FreeBSD, jail, ping
Valeri Galtsev
galtsev at kicp.uchicago.edu
Thu Feb 1 18:15:57 UTC 2018
On 02/01/18 12:05, James B. Byrne via freebsd-questions wrote:
>
> On Thu, February 1, 2018 12:55, James B. Byrne wrote:
>> On the jail I see this behaviour:
>>
>> root at hll124:~ # sysctl security.jail.allow_raw_sockets
>> security.jail.allow_raw_sockets: 0
>>
>> root at hll124:~ # sysctl security.jail.allow_raw_sockets=1
>> security.jail.allow_raw_sockets: 0
>> sysctl: security.jail.allow_raw_sockets=1: Operation not permitted
>>
>> So, how is this fixed?
>>
>
> On host:
>
> # jls
> JID IP Address Hostname Path
> 6 127.0.124.1 hll124.hamilton.harte-lyne.ca /usr/jails/hll124
>
> # jail -m jid=6 allow.raw_sockets=1
>
> On jail:
>
> # sysctl security.jail.allow_raw_sockets
> security.jail.allow_raw_sockets: 1
>
> root at hll124:~ # ping 192.168.71.1
> PING 192.168.71.1 (192.168.71.1): 56 data bytes
> 64 bytes from 192.168.71.1: icmp_seq=0 ttl=64 time=0.253 ms
>
>
> So, how does one get the jail to automatically configure this setting?
>
I do not know how to do it using ezjail, but after ezjail does its
magic, the following line
allow.raw_sockets = 1;
will be in /etc/jail.conf inside particular jail configuration.
( after that setting is modified, particular jail has to be restarted as
someone already mentioned)
I hope, someone who uses ezjail will chime in.
Thanks.
Valeri
>
--
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
More information about the freebsd-questions
mailing list