[SOLVED] Help to configure a 2º jail and share folder

[raulfg3]

Hello I try to use the excelent jail Howto in wiki: http://wiki.nas4free.org/doku.php?id=do ... otype_jail

But I have some dudes.
1- I need to create a jail named upnp to install serviio from scrath ( I try to do on the default jail proto)
I do not know how to see my folder /mnt/NAS-A/Video from inside the jail , I do

Code: Select all

mount_nullfs /mnt/NAS-A/Video /jail/proto/mnt/Video

in the jail_start and do not use fstab.proto
the problem is how to do in the jail upnp, I need to do a ln? add something to fstab.upnp?, add mount_nullfs /mnt/NAS-A/Video /jail/upnp/mnt/Video?

[himbrr]

hi,

I have created a new jail regarding the wiki tutorial.
Instead of proto I used the name "test", in your case upnp.
Before creating the jail, I have updated n4f to a newer revision.

Install the new jail like proto, modify the rc.conf.local

Code: Select all

jail_list="proto test"

and add the lines for the test jail.

Code: Select all

jail_test_rootdir="/jail/test"          # path to our jail
jail_test_hostname="test.domain.local"  # hostname
jail_test_ip="192.168.22.12"            # ip of the jail
jail_test_interface="re0"               # Network Interface to use, replace on your NAS interface name
jail_test_devfs_enable="YES"            # use devfs
jail_test_mount_enable="YES"            # mount YES|NO
jail_test_fstab="/jail/conf/fstab.test" # File with Filesystems to mount

Code: Select all

/etc/rc.d/jail restart

And now you can configure you new jail.

mount_nullfs is the right way to add connect jail and host system. This is working for me perfectly. I mounted the mediafolder in both jails.
ln won't work, because the jail is a isolated system.

I mount the folders in the jail_start.
My fstab.test is empty.

[fsbruva]

The advantage to adding the mounts to the fstab is that the mount points get unmounted prior to shutdown. Also, if (like alexey) you have troubles with a mount point, you can specify that fsck be run on the mount at boot (or jail startup).

[raulfg3]

The advantage to adding the mounts to the fstab is that the mount points get unmounted prior to shutdown. Also, if (like alexey) you have troubles with a mount point, you can specify that fsck be run on the mount at boot (or jail startup).

Thanks, please can you show an example in my case how must be the fstab?

[fsbruva]

Contents of fstab.upnp

Code: Select all

/mnt/NAS-A/Video /jail/proto/mnt/Video nullfs rw 0 2

This will put the NAS-A/Video folder within the jail's mnt/Video folder, mounted read/write, 0 is the dump number (mostly always 0, because the jail doesn't actually own the hardware), 2 is the pass number (it will require fsck during boot). The pass number can be either 1 or 2 if you want fsck to check it, and 1 has a higher priority than 2 among the entries in the fstab file.

[raulfg3]

thanks a lot.

[fsbruva]

Did that work like you expected? If so, then it offers some significant protection to your system, because you can also mount the location read only, (especially for web accessible portions), so that a compromise in the jail can't do anything to the host's files.

[raulfg3]

Did that work like you expected

YES, in fact I mount in read only mode , because I need to play with my Upnp player and no need to write from upnp player.

only this strange warninig:

Code: Select all

/etc/rc.conf: security.jail.chflags_allowed=1: not found

but this is my /etc/rc.conf:

Code: Select all

serviio_enable="YES"
security.jail.chflags_allowed=1
kissdx_enable="YES"

PD: I'm in the process of writting a new howto install kissdx into a jail, and I detect that once installed the kissdx server do not properly show in the kiss DP 558 player, I suspect that is because use port 8000 in multicast , and multicast is not open inside the jail.

my question is: How open / NAT / etc... the multicast request so my player can see the server inside the jail.

PD2: I suspect the same behaviour if you install minidlna inside a jail, is not show in the upnp renders/players.

