any jail i try to make using nat options gives error #10
Comments
|
Please use Markdown to format correctly, it is difficult to understand your problem.
In your
You must use the correct anchor types: /etc/pf.conf:
Reload |
|
I have the correct anchor types exactly as you said but when i type pfctl -sn It says: buckbucks% sudo service pf restart ~ I dont understand why its doing that im guessing maybe a bug in pf on freebsd-current?? |
I don't know, I'm on 14.0-RELEASE. Anyway, see my # pfctl -sn
nat-anchor "appjail-nat/jail/*" all
nat-anchor "appjail-nat/network/*" all
rdr-anchor "appjail-rdr/*" allI know a person who is in CURRENT, I will ask him. AFAIK, he has no problems with |
|
thankk you please let me know much appreciaed |
|
Any luck finding out from your friend in current? |
|
Yes, I contacted him, but he is busy. He'll probably tell me something this week. Although, your pf configuration looks really weird, I don't know if it really is, or it's a side effect since you're not using Markdown. If you can, try your configuration in RELEASE instead of CURRENT. |
|
i should be able to install aa base system of release in a jail or a chroot and that should be enought to check the pf config? |
|
This problem does not seem to be related to AppJail. See your |
|
Confirmed. I have been informed that pf in CURRENT shows the output in the style you describe. I don't know if this is a bug or a breaking-change. |
|
i believe its possible a pug cause ive noticed alot of work being done on pfctl in the src tree or could be a breaking change and if so then will have to figure out a workaround in your scripts not sure but thnk you |
|
Yes, first of all I need to confirm why pf shows the output like that. If it is a bug, I don't have to change anything, but if it is a breaking-change, I will make changes in AppJail to fix this problem. |
|
Reported:
|
|
I recently updated my VM to check if this issue persisted, and it is now fixed! |
buckbucks% appjail makejail -f gh+AppJail-makejails/badwolf -j badwolf1 \ /usr/src
-o virtualnet="ajnet:badwolf default"
-o nat
-o copydir=/tmp/files
-o file=/etc/rc.conf
-o x11 \
[00:00:00] [ info ] [badwolf1] Building ...
[00:00:00] [ debug ] [badwolf1] Main Makejail: gh+AppJail-makejails/badwolf
[00:00:01] [ debug ] [badwolf1] Using method:github (args:AppJail-makejails/badwolf) from gh+AppJail-makejails/badwolf.
[00:00:01] [ debug ] [badwolf1] Using global cache directory (git): /usr/local/appjail/cache/git
[00:00:01] [ debug ] [badwolf1] Updating /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072 ...
[00:00:01] [ debug ] [badwolf1] Including /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/Makejail ...
[00:00:01] [ debug ] [badwolf1] Using method:file (args:options/options.makejail) from options/options.makejail.
[00:00:01] [ debug ] [badwolf1] Including /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/options/options.makejail ...
[00:00:02] [ debug ] [badwolf1] Makejail generated:
[00:00:02] [ debug ] [badwolf1] RAW cd -- "/usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072" # Makejail: /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/Makejail
[00:00:02] [ debug ] [badwolf1] RAW cd -- "/usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/options" # Makejail: /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/options/options.makejail
[00:00:02] [ debug ] [badwolf1] OPTION resolv_conf
[00:00:02] [ debug ] [badwolf1] OPTION tzdata
[00:00:02] [ debug ] [badwolf1] OPTION overwrite=force
[00:00:02] [ debug ] [badwolf1] OPTION start
[00:00:02] [ debug ] [badwolf1] RAW cd -- "/usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072" # Makejail: /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/Makejail
[00:00:02] [ debug ] [badwolf1] ARG badwolf_tag=13.3
[00:00:02] [ debug ] [badwolf1] FROM --entrypoint gh+AppJail-makejails/badwolf badwolf:${badwolf_tag}
[00:00:02] [ debug ] [badwolf1] CMD pw useradd -n badwolf -c "Minimalist and privacy-oriented WebKitGTK+ browser" -d /home/badwolf -s /bin/sh
[00:00:02] [ debug ] [badwolf1] CMD mkdir -p /home/badwolf/.local/share/badwolf/webkit-web-extension
[00:00:02] [ debug ] [badwolf1] CMD mkdir -p /home/badwolf/.config/badwolf
[00:00:02] [ debug ] [badwolf1] CMD chown -R badwolf:badwolf /home/badwolf
[00:00:02] [ debug ] [badwolf1] COPY usr
[00:00:02] [ debug ] [badwolf1] STOP
[00:00:02] [ debug ] [badwolf1] STAGE custom:badwolf_open
[00:00:02] [ debug ] [badwolf1] ENV DISPLAY=:0
[00:00:02] [ debug ] [badwolf1] USER badwolf
[00:00:02] [ debug ] [badwolf1] RUN badwolf.sh
[00:00:02] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/RAW (args:cd -- "/usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072" # Makejail: /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/Makejail)
[00:00:02] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/RAW (args:cd -- "/usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/options" # Makejail: /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/options/options.makejail)
