jailed process listening on host addresses
Andrew Hotlab
andrew.hotlab at hotmail.com
Wed Jan 4 11:09:13 UTC 2012
-----Original Message-----
From: Eirik Øverby
Sent: Wednesday, January 04, 2012 11:35 AM
To: Andrew Hotlab
Cc: FreeBSD-Jail
Subject: Re: jailed process listening on host addresses
> On 4. jan. 2012, at 02:10, "Andrew Hotlab" <andrew.hotlab at hotmail.com>
> wrote:
>
> > I noticed a strange behavior some days ago, but I can't say how much
> > long it have been happening for. Some processes which are > running in
> > different jails on the same host seems to be listening on all host IPs.
> >
> > It's happening on several host right now (all are running FreeBSD/amd64
> > 8.2-RELEASE-p5), with both UDP and TCP listeners. Any
> > jail is using a single unicast IP address. I really hope to miss
> > something important... or should I guess that these processes are
> > "escaping" from the jails?! :S
>
> Did you try to actually connect to any of those listeners? I see the same
> here, but I cannot actually connect to the ports on anything > but the
> jail IP..
>
I've just tried to connect to the TCP port 2049 (the unfsd daemon is running
in a jail), and actually I can only telnet to the address assigned to the
jail where the daemon is running, even if sockstat(1) tells me that the
process is listening on all IP addresses.
Thus the sockstat(1) command might not be able to display correctly the
actual sockets used by some jailed processes?! It sounds pretty strange to
me... maybe these processes are sharing something with the host because they
are using SysV IPC or something else I ignore?
Andrew
More information about the freebsd-jail
mailing list