[fsbruva]

This line needs to be in in N4F rc.conf... not inside jail.
security.jail.chflags_allowed=1

[raulfg3]

I have too see jpg:

rc.conf RFG.jpg

only diferent I see is that If i use web gui the line is: security.jail.chflags_allowed="1" <- see quotes, but all others are the same:

Code: Select all

dmesg_enable="YES"
lighttpd_enable="YES"
syslogd_enable="YES"
syslogd_flags="-8 -s"
msntp_enable="YES"
firewall_type="CLIENT"
firewall_script_auxrules="/etc/rc.firewall.auxrules"
msmtp_config="/var/etc/msmtp.conf"
msmtp_msgfile="/tmp/message"
varmfs="YES"
varmfs_flags="-S -m 3"
populate_var="YES"
LCDd_enable="NO"
afpd_enable="NO"
autosnapshot_enable="YES"
bsnmpd_enable="NO"
fuppes_enable="NO"
fusefs_enable="NO"
hastd_enable="NO"
inadyn_enable="NO"
firewall_enable="NO"
iscsi_initiator_enable="NO"
istgt_enable="NO"
lcdproc_enable="NO"
rpc_lockd_enable="NO"
mdnsresponder_enable="NO"
mountd_enable="NO"
mtdaapd_enable="NO"
ntpdate_enable="YES"
nut_enable="NO"
nut_upslog_enable="NO"
nut_upsmon_enable="NO"
powerd_enable="YES"
proftpd_enable="YES"
rpcbind_enable="NO"
rsyncd_enable="NO"
samba_enable="YES"
smartd_enable="NO"
sshd_enable="YES"
rpc_statd_enable="NO"
nfs_server_enable="NO"
swap_enable="NO"
tftpd_enable="YES"
transmission_enable="YES"
unison_enable="NO"
websrv_enable="YES"
websrv_htpasswd_enable="YES"
wpa_supplicant_enable="NO"
zfs_enable="YES"
hostname="rnas.local"
ifconfig_em0="syncdhcp -wol mtu 9000"
ipv4_addrs_em0="dhcp/24"
cloned_interfaces=""
ipv6_activate_all_interfaces="NO"
clog_logdir="/mnt/NAS-A/Temp/Logs"
fuppes_logfile="/mnt/NAS-A/Temp/Logs/fuppes.log"
jail_enable="YES"
mtdaapd_logfile="/mnt/NAS-A/Temp/Logs/mt-daapd.log"
powerd_flags="-a adaptive -b adaptive -n adaptive"
rsync_client_logfile="/mnt/NAS-A/Temp/Logs/rsync_client.log"
rsync_local_logfile="/mnt/NAS-A/Temp/Logs/rsync_local.log"
security.jail.chflags_allowed="1"
smartd_logfile="/mnt/NAS-A/Temp/Logs/smartd.log"
varsize="32m"
security.jail.allow_raw_sockets="1"
blanktime="300"
saver=""
static_routes=""

[fsbruva]

[quote="raulfg3"]

but this is my /etc/rc.conf:

Code: Select all

serviio_enable="YES"
security.jail.chflags_allowed=1
kissdx_enable="YES"

serviio and kissdx are both installed inside a jail, correct? So this /etc/rc.conf is the one inside the jail? (located at /jail/proto/etc/rc.conf) If so, it should not have the chflags option.

[fsbruva]

Should only have to do one or the other. The values in the webgui append past the standard /etc/rc.conf, which I think is non-persistent (gets created at boot time based on services being enabled or not in the config.xml file).

[raulfg3]

Sorry, you are right, when delete in webgui, and maintain in rc.conf inside the jail, works as expected.


Sorry, I thing that I test it this option, but is obvious that not.

This time no more warnings.

[fsbruva]

Why do you need that option enabled? It only needs to be enabled when you are using a jail to make installworld into another location. Otherwise, it is a security risk.