[00:00:02] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/build/OPTION (args:resolv_conf)
[00:00:02] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/build/OPTION (args:tzdata)
[00:00:02] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/build/OPTION (args:overwrite=force)
[00:00:02] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/build/OPTION (args:start)
[00:00:02] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/RAW (args:cd -- "/usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072" # Makejail: /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/Makejail)
[00:00:02] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/ARG (args:badwolf_tag=13.3)
[00:00:03] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/build/FROM (args:--entrypoint gh+AppJail-makejails/badwolf badwolf:${badwolf_tag})
[00:00:03] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/CMD (args:pw useradd -n badwolf -c "Minimalist and privacy-oriented WebKitGTK+ browser" -d /home/badwolf -s /bin/sh)
[00:00:03] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/CMD (args:mkdir -p /home/badwolf/.local/share/badwolf/webkit-web-extension)
[00:00:03] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/CMD (args:mkdir -p /home/badwolf/.config/badwolf)
[00:00:03] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/CMD (args:chown -R badwolf:badwolf /home/badwolf)
[00:00:04] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/COPY (args:usr)
[00:00:04] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/build/STOP (args:)
[00:00:04] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/ENV (args:DISPLAY=:0)
[00:00:04] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/USER (args:badwolf)
[00:00:04] [ debug ] [badwolf1] Running makejail command (cmd): /usr/local/share/appjail/makejail/cmd/all/RUN (args:badwolf.sh)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/all/ARG (input:/usr/local/appjail/cache/tmp/.appjail/appjail.ZIY2LP6IPL)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/build/FROM (input:/usr/local/appjail/cache/tmp/.appjail/appjail.k8HQvrHx6o)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/build/OPTION (input:/usr/local/appjail/cache/tmp/.appjail/appjail.446F8Cgkh7)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/all/RAW (input:/usr/local/appjail/cache/tmp/.appjail/appjail.FLvI6quf1Y/stages/build/0.RAW)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/all/RAW (input:/usr/local/appjail/cache/tmp/.appjail/appjail.FLvI6quf1Y/stages/build/1.RAW)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/all/RAW (input:/usr/local/appjail/cache/tmp/.appjail/appjail.FLvI6quf1Y/stages/build/6.RAW)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/all/CMD (input:/usr/local/appjail/cache/tmp/.appjail/appjail.FLvI6quf1Y/stages/build/9.CMD)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/all/CMD (input:/usr/local/appjail/cache/tmp/.appjail/appjail.FLvI6quf1Y/stages/build/10.CMD)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/all/CMD (input:/usr/local/appjail/cache/tmp/.appjail/appjail.FLvI6quf1Y/stages/build/11.CMD)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/all/CMD (input:/usr/local/appjail/cache/tmp/.appjail/appjail.FLvI6quf1Y/stages/build/12.CMD)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/all/COPY (input:/usr/local/appjail/cache/tmp/.appjail/appjail.FLvI6quf1Y/stages/build/13.COPY)
[00:00:05] [ debug ] [badwolf1] Running makejail command (write): /usr/local/share/appjail/makejail/write/build/STOP (input:/usr/local/appjail/cache/tmp/.appjail/appjail.FLvI6quf1Y/stages/build/14.STOP)
[00:00:05] [ debug ] [badwolf1] Buildscript generated:
[00:00:05] [ debug ] [badwolf1] set -T
[00:00:05] [ debug ] [badwolf1]
[00:00:05] [ debug ] [badwolf1] . "${APPJAIL_CONFIG}"
[00:00:05] [ debug ] [badwolf1] . "${LIBDIR}/load"
[00:00:05] [ debug ] [badwolf1]
[00:00:05] [ debug ] [badwolf1] lib_load "${LIBDIR}/sysexits"
[00:00:05] [ debug ] [badwolf1] lib_load "${LIBDIR}/atexit"
[00:00:05] [ debug ] [badwolf1] lib_load "${LIBDIR}/log"
[00:00:05] [ debug ] [badwolf1] lib_load "${LIBDIR}/check_func"
[00:00:05] [ debug ] [badwolf1]
[00:00:05] [ debug ] [badwolf1] lib_atexit_init
[00:00:05] [ debug ] [badwolf1]
[00:00:05] [ debug ] [badwolf1] trap '' SIGINT
[00:00:05] [ debug ] [badwolf1] set -e
[00:00:05] [ debug ] [badwolf1] badwolf_tag="13.3"
[00:00:05] [ debug ] [badwolf1] lib_load "${LIBDIR}/check_func"
[00:00:05] [ debug ] [badwolf1]
[00:00:05] [ debug ] [badwolf1] while [ $# -gt 0 ]; do
[00:00:05] [ debug ] [badwolf1] case "$1" in
[00:00:05] [ debug ] [badwolf1] --badwolf_tag)
[00:00:05] [ debug ] [badwolf1] badwolf_tag="$2"; shift
[00:00:05] [ debug ] [badwolf1] ;;
[00:00:05] [ debug ] [badwolf1] --)
[00:00:05] [ debug ] [badwolf1] shift
[00:00:05] [ debug ] [badwolf1] break
[00:00:05] [ debug ] [badwolf1] ;;
[00:00:05] [ debug ] [badwolf1] --)
[00:00:05] [ debug ] [badwolf1] lib_err ${EX_USAGE} -- "$1: Invalid option."
