-
-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
any jail i try to make using nat options gives error #10
Comments
Please use Markdown to format correctly, it is difficult to understand your problem.
In your
You must use the correct anchor types: /etc/pf.conf:
Reload
|
I have the correct anchor types exactly as you said but when i type pfctl -sn It says: buckbucks% sudo service pf restart ~ I dont understand why its doing that im guessing maybe a bug in pf on freebsd-current?? |
I don't know, I'm on 14.0-RELEASE. Anyway, see my # pfctl -sn
nat-anchor "appjail-nat/jail/*" all
nat-anchor "appjail-nat/network/*" all
rdr-anchor "appjail-rdr/*" all I know a person who is in CURRENT, I will ask him. AFAIK, he has no problems with |
thankk you please let me know much appreciaed |
Any luck finding out from your friend in current? |
Yes, I contacted him, but he is busy. He'll probably tell me something this week. Although, your pf configuration looks really weird, I don't know if it really is, or it's a side effect since you're not using Markdown. If you can, try your configuration in RELEASE instead of CURRENT. |
i should be able to install aa base system of release in a jail or a chroot and that should be enought to check the pf config? |
This problem does not seem to be related to AppJail. See your |
Confirmed. I have been informed that pf in CURRENT shows the output in the style you describe. I don't know if this is a bug or a breaking-change. |
i believe its possible a pug cause ive noticed alot of work being done on pfctl in the src tree or could be a breaking change and if so then will have to figure out a workaround in your scripts not sure but thnk you |
Yes, first of all I need to confirm why pf shows the output like that. If it is a bug, I don't have to change anything, but if it is a breaking-change, I will make changes in AppJail to fix this problem. |
Reported:
|
I recently updated my VM to check if this issue persisted, and it is now fixed! |
buckbucks% appjail makejail -f gh+AppJail-makejails/badwolf -j badwolf1 \ /usr/src
-o virtualnet="ajnet:badwolf default"
-o nat
-o copydir=/tmp/files
-o file=/etc/rc.conf
-o x11 \
[00:00:00] [ info ] [badwolf1] Building ...
[00:00:00] [ debug ] [badwolf1] Main Makejail: gh+AppJail-makejails/badwolf
[00:00:01] [ debug ] [badwolf1] Using method:github (args:AppJail-makejails/badwolf) from gh+AppJail-makejails/badwolf.
[00:00:01] [ debug ] [badwolf1] Using global cache directory (git): /usr/local/appjail/cache/git
[00:00:01] [ debug ] [badwolf1] Updating /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072 ...
[00:00:01] [ debug ] [badwolf1] Including /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/Makejail ...
[00:00:01] [ debug ] [badwolf1] Using method:file (args:options/options.makejail) from options/options.makejail.
[00:00:01] [ debug ] [badwolf1] Including /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/options/options.makejail ...
[00:00:02] [ debug ] [badwolf1] Makejail generated:
[00:00:02] [ debug ] [badwolf1] RAW cd -- "/usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072" # Makejail: /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/Makejail
[00:00:02] [ debug ] [badwolf1] RAW cd -- "/usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/options" # Makejail: /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/options/options.makejail
[00:00:02] [ debug ] [badwolf1] OPTION resolv_conf
[00:00:02] [ debug ] [badwolf1] OPTION tzdata
[00:00:02] [ debug ] [badwolf1] OPTION overwrite=force
[00:00:02] [ debug ] [badwolf1] OPTION start
[00:00:02] [ debug ] [badwolf1] RAW cd -- "/usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072" # Makejail: /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/Makejail
[00:00:02] [ debug ] [badwolf1] ARG badwolf_tag=13.3
[00:00:02] [ debug ] [badwolf1] FROM --entrypoint gh+AppJail-makejails/badwolf badwolf:${badwolf_tag}
[00:00:02] [ debug ] [badwolf1] CMD pw useradd -n badwolf -c "Minimalist and privacy-oriented WebKitGTK+ browser" -d /home/badwolf -s /bin/sh
[00:00:02] [ debug ] [badwolf1] CMD mkdir -p /home/badwolf/.local/share/badwolf/webkit-web-extension
