56 data bytes
> 64 bytes from 192.168.71.1: icmp_seq=0 ttl=64 time=0.253 ms
>
>
> So, how does one get the jail to automatically configure this setting?
>
magic, the following line
allow.raw_sockets = 1;
will be in /etc/jail.conf inside particular jail configuration.
( after that setting is modified, particular jail has to be restarted as
someone already mentioned)
I hope, someone who uses ezjail will chime in.
Thanks.
Valeri
>
--
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
Grouchy Sysadmin
Feb 1, 2018, 1:26:29 PM2/1/18
to
James B. Byrne via freebsd-questions
Feb 1, 2018, 2:45:23 PM2/1/18
to
On Thu, February 1, 2018 13:15, Valeri Galtsev wrote:
>
> I do not know how to do it using ezjail, but after ezjail does its
> magic, the following line
>
> allow.raw_sockets = 1;
>
> will be in /etc/jail.conf inside particular jail configuration.
>
> ( after that setting is modified, particular jail has to be restarted
> as someone already mentioned)
>
deprecated environment-variable method to pass configuration values to
jail.
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:Byr...@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
0 new messages