Reply
 
Thread Tools Display Modes
  #1  
Old 07-23-2012, 05:35 PM
malco_2001 malco_2001 is offline
Senior Member
 
Join Date: Aug 2010
Posts: 127
Thanks: 7
Thanked 30 Times in 23 Posts
Default 9.1-BETA1 cannot ping inside of ports jail
When running ping inside of ports jail I get a message that the socket operation has been denied. Looking in /etc/sysctl.conf shows that socket operations should be enabled for jails. Is this normal or for the warden?
Reply With Quote
  #2  
Old 12-15-2012, 05:31 PM
Abdul Abdul is offline
Senior Member
 
Join Date: Jan 2011
Posts: 333
Thanks: 19
Thanked 15 Times in 14 Posts
Default
I have the same in a regular jail.
__________________
touch -- '-rf ~'
Reply With Quote
  #3  
Old 12-28-2012, 02:25 PM
kmoore134's Avatar
kmoore134 kmoore134 is offline
Administrator
 
Join Date: May 2005
Location: Knoxville, TN
Posts: 2,568
Thanks: 0
Thanked 162 Times in 127 Posts
Default 9.1-BETA1 cannot ping inside of ports jail
This is disabled for security reasons by default. To enable run this
command via the CLI:

# warden set flags <jail ip> allow.raw_sockets=true
__________________
----
Kris Moore
PC-BSD Founder
Reply With Quote
The Following User Says Thank You to kmoore134 For This Useful Post:
Abdul (12-29-2012)
  #4  
Old 03-06-2013, 12:11 AM
mjollnir mjollnir is offline
Junior Member
 
Join Date: Feb 2013
Location: Germany
Posts: 20
Thanks: 1
Thanked 0 Times in 0 Posts
Default
Originally Posted by kmoore134 View Post
This is disabled for security reasons by default. To enable run this
command via the CLI:

# warden set flags <jail ip> allow.raw_sockets=true
As long you do not document it in the application and the manual (before or when you write the code), it's a bug (severety: blocker, IMHO).
Once you documented it, it's a feature.

No one wants to read "traditional jail - best for servers", beeing asked for an IP number, and then not be able to ping; and then crowl the net for hours to find the solution.

Unfortunately, this is true for far too many "features" of PC-BSD. There are many many undocumented hidden assertions hard-coded in the config scripts. To say it politely, that's sub-optimal. To say it clear: that's very bad programming style and the root of many subtle bugs and surprises.
--
=|o)
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:48 AM.


Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.

Copyright 2005-2010, The PC-BSD Project. PC-BSD and the PC-BSD logo are registered trademarks of iXsystems.
All other content is freely available for sharing under the terms of the Creative Commons Attribution License.