[PC-BSD Testing] Comments on Warden

Kris Moore kris at pcbsd.org
Tue Oct 16 07:39:16 PDT 2012


On 10/11/2012 15:20, Axel Gonzalez wrote:
> Dunno if it is documentation or a sanity check.. but when it asks for
> ips it should give more info.. like the ip should be in the same net
> segment as the host (to have inet access), also don't use duplicates
> (assigned by dhcp)
>
> Also a must is to check that it doesn't allow the host the host ip,
> after the ifconfig, it messes up the address for the host (netmask
> 0xffffffff), disabling all inet access
>
> And ping is not allowed inside jails (RC1) same for jail_sysvipc_allow
> (used by postgres)
>
>
> This has been discussed on IRC, so it would be nice to have more devels
> in there.. if just to read what is brought up
>
>
> Greetings
>

There is a way to do this, but it hasn't been documented yet. If you go
to /usr/jails/ directory, look for the
".<ip>-meta/" directory. Then create a new file called "jail-flags" and
put "allow.raw_sockets=true" into it. Then when you restart the jail,
it'll have this option enabled. I'm going to make this option on by
default for 9.1, and add some additional command-line functionality
allowing you to set / get these jail options. It'll support any options
you want to pass to the "jail" command at startup.



-- 
Kris Moore
PC-BSD Software
iXsystems

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pcbsd.org/pipermail/testing/attachments/20121016/988c22a6/attachment.html>


More information about the Testing mailing list