[00:00:02] [ debug ] [badwolf1] CMD mkdir -p /home/badwolf/.config/badwolf
[00:00:02] [ debug ] [badwolf1] CMD chown -R badwolf:badwolf /home/badwolf
[00:00:02] [ debug ] [badwolf1] COPY usr
[00:00:02] [ debug ] [badwolf1] STOP
[00:00:02] [ debug ] [badwolf1] STAGE custom:badwolf_open
[00:00:02] [ debug ] [badwolf1] ENV DISPLAY=:0
[00:00:02] [ debug ] [badwolf1] USER badwolf
[00:00:02] [ debug ] [badwolf1] RUN badwolf.sh
[00:00:02] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/RAW (args:cd -- "/usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072" # Makejail: /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/Makejail)
[00:00:02] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/RAW (args:cd -- "/usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/options" # Makejail: /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/options/options.makejail)
[00:00:02] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/build/OPTION (args:resolv_conf)
[00:00:02] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/build/OPTION (args:tzdata)
[00:00:02] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/build/OPTION (args:overwrite=force)
[00:00:02] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/build/OPTION (args:start)
[00:00:02] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/RAW (args:cd -- "/usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072" # Makejail: /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/Makejail)
[00:00:02] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/ARG (args:badwolf_tag=13.3)
[00:00:03] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/build/FROM (args:--entrypoint gh+AppJail-makejails/badwolf badwolf:${badwolf_tag})
[00:00:03] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/CMD (args:pw useradd -n badwolf -c "Minimalist and privacy-oriented WebKitGTK+ browser" -d /home/badwolf -s /bin/sh)
[00:00:03] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/CMD (args:mkdir -p /home/badwolf/.local/share/badwolf/webkit-web-extension)
[00:00:03] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/CMD (args:mkdir -p /home/badwolf/.config/badwolf)
[00:00:03] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/CMD (args:chown -R badwolf:badwolf /home/badwolf)
[00:00:04] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/COPY (args:usr)
[00:00:04] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/build/STOP (args:)
[00:00:04] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/ENV (args:DISPLAY=:0)
[00:00:04] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/USER (args:badwolf)
[00:00:04] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/RUN (args:badwolf.sh)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/all/ARG (input:/usr/local/appjail/cache/tmp/.appjail/appjail.ZIY2LP6IPL)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/build/FROM (input:/usr/local/appjail/cache/tmp/.appjail/appjail.k8HQvrHx6o)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/build/OPTION (input:/usr/local/appjail/cache/tmp/.appjail/appjail.446F8Cgkh7)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/all/RAW (input:/usr/local/appjail/cache/tmp/.appjail/appjail.FLvI6quf1Y/stages/build/0.RAW)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/all/RAW (input:/usr/local/appjail/cache/tmp/.appjail/appjail.FLvI6quf1Y/stages/build/1.RAW)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/all/RAW (input:/usr/local/appjail/cache/tmp/.appjail/appjail.FLvI6quf1Y/stages/build/6.RAW)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/all/CMD (input:/usr/local/appjail/cache/tmp/.appjail/appjail.FLvI6quf1Y/stages/build/9.CMD)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/all/CMD (input:/usr/local/appjail/cache/tmp/.appjail/appjail.FLvI6quf1Y/stages/build/10.CMD)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/all/CMD (input:/usr/local/appjail/cache/tmp/.appjail/appjail.FLvI6quf1Y/stages/build/11.CMD)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/all/CMD (input:/usr/local/appjail/cache/tmp/.appjail/appjail.FLvI6quf1Y/stages/build/12.CMD)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/all/COPY (input:/usr/local/appjail/cache/tmp/.appjail/appjail.FLvI6quf1Y/stages/build/13.COPY)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/build/STOP (input:/usr/local/appjail/cache/tmp/.appjail/appjail.FLvI6quf1Y/stages/build/14.STOP)
