[Bug 273557] Regression preventing bhyve from running inside a jail without IP after f74147e26999838e03a522bf59ea33bef470d356) breaks support for jailing bhyve with IPv4 and IPv6 disabled. Patch included.
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273557] Regression preventing bhyve from running inside a jail without IP after f74147e26999838e03a522bf59ea33bef470d356) breaks support for jailing bhyve with IPv4 and IPv6 disabled. Patch included."
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273557] Regression preventing bhyve from running inside a jail without IP after f74147e26999838e03a522bf59ea33bef470d356) breaks support for jailing bhyve with IPv4 and IPv6 disabled. Patch included."
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273557] Regression preventing bhyve from running inside a jail without IP after f74147e26999838e03a522bf59ea33bef470d356) breaks support for jailing bhyve with IPv4 and IPv6 disabled. Patch included."
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273557] Regression preventing bhyve from running inside a jail without IP after f74147e26999838e03a522bf59ea33bef470d356) breaks support for jailing bhyve with IPv4 and IPv6 disabled. Patch included."
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273557] Regression preventing bhyve from running inside a jail without IP after f74147e26999838e03a522bf59ea33bef470d356) breaks support for jailing bhyve with IPv4 and IPv6 disabled. Patch included."
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273557] Regression preventing bhyve from running inside a jail without IP after f74147e26999838e03a522bf59ea33bef470d356) breaks support for jailing bhyve with IPv4 and IPv6 disabled. Patch included."
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273557] Regression preventing bhyve from running inside a jail without IP after f74147e26999838e03a522bf59ea33bef470d356) breaks support for jailing bhyve with IPv4 and IPv6 disabled. Patch included."
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273557] Regression preventing bhyve from running inside a jail without IP after f74147e26999838e03a522bf59ea33bef470d356) breaks support for jailing bhyve with IPv4 and IPv6 disabled. Patch included."
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273557] Regression preventing bhyve from running inside a jail without IP after f74147e26999838e03a522bf59ea33bef470d356) breaks support for jailing bhyve with IPv4 and IPv6 disabled. Patch included."
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273557] Regression preventing bhyve from running inside a jail without IP after f74147e26999838e03a522bf59ea33bef470d356) breaks support for jailing bhyve with IPv4 and IPv6 disabled. Patch included."
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273557] Regression preventing bhyve from running inside a jail without IP after f74147e26999838e03a522bf59ea33bef470d356) breaks support for jailing bhyve with IPv4 and IPv6 disabled. Patch included."
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273557] Regression preventing bhyve from running inside a jail without IP after f74147e26999838e03a522bf59ea33bef470d356) breaks support for jailing bhyve with IPv4 and IPv6 disabled. Patch included."
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273557] Regression preventing bhyve from running inside a jail without IP after f74147e26999838e03a522bf59ea33bef470d356) breaks support for jailing bhyve with IPv4 and IPv6 disabled. Patch included."
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273557] Regression preventing bhyve from running inside a jail without IP after f74147e26999838e03a522bf59ea33bef470d356) breaks support for jailing bhyve with IPv4 and IPv6 disabled. Patch included."
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273557] Regression preventing bhyve from running inside a jail without IP after f74147e26999838e03a522bf59ea33bef470d356) breaks support for jailing bhyve with IPv4 and IPv6 disabled. Patch included."
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273557] Regression preventing bhyve from running inside a jail without IP after f74147e26999838e03a522bf59ea33bef470d356) breaks support for jailing bhyve with IPv4 and IPv6 disabled. Patch included."
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273557] Regression preventing bhyve from running inside a jail without IP after f74147e26999838e03a522bf59ea33bef470d356) breaks support for jailing bhyve with IPv4 and IPv6 disabled. Patch included."
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273557] Regression preventing bhyve from running inside a jail without IP after f74147e26999838e03a522bf59ea33bef470d356) breaks support for jailing bhyve with IPv4 and IPv6 disabled. Patch included."
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273557] Regression preventing bhyve from running inside a jail without IP after f74147e26999838e03a522bf59ea33bef470d356) breaks support for jailing bhyve with IPv4 and IPv6 disabled. Patch included."
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273557] Regression preventing bhyve from running inside a jail without IP after f74147e26999838e03a522bf59ea33bef470d356) breaks support for jailing bhyve with IPv4 and IPv6 disabled. Patch included."
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273557] Regression preventing bhyve from running inside a jail without IP after f74147e26999838e03a522bf59ea33bef470d356) breaks support for jailing bhyve with IPv4 and IPv6 disabled. Patch included."
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273557] Regression preventing bhyve from running inside a jail without IP after f74147e26999838e03a522bf59ea33bef470d356) breaks support for jailing bhyve with IPv4 and IPv6 disabled. Patch included."
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273557] Regression preventing bhyve from running inside a jail without IP after f74147e26999, breaks support for jailing bhyve with IPv4 and IPv6 disabled"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273557] Regression preventing bhyve from running inside a jail without IP after f74147e26999, breaks support for jailing bhyve with IPv4 and IPv6 disabled"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273557] Regression preventing bhyve from running inside a jail without IP after f74147e26999, breaks support for jailing bhyve with IPv4 and IPv6 disabled"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273557] Regression preventing bhyve from running inside a jail without IP after f74147e26999, breaks support for jailing bhyve with IPv4 and IPv6 disabled"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 273557] Regression preventing bhyve from running inside a jail without IP after f74147e26999, breaks support for jailing bhyve with IPv4 and IPv6 disabled"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 04 Sep 2023 08:53:49 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273557
Bug ID: 273557
Summary: Regression preventing bhyve from running inside a jail
without IP after
f74147e26999838e03a522bf59ea33bef470d356) breaks
support for jailing bhyve with IPv4 and IPv6 disabled.
Patch included.
Product: Base System
Version: 13.2-RELEASE
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: bhyve
Assignee: virtualization@FreeBSD.org
Reporter: crest@rlwinm.de
Created attachment 244627
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=244627&action=edit
Use VMIO_SIOCSIFFLAGS instead of SIOCGIFFLAGS
Bhyve used to require either the sysctl net.link.tap.up_on_open=1 or an
external wrapper to set the tap/vmnet interfaces link state after the device
has been opened. Bjoern A. Zeeb's solution to this uses an IP socket (trying
both IPv4 and IPv6). The code as shipped in FreeBSD 13.2 refuses to start bhyve
if it can't create an IP socket to set the link state of the tap/vmnet
interface.
It turns out there is a better way to set the link state on tap interfaces
since there is an equivalent ioctl() available directly on the tap/vmnet
device.
The included patch against FreeBSD 13.2 removes the unused variables (ifrq and
s) replaces ioctl(s, SIOCGIFFLAGS) on the socket with ioctl(be->fd,
VMIO_SIOCSIFFLAGS) on the tap/vmnet device.
The patch restores the ability to run bhyve inside a jail with ip4=disable and
ip6=disable. The guest running inside bhyve accesses the network through the
tap device without using IP sockets inside the bhyve process. This previously
supported configuration provides defense in depth against guest escapes.
--
You are receiving this mail because:
You are the assignee for the bug.