similar to: shorewall in chroot jail

Hello, on 9.1-R, I highly appreciate the new jail(8) and jail.conf capabilities. Thanks for that extension! But I have one problem: If I want to stop a jail with 'jaill -r jailname', I get "umount: unmount of /.jail.jailname failed: Device busy" It seems to me that the order of fstab.jailname entries are not reverted by jail(8) when shutting down/umounting. My C skills

Hi *, I recently triggered an error when setting up a jail-host: I configured the jail(s) like evry jail I set up in the past: On the jail-hosts /etc/rc.conf: # ---- Jail-Globals ---- jail_enable="YES" # Set to NO to disable starting of any jails jail_list="ftp mx1 relay" # Space separated list of names of jails

I'm thinking of using jails to improve security on a server I am setting up. Specifically, I would like to put Apache/PHP in a jail, but I might like to set up 2-3 different jails for different purposes. I've found several examples showing how to set the jails up. My questions involve system requirements. Assuming plenty of disk space, 1GB ram and a dual processor PIII 1.13Ghz

Dear folks, It seems that doing bind() inside a jail (whose IP address is an outside address), will result in some wierd behavior, that the actual bind is done on the outside address. For example, binding to 127.0.0.1:6666 inside a jail addressed 192.168.1.1, will finally result in a bind to 192.168.1.1:6666. With this in mind, it is possible that some formerly secure configuration fail in jail

Operating system virtualization is the most effective way to utilize your system resources, jails let you setup isolated mini-systems. Jails are explains well in handbook however, from practical standpoint of view, the presented material is incomplete. The post below setup few scrips that follow handbook's 'Application of Jails' article and enhance with few missing features

HI everyone, I have resently installed a jail environment on my freebsd box, and had some problems getting postgresql running under it. After looking a bit on various mailinglists i figured out that I needed to set jail.sysvipc_allowed to be 1 using sysctl in order to make postgresql run. However man jail gives me: jail.sysvipc_allowed This MIB entry determines whether or not

I am currently setting up a firewall that translates my internal network over to 5 public IP addresses. The addresses are dynamically assigned, so I use ddclient to update my www.dyndns.org account. I've set up several aliases on the external interface of the firewall, and succeeded in having the internal computers use those extra public IPs. What I want to do is have 5 copies of ddclient

Hi, IP traffic from one jail to another jail, arrives on destination jail on lo0 having the destination jails IP as source IP. Why not the source jail's IP address? How can I filter traffic from one jail to another, using ipfw of ipf? Cheers, -- Anders.

Hi all, Is it mandatory to add device mem to jails to enable network via the gateway? Left ezjail with FreeBSD-6.3 (and a hardware replacement of my server) and am now starting again with FreeBSD-7.1. Early this week, I upgraded from 7.0 to 7.1 (not having 'used' jails on 7.0). After creating the jail with `ezjail-admin update -i` I created a 'ports build' jail `ezjail-admin

Hello, I have written this tiny little patch to the jail rc.d script, which allows user to set jail nice value. It doesn't change any default behaviour. Can that make it to the trees? Patch attached. -- Jan Srzednicki :: http://wrzask.pl/ "Remember, remember, the fifth of November" -- V for Vendetta -------------- next part

Hello, I have written this tiny little patch to the jail rc.d script, which allows user to set jail nice value. It doesn't change any default behaviour. Can that make it to the trees? Patch attached. -- Jan Srzednicki :: http://wrzask.pl/ "Remember, remember, the fifth of November" -- V for Vendetta -------------- next part

Hi, I've been struggling with this problem for the last couple of hours and am nowhere near solving the problem. I am trying to run a tftp server in a chroot jail. Now perhaps I am being paranoid, but I would like to have it launched from within its own jail even if it supposedly does a chroot itself and runs with a parameterizable user. I downloaded the atftp-server package and tried

Hi, We are trying to create a jail with FreeBSD 5.3 but it's fails with this error: cc -O -pipe -I/usr/obj/usr/src/i386/legacy/usr/include -c /usr/src/games/fortune/strfile/strfile.c make: don't know how to make /j/usr/lib/libc.a. Stop *** Error code 2 We are excuting those command in /usr/src: export D=/j make world DESTDIR=$D Are there any problem with FreeBSD 5.3? We have ever

I have searched around the lists and Google and found this HYPERLINK "http://people.freebsd.org/~pjd/patches/jail_2004120901.patch"http://people. freebsd.org/~pjd/patches/jail_2004120901.patch I was wondering if anyone know of a multiple IP patch that works with FreeBSD 5.4 I really do not understand why this is not included in the standard jail I mean sure jail is handy for

Hello, I have configured jail for users with sshd ftpd and auth. I started this jail on IP 127.0.0.10(there is an alias on lo0 interface), there was not any bigger problem to start it. But i have a problem with internet in this jail. I can log in to this jail through ssh or ftpd but i can't connect to the internet. I try to set up some kind of nat but it doesn't work. Can anybody help me

I setup a ssh chroot jail following this[1] guide. It works for my user to login, use ls and use scp which is all I really want. I do have a problem I cannot solve: when connected and navigating the filesystem, the backspace key actually moves the cursor forward and does not delete what I type. I may have found a hint from some googling that readline will read in /etc/inputrc on login but if

http://wiki.freebsd.org/JailResourceLimits Is this anthing people are working on? Is it on its way to RELENG_7? Is there a 7-version of the patch or anything? This would be a _VERY_ useful feature. -- Peter Ankerst?l peter@pean.org

On Thu, 2002-12-19 at 01:30, msmith@labyrinth.net.au wrote: > Alan Silvester <mascdman@shaw.ca> said: > > > Hi, > > > > (Sorry for the long email) > > > > As a bit of a learning exercise, I'm trying to place the icecast daemon > > in a chroot jail. I've been mostly sucessful: I can get icecast to > > serve the default stream from

Hello, I'm trying to get Dovecot going on my system. It's a FreeBSD 12.0-RELEASE system and it's running dovecot 2.3 via ports in a jail. I'm getting the same error message(s) as in this bug report, which has been marked as closed: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225078 Dovecot is not starting at all in this jail when starting with service dovecot start. A

We are trying to upgrade a machine with jails from 5.0 to 5.1. We've CVS'd and done the upgrade on the 'main' machine, but how do we mount our build directory to upgrade the jails? Thanx! -- Dave -- Dave Kingsley Voice: 617-745-3806 Systems Administrator FAX: 617-745-3907 Eastern Nazarene College 23 E. Elm Avenue E-mail: kingsled@enc.edu Quincy, MA 02170