[00:00:05] [ debug ] [badwolf1] Buildscript generated:
[00:00:05] [ debug ] [badwolf1] set -T
[00:00:05] [ debug ] [badwolf1]
[00:00:05] [ debug ] [badwolf1] . "${APPJAIL_CONFIG}"
[00:00:05] [ debug ] [badwolf1] . "${LIBDIR}/load"
[00:00:05] [ debug ] [badwolf1]
[00:00:05] [ debug ] [badwolf1] lib_load "${LIBDIR}/sysexits"
[00:00:05] [ debug ] [badwolf1] lib_load "${LIBDIR}/atexit"
[00:00:05] [ debug ] [badwolf1] lib_load "${LIBDIR}/log"
[00:00:05] [ debug ] [badwolf1] lib_load "${LIBDIR}/check_func"
[00:00:05] [ debug ] [badwolf1]
[00:00:05] [ debug ] [badwolf1] lib_atexit_init
[00:00:05] [ debug ] [badwolf1]
[00:00:05] [ debug ] [badwolf1] trap '' SIGINT
[00:00:05] [ debug ] [badwolf1] set -e
[00:00:05] [ debug ] [badwolf1] badwolf_tag="13.3"
[00:00:05] [ debug ] [badwolf1] lib_load "${LIBDIR}/check_func"
[00:00:05] [ debug ] [badwolf1]
[00:00:05] [ debug ] [badwolf1] while [ $# -gt 0 ]; do
[00:00:05] [ debug ] [badwolf1] case "$1" in
[00:00:05] [ debug ] [badwolf1] --badwolf_tag)
[00:00:05] [ debug ] [badwolf1] badwolf_tag="$2"; shift
[00:00:05] [ debug ] [badwolf1] ;;
[00:00:05] [ debug ] [badwolf1] --)
[00:00:05] [ debug ] [badwolf1] shift
[00:00:05] [ debug ] [badwolf1] break
[00:00:05] [ debug ] [badwolf1] ;;
[00:00:05] [ debug ] [badwolf1] --)
[00:00:05] [ debug ] [badwolf1] lib_err ${EX_USAGE} -- "$1: Invalid option."
[00:00:05] [ debug ] [badwolf1] ;;
[00:00:05] [ debug ] [badwolf1] )
[00:00:05] [ debug ] [badwolf1] break
[00:00:05] [ debug ] [badwolf1] ;;
[00:00:05] [ debug ] [badwolf1] esac
[00:00:05] [ debug ] [badwolf1]
[00:00:05] [ debug ] [badwolf1] shift
[00:00:05] [ debug ] [badwolf1] done
[00:00:05] [ debug ] [badwolf1] if lib_check_empty "$badwolf_tag"; then
[00:00:05] [ debug ] [badwolf1] lib_err ${EX_DATAERR} "option requires an argument -- badwolf_tag"
[00:00:05] [ debug ] [badwolf1] fi
[00:00:05] [ debug ] [badwolf1] "${APPJAIL_SCRIPT}" image import -a "amd64" -N .ajspec -n "badwolf" -t "${badwolf_tag}" -- "gh+AppJail-makejails/badwolf"
[00:00:05] [ debug ] [badwolf1] "${APPJAIL_SCRIPT}" image jail -a "amd64" -i "badwolf" -t "${badwolf_tag}" -- "${APPJAIL_JAILNAME}" "resolv_conf" "tzdata" "overwrite=force" "start" "virtualnet=ajnet:badwolf default" "nat" "copydir=/tmp/files" "file=/etc/rc.conf" "x11"
[00:00:05] [ debug ] [badwolf1] cd -- "/usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072" # Makejail: /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/Makejail
[00:00:05] [ debug ] [badwolf1] cd -- "/usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/options" # Makejail: /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/options/options.makejail
[00:00:05] [ debug ] [badwolf1] cd -- "/usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072" # Makejail: /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/Makejail
[00:00:05] [ debug ] [badwolf1] "${APPJAIL_SCRIPT}" cmd jexec "${APPJAIL_JAILNAME}" env "badwolf_tag=${badwolf_tag}" sh -c "pw useradd -n badwolf -c "Minimalist and privacy-oriented WebKitGTK+ browser" -d /home/badwolf -s /bin/sh"
[00:00:05] [ debug ] [badwolf1] "${APPJAIL_SCRIPT}" cmd jexec "${APPJAIL_JAILNAME}" env "badwolf_tag=${badwolf_tag}" sh -c "mkdir -p /home/badwolf/.local/share/badwolf/webkit-web-extension"
[00:00:05] [ debug ] [badwolf1] "${APPJAIL_SCRIPT}" cmd jexec "${APPJAIL_JAILNAME}" env "badwolf_tag=${badwolf_tag}" sh -c "mkdir -p /home/badwolf/.config/badwolf"
[00:00:05] [ debug ] [badwolf1] "${APPJAIL_SCRIPT}" cmd jexec "${APPJAIL_JAILNAME}" env "badwolf_tag=${badwolf_tag}" sh -c "chown -R badwolf:badwolf /home/badwolf"
[00:00:05] [ debug ] [badwolf1] cp -a -- "usr" "${APPJAIL_JAILDIR}/"
[00:00:05] [ debug ] [badwolf1] "${APPJAIL_SCRIPT}" stop -- "${APPJAIL_JAILNAME}"
[00:00:06] [ debug ] [badwolf1] Cloning https://github.com/AppJail-makejails/badwolf as /usr/local/appjail/cache/tmp/.appjail/appjail.N2sXFepwFz ...
