Unable to enable allow.socket_af in jail
James Gritton
jamie at freebsd.org
Mon Apr 11 13:20:52 UTC 2016
On 2016-04-10 03:19, Rodomar 705 wrote:
> Sorry for bothering, but after one hour of reading I still can't find a
> solution for this problem.
>
> I'm trying to run a Linux game server inside a jail itself, for added
> security. The server itself run great on the host system itself. I'm
> using
> ezjail to manage the jail subsystem itself.
>
> After installing linux_base, the server start up just fine, until to
> the
> point where it needs to fire up the network port, and crashing with
>
> (NetworkException) cannot create socket: 93 - Protocol not supported
>
> First i was thinking that allow_raw_sockets was what missing, after
> messing
> with my configuration, i was able to make it work. No dice. After
> reading
> the jail configuration, expecially under the allow section
> configuration,
> it was clear to me that was missing were allow.socket_af. Tried with
> the
> same parameter used with the first one, no dice. Tried adding sysvipc,
> taken by some comments online, no dice. Adding one to the parameters
> (even
> if wasn't making any sense since the other two was enabled without), no
> dice.
>
> Can anyone explain me what I'm doing wrong?
>
> Thanks for your time, i'll leave the config below.
>
> In configuration file inside /usr/local/etc/ezjail/<jailname>:
>
> export jail_<jailname>_parameters="allow.raw_sockets allow.socket_af=1
> allow.sysvipc"
>
> Result from sudo jexec <jid> sysctl security.jail | egrep
> '(allow_raw|sysvipc_allowed|socket_af)':
>
> security.jail.param.allow.socket_af: 0
> security.jail.allow_raw_sockets: 1
> security.jail.sysvipc_allowed: 1
What's the output of "jls -s"? In particular, are you seeing
allow.socket_af there? (If not, you'll see allow.nosocket_af). Also,
what do you see for ip4 and ip6?
What address family is the linux server program trying to open? Jails
will give EAFNOSUPPORT (Protocol not supported) for non-inet address
families, but also for IPv4 or IPv6 if the jail is set up without ip4 or
ip6 support.
- Jamie
More information about the freebsd-jail
mailing list