Re: linux debian jail - network problems

Reply: Zhenlei Huang : "Re: linux debian jail - network problems"
In reply to: Sami Halabi : "linux debian jail - network problems"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Sami Halabi <sodynet1_at_gmail.com>
Date: Thu, 24 Feb 2022 20:05:27 UTC
Hi,
Added Current, maybe will be lucky ;)

Anyone have idea how approach and fix this?

Sami

בתאריך יום ג׳, 22 בפבר׳ 2022, 23:30, מאת Sami Halabi ‏<sodynet1@gmail.com>:

> Hi all,
> sorry for the cross post but I need help and I'm not sure where it hangs.
>
> I create linux jail (debian bullseye) via cbsd.
> the jail is being populated with the debian userland..
> so far so good... services running (sshd) and I can login to the jail, I
> also can update packages and I can install apache httpd and all works fine
> (apt install or make from src).
> I also manage to install packages even if their scripts depend on "ip"
> command that fails:
> cbsd@j2> ip
> Cannot open netlink socket: Address family not supported by protocol
>
> ifconfig show empty interfaces:
> cbsd@j2> ifconfig
> eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
>         ether 00:50:56:0a:b3:a0  (Ethernet)
>         RX packets 139798314  bytes 12029597009 (11.2 GiB)
>         RX errors 0  dropped 0  overruns 0  frame 0
>         TX packets 26879143  bytes 34400160833 (32.0 GiB)
>         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>
> lo0: flags=4169<UP,LOOPBACK,RUNNING,MULTICAST>  mtu 16384
>         loop  (Local Loopback)
>         RX packets 28548  bytes 160312960 (152.8 MiB)
>         RX errors 0  dropped 0  overruns 0  frame 0
>         TX packets 28548  bytes 160312960 (152.8 MiB)
>         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>
> I know linux emulation doesn't implement netlink.. so what I do is fake
> the response by replacing /bin/ip by a bash script that prints the correct
> IP and fakes some other (needed by packages i Installed):
> #!/bin/bash
> if [ "$1" = "-o" ]; then
> echo "1: eth0 inet 192.168.1.2/24 brd 192.168.1.255 scope global eth0"
> elif [ "$1" = "route" ]; then
>         if [ "$2" = "get" ]; then
>                 echo "8.8.8.8 via  192.168.1.2   dev eth0  src
> 192.168.1.2  "
>         else
>                 echo "default via  192.168.1.2   dev eth0"
>         fi
> else
> echo "1: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state
> UP qlen 1000"
> echo "  inet  192.168.1.2  /24 brd  192.168.1.255 scope global eth0"
>
>
> still ifconfig shows no IP... its time to say it a regular jail and *NOT*
> VNET.
>
> *however* package that pull ips via libraries fail..
> eg: installed bind916 (name) in the logs I see these errors (relevant
> only):
> cbsd@j2> service named start
> Starting domain name service...: namednamed: prctl(PR_SET_DUMPABLE)
> failed: Invalid argument
> cbsd@j2>
>
>
> log file shows:
> 22-Feb-2022 23:11:58.705 general: notice: BIND 9 is maintained by Internet
> Systems Consortium,
> 22-Feb-2022 23:11:58.705 general: notice: Inc. (ISC), a non-profit
> 501(c)(3) public-benefit
> 22-Feb-2022 23:11:58.705 general: notice: corporation.  Support and
> training for BIND 9 are
> 22-Feb-2022 23:11:58.705 general: notice: available at
> https://www.isc.org/support
> 22-Feb-2022 23:11:58.705 general: notice:
> ----------------------------------------------------
> 22-Feb-2022 23:11:58.705 general: info: found 6 CPUs, using 6 worker
> threads
> 22-Feb-2022 23:11:58.705 general: info: using 6 UDP listeners per interface
> 22-Feb-2022 23:11:58.705 general: info: using up to 21000 sockets