[00:00:06] [ info ] [badwolf] badwolf (arch:amd64, tag:13.3): already up to date.
[00:00:07] [ debug ] [badwolf1] quick parameters: import+root="input:/usr/local/appjail/cache/images/badwolf/13.3-amd64-image.appjail" portable resolv_conf tzdata overwrite=force start virtualnet=ajnet:badwolf default nat copydir=/tmp/files file=/etc/rc.conf x11
[00:00:07] [ warn ] [badwolf1] Trying to remove badwolf1 ...
[00:00:07] [ warn ] [badwolf1] badwolf1 is not running.
[00:00:07] [ debug ] [badwolf1] Destroy flags:
[00:00:08] [ debug ] [badwolf1] Removing
badwolf1
jail...[00:00:08] [ debug ] [badwolf1] Using zfs-destroy(8) ...
[00:00:09] [ debug ] [badwolf1] Removing files...
[00:00:09] [ debug ] [badwolf1] badwolf1 was removed.
[00:00:09] [ info ] [badwolf1] Creating an empty jail ...
[00:00:09] [ info ] [badwolf1] Importing /usr/local/appjail/cache/images/badwolf/13.3-amd64-image.appjail as badwolf1 ...
[00:00:28] [ info ] [badwolf1] Done.
[00:00:28] [ debug ] [badwolf1] Adding files ("/etc/rc.conf") to the list of files to copy ...
[00:00:28] [ debug ] [badwolf1] (1/1): Checking /etc/rc.conf ...
[00:00:28] [ debug ] [badwolf1] (1/1): Copying etc/rc.conf ...
[00:00:28] [ debug ] [badwolf1] Copying /etc/localtime as /usr/local/appjail/jails/badwolf1/jail/etc/localtime
[00:00:28] [ debug ] [badwolf1] Copying /usr/local/etc/appjail/resolv.conf as /usr/local/appjail/jails/badwolf1/jail/etc/resolv.conf
[00:00:28] [ debug ] [badwolf1] Reserving an IPv4 address for badwolf1 in ajnet ...
[00:00:29] [ debug ] [badwolf1] VNET Interface:e[ab]_badwolf Description:
[00:00:29] [ debug ] [badwolf1] ajnet is the default router.
[00:00:29] [ debug ] [badwolf1] Creating NAT rules ...
[00:00:29] [ debug ] [badwolf1] Setting NAT rule: network:ajnet ext_if:wlan0 logopts:0 () on_if:wlan0
[00:00:30] [ error ] [badwolf1] The nat command requires appjail-nat/jail/ and appjail-nat/network/ anchors to work.
buckbucks%
I have the anchors in my pf.conf:
buckbucks% cat /etc/pf.conf /usr/src
nat-anchor "appjail-nat/jail/"
nat-anchor "appjail-nat/network/"
rdr-anchor "appjail-rdr/*"
anchor "appjail-nat/jail/"
anchor "appjail-nat/network/"
anchor "appjail-rdr/*"
buckbucks% /usr/src
buckbucks%
pf is running i dont know why i keep getting the errors.
The text was updated successfully, but these errors were encountered: