From nobody Sat Jul 23 17:06:15 2022 X-Original-To: freebsd-jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Lqt4Z7497z4XDv5 for ; Sat, 23 Jul 2022 17:06:22 +0000 (UTC) (envelope-from jamie@gritton.org) Received: from gritton.org (gritton.org [162.220.209.3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "gritton.org", Issuer "gritton.org" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Lqt4Z19Cwz4Pmh; Sat, 23 Jul 2022 17:06:22 +0000 (UTC) (envelope-from jamie@gritton.org) Received: from gritton.org ([127.0.0.3]) (authenticated bits=0) by gritton.org (8.16.1/8.16.1) with ESMTPA id 26NH6F3i025353; Sat, 23 Jul 2022 10:06:15 -0700 (PDT) (envelope-from jamie@gritton.org) List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 Date: Sat, 23 Jul 2022 10:06:15 -0700 From: James Gritton To: freebsd-jail@freebsd.org Cc: Kurt Jaeger Subject: Re: jail created with ip4=new and ipv4.addr shows ip4=disable on jail -s In-Reply-To: References: User-Agent: Roundcube Webmail/1.4.11 Message-ID: <8e1bf678efc18f9d3c4d5ee16df3caa1@gritton.org> X-Sender: jamie@gritton.org Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4Lqt4Z19Cwz4Pmh X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of jamie@gritton.org designates 162.220.209.3 as permitted sender) smtp.mailfrom=jamie@gritton.org X-Spamd-Result: default: False [-3.30 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; R_SPF_ALLOW(-0.20)[+ip4:162.220.209.0/28]; MIME_GOOD(-0.10)[text/plain]; RCPT_COUNT_TWO(0.00)[2]; ASN(0.00)[asn:30247, ipnet:162.220.208.0/22, country:US]; MIME_TRACE(0.00)[0:+]; R_DKIM_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-jail@freebsd.org]; RCVD_TLS_LAST(0.00)[]; ARC_NA(0.00)[]; FREEFALL_USER(0.00)[jamie]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_SOME(0.00)[]; DMARC_NA(0.00)[gritton.org]; MID_RHS_MATCH_FROM(0.00)[] X-ThisMailContainsUnwantedMimeParts: N On 2022-07-23 04:56, Kurt Jaeger wrote: > Hello, > > On a 13.1 box: > > The jail is created with: > > /usr/sbin/jail -c allow.raw_sockets allow.sysvipc devfs_ruleset=4 > host.hostname=somehostname path=/somepath ip4=new ip4.addr= > ip6=new ip6.addr= command=/bin/sh /etc/rc > > But: > > jail -s > > displays: > > [...] ip4=disable ip6=disable > > Is that a bug and if not, why does it behave like that ? It's a bug in the reporting. ip4 is presented as a jailsys parameter with its values of disable, inherit, and new. jail_get(2) reports such values based on flags in the prison structure, but ip4 and ip6 are only stored as a single bit with disable indistinguishable from new. jail_get should be looking at the number of IP addresses, which is what tells the difference. - Jamie