> 22-Feb-2022 23:11:58.715 general: info: loading configuration from
> '/etc/bind/named.conf'
> 22-Feb-2022 23:11:58.715 general: info: reading built-in trust anchors
> from file '/etc/bind/bind.keys'
> 22-Feb-2022 23:11:58.715 general: info: looking for GeoIP2 databases in
> '/usr/share/GeoIP'
> 22-Feb-2022 23:11:58.715 general: info: using default UDP/IPv4 port range:
> [1024, 65535]
> 22-Feb-2022 23:11:58.715 general: info: using default UDP/IPv6 port range:
> [1024, 65535]
> 22-Feb-2022 23:11:58.715 network: info: no IPv6 interfaces found
> 22-Feb-2022 23:11:58.715 general: error: ifiter_getifaddrs.c:79:
> unexpected error:
> 22-Feb-2022 23:11:58.715 general: error: getting interface addresses:
> getifaddrs: Address family not supported by protocol
> 22-Feb-2022 23:11:58.715 network: warning: not listening on any interfaces
> *snip*
> *snip*
> 22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:
> 22-Feb-2022 23:11:58.735 general: error: setsockopt(50, IP_RECVTOS)
> failed: Protocol not available
> 22-Feb-2022 23:11:58.735 general: notice: couldn't add command channel
> 127.0.0.1#953: permission denied
> 22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:
> 22-Feb-2022 23:11:58.735 general: error: setsockopt(50, IP_RECVTOS)
> failed: Protocol not available
> 22-Feb-2022 23:11:58.735 general: notice: couldn't add command channel
> 127.0.0.1#953: permission denied
> 22-Feb-2022 23:11:58.735 zoneload: info: managed-keys-zone: loaded serial
> 24
> 22-Feb-2022 23:11:58.735 zoneload: info: zone 0.in-addr.arpa/IN: loaded
> serial 1
> 22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:
> 22-Feb-2022 23:11:58.735 general: error: setsockopt(512, IP_RECVTOS)
> failed: Protocol not available
> 22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:
> 22-Feb-2022 23:11:58.735 general: error: setsockopt(513, IP_RECVTOS)
> failed: Protocol not available
> 22-Feb-2022 23:11:58.745 zoneload: info: zone 255.in-addr.arpa/IN: loaded
> serial 1
> 22-Feb-2022 23:11:58.745 zoneload: info: zone j1.royalshells.com/IN:
> loaded serial 2022022106
> 22-Feb-2022 23:11:58.745 notify: info: zone j1.royalshells.com/IN:
> sending notifies (serial 2022022106)
> 22-Feb-2022 23:11:58.745 general: error: socket.c:2405: unexpected error:
> 22-Feb-2022 23:11:58.745 general: error: setsockopt(514, IP_RECVTOS)
> failed: Protocol not available
> 22-Feb-2022 23:11:58.745 zoneload: info: zone localhost/IN: loaded serial 2
> 22-Feb-2022 23:11:58.745 general: error: socket.c:2405: unexpected error:
> 22-Feb-2022 23:11:58.745 general: error: setsockopt(515, IP_RECVTOS)
> failed: Protocol not available
> 22-Feb-2022 23:11:58.745 zoneload: info: zone 127.in-addr.arpa/IN: loaded
> serial 1
> 22-Feb-2022 23:11:58.745 general: notice: all zones loaded
> 22-Feb-2022 23:11:58.745 general: notice: running
> 22-Feb-2022 23:11:58.795 general: error: socket.c:2405: unexpected error:
> 22-Feb-2022 23:11:58.795 general: error: setsockopt(50, IP_RECVTOS)
> failed: Protocol not available
> 22-Feb-2022 23:12:58.811 general: error: ifiter_getifaddrs.c:79:
> unexpected error:
> 22-Feb-2022 23:12:58.811 general: error: getting interface addresses:
> getifaddrs: Address family not supported by protocol
> 22-Feb-2022 23:12:58.811 network: warning: not listening on any interfaces
>
> Any Idea how to fix this??
>
> cbsd@j2> named -V
> BIND 9.16.22-Debian (Extended Support Version) <id:59bfaba>
> running on Linux x86_64 3.2.0 FreeBSD 12.3-RELEASE-p1 GENERIC
>
> installing newer versions
>
> I have also problems with dovecot mail package.. but will leave it for now
>
> Thanks in advance,
> Sami
>
>