9.2 & linux jails

[nvader]

I am running 9.2 release.
I installed the ubuntu 13x jail.

I can't ssh to it.
I'm unable to apt-get update (fails)
when i run ping even though i 'su'
i get permission denied type of errors.

So i figure i must be doing something wrong.
any suggestions?
Thanks

 

[dlavigne]

I installed the ubuntu 13x jail. I can't ssh to it.

What error do you get when you try to ssh to it?

 

[interpeix]

There is a problem with networking, you must allow the Jail permission raw_sockets. By default it isn't enabled.
"warden set myflags myjail allow.raw_sockets=true"
http://www.ixsystems.com/whats-new/improvements-to-jail-management-via-the-warden/

 

[nvader]

There is a problem with networking, you must allow the Jail permission raw_sockets. By default it isn't enabled.
"warden set myflags myjail allow.raw_sockets=true"
http://www.ixsystems.com/whats-new/improvements-to-jail-management-via-the-warden/

Thank for the info. i will look into that!

 

[nvader]

So that didn't really work. the command is also a little wrong (for those who may not know)
warden set flags (not myflags) myjail (the exact name of your jail) <whatever option you need to set>
I set this, i also set other commands i found via google to gain access and i still can't really make it work.

I get that the point of the jail to is to segregate it from the host OS, but I can't seem to make linux work as it should. (no apt-get, can't ping other network devices, etc)
I can't get out of the jail lol
anyone who have had success with this care to share what they did to make it work?

I also tried adding this to my sysctl
security.jail.sysvipc_allowed = 1
i heard it works, but still didnt' help

 

[freenas4n00b]

Anyone else have ideas on how to solve this?

 

[nvader]

What error do you get when you try to ssh to it?

I get no error, It just takes me straight into my freenas login. my freenas is 192.168.2.101, i set my ubuntu 13 jail to 192.168.2.110 but 110 takes me to 101. which i understand as it appears there is no networking enabled in that ubuntu jail.
what i need to know is how to we enable networking inside the ubuntu jail?

root@ulinux:/# ping 127.0.0.1
ping: icmp open socket: Operation not permitted
root@ulinux:/#
root@ulinux:/# route
/proc/net/route: No such file or directory
INET (IPv4) not configured in this system.
root@ulinux:/#

 

[perlguy9]

I get no error, It just takes me straight into my freenas login. my freenas is 192.168.2.101, i set my ubuntu 13 jail to 192.168.2.110 but 110 takes me to 101. which i understand as it appears there is no networking enabled in that ubuntu jail.
what i need to know is how to we enable networking inside the ubuntu jail?

I'm seeing the same behavior. It's not obvious to me what's going on, or how to enable the ubuntu jail to allow it's own incoming ssh connections.

For what it's worth, the centos jail seems to work just fine.

 

[nvader]

I'm seeing the same behavior. It's not obvious to me what's going on, or how to enable the ubuntu jail to allow it's own incoming ssh connections.

For what it's worth, the centos jail seems to work just fine.

so you can get out with centOS?
I installed it but had the same msgs as listed above and couldn't communicate outside of the jail

 

[dlavigne]

Did you configure SSH inside of the jail using its shell icon? It is not configured by default

As for configuring the network addressing info (address, gateway, DNS, etcl) inside of a Linux jail, it won't work as the Linux networking commands assume a Linux networking stack and the jail actually uses the FreeBSD networking stack. As the Guide points out, all network addressing commands need to be configured using the Edit screen of the jail.

 

[nvader]

Did you configure SSH inside of the jail using its shell icon? It is not configured by default

As for configuring the network addressing info (address, gateway, DNS, etcl) inside of a Linux jail, it won't work as the Linux networking commands assume a Linux networking stack and the jail actually uses the FreeBSD networking stack. As the Guide points out, all network addressing commands need to be configured using the Edit screen of the jail.

Thanks for the reply however I'm very confused. I've viewed the "how to create/edit" jails. docs.
is there something else i should be viewing? can you point me to it?

I've seen nothing indicating how to get a linux jail to work.
I have assigned the jail an ip/subnet in the edit screen.
but as i posted the output of my commands above, it just tells me IPv4 is not configured. or the output of commands such as route show no routes
If linux can't see a route out, how is it supposed to communicate outside the jail?
If nothing on the inside works, I fail to understand how SSH could work. but i'm sure i'm just missing something.
Thanks for you time.

 

[dlavigne]

In theory, a jail is a jail and the sections of the Guide that describe how to use the Edit screen, the jail's shell icon, and how to use ssh instead of the jail's shell icon should apply.

Linux jails are a bit more complex as they rely on FreeBSD's linux emulation layer (which is limited to 32-bit apps) and the FreeBSD networking stack instead of the Linux network stack. This is why it is important to configure IP addressing info from the GUI rather than inside the jail itself.

To step back a bit, can you access the jail using it's shell icon? If so, can you start the SSH service? If you can get in to the shell icon but starting SSH gives an error, post the command that you ran inside of the jail along with its error messages.