vnet jail shutdown crashes system

David Mehler dave.mehler at gmail.com
Mon Jun 8 01:59:06 UTC 2020 

Hello,

I've finally created a vnet jail on FreeBSD 12.1 that will get out to
the internet. Whenever I atempt to shut it down the system crashes, I
have no idea why.

I found an example and adapted and pounded on it until I got it
working. Here's my configuration. On the host:

/etc/rc.conf fragment:
cloned_interfaces="bridge0"
ifconfig_bridge0="inet 192.168.122.1/24 addm vtnet0 up"

#cat /etc/jail.conf
exec.clean;
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
mount.devfs;
allow.raw_sockets;
        exec.system_user = "root";
        exec.jail_user = "root";
vnet;

jail1 {
    host.hostname = jail1.lan;
    path = "/jails/jail1";
    devfs_ruleset = "5";
    vnet.interface = "epair0b";
    exec.prestart = "ifconfig epair0 create up";
    exec.prestart += "ifconfig bridge0 addm epair0a";
    exec.poststop = "ifconfig bridge0 deletem epair0a";
    exec.poststop += "ifconfig epair0a destroy";
        exec.consolelog = "/var/log/jail_jail1_console.log";
}

ifconfig fragment:
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:e7:79:f2:c4:00
        inet 192.168.122.1 netmask 0xffffff00 broadcast 192.168.122.255
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: epair0a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 4 priority 128 path cost 2000
        member: vtnet0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 1 priority 128 path cost 2000
        groups: bridge
        nd6 options=9<PERFORMNUD,IFDISABLED>
epair0a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 02:ad:9b:f9:5e:0a
        inet6 fe80::ad:9bff:fef9:5e0a%epair0a prefixlen 64 scopeid 0x4
        groups: epair
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

In the vnet jail:
# cat /etc/rc.conf
hostname="jail1.lan"
ifconfig_epair0b="inet 192.168.122.50 netmask 255.255.255.0"
defaultrouter="192.168.122.1"

I wish I knew why stopping this jail takes the whole system down,
suggestions welcome.
Thanks.
Dave.

More information about the freebsd-jail mailing list