[00:00:05] [ debug ] [badwolf1] ;;
[00:00:05] [ debug ] [badwolf1] )
[00:00:05] [ debug ] [badwolf1] break
[00:00:05] [ debug ] [badwolf1] ;;
[00:00:05] [ debug ] [badwolf1] esac
[00:00:05] [ debug ] [badwolf1]
[00:00:05] [ debug ] [badwolf1] shift
[00:00:05] [ debug ] [badwolf1] done
[00:00:05] [ debug ] [badwolf1] if lib_check_empty "$badwolf_tag"; then
[00:00:05] [ debug ] [badwolf1] lib_err ${EX_DATAERR} "option requires an argument -- badwolf_tag"
[00:00:05] [ debug ] [badwolf1] fi
[00:00:05] [ debug ] [badwolf1] "${APPJAIL_SCRIPT}" image import -a "amd64" -N .ajspec -n "badwolf" -t "${badwolf_tag}" -- "gh+AppJail-makejails/badwolf"
[00:00:05] [ debug ] [badwolf1] "${APPJAIL_SCRIPT}" image jail -a "amd64" -i "badwolf" -t "${badwolf_tag}" -- "${APPJAIL_JAILNAME}" "resolv_conf" "tzdata" "overwrite=force" "start" "virtualnet=ajnet:badwolf default" "nat" "copydir=/tmp/files" "file=/etc/rc.conf" "x11"
[00:00:05] [ debug ] [badwolf1] cd -- "/usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072" # Makejail: /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/Makejail
[00:00:05] [ debug ] [badwolf1] cd -- "/usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/options" # Makejail: /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/options/options.makejail
[00:00:05] [ debug ] [badwolf1] cd -- "/usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072" # Makejail: /usr/local/appjail/cache/git/064c3e3f57c6b08e7a2892ed7cc20a5f8bd0aacfd20e04923099afe576a7c072/Makejail
[00:00:05] [ debug ] [badwolf1] "${APPJAIL_SCRIPT}" cmd jexec "${APPJAIL_JAILNAME}" env "badwolf_tag=${badwolf_tag}" sh -c "pw useradd -n badwolf -c "Minimalist and privacy-oriented WebKitGTK+ browser" -d /home/badwolf -s /bin/sh"
[00:00:05] [ debug ] [badwolf1] "${APPJAIL_SCRIPT}" cmd jexec "${APPJAIL_JAILNAME}" env "badwolf_tag=${badwolf_tag}" sh -c "mkdir -p /home/badwolf/.local/share/badwolf/webkit-web-extension"
[00:00:05] [ debug ] [badwolf1] "${APPJAIL_SCRIPT}" cmd jexec "${APPJAIL_JAILNAME}" env "badwolf_tag=${badwolf_tag}" sh -c "mkdir -p /home/badwolf/.config/badwolf"
[00:00:05] [ debug ] [badwolf1] "${APPJAIL_SCRIPT}" cmd jexec "${APPJAIL_JAILNAME}" env "badwolf_tag=${badwolf_tag}" sh -c "chown -R badwolf:badwolf /home/badwolf"
[00:00:05] [ debug ] [badwolf1] cp -a -- "usr" "${APPJAIL_JAILDIR}/"
[00:00:05] [ debug ] [badwolf1] "${APPJAIL_SCRIPT}" stop -- "${APPJAIL_JAILNAME}"
[00:00:06] [ debug ] [badwolf1] Cloning https://github.com/AppJail-makejails/badwolf as /usr/local/appjail/cache/tmp/.appjail/appjail.N2sXFepwFz ...
[00:00:06] [ info ] [badwolf] badwolf (arch:amd64, tag:13.3): already up to date.
[00:00:07] [ debug ] [badwolf1] quick parameters: import+root="input:/usr/local/appjail/cache/images/badwolf/13.3-amd64-image.appjail" portable resolv_conf tzdata overwrite=force start virtualnet=ajnet:badwolf default nat copydir=/tmp/files file=/etc/rc.conf x11
[00:00:07] [ warn ] [badwolf1] Trying to remove badwolf1 ...
[00:00:07] [ warn ] [badwolf1] badwolf1 is not running.
[00:00:07] [ debug ] [badwolf1] Destroy flags:
[00:00:08] [ debug ] [badwolf1] Removing
badwolf1jail...[00:00:08] [ debug ] [badwolf1] Using zfs-destroy(8) ...
[00:00:09] [ debug ] [badwolf1] Removing files...
[00:00:09] [ debug ] [badwolf1] badwolf1 was removed.
[00:00:09] [ info ] [badwolf1] Creating an empty jail ...
[00:00:09] [ info ] [badwolf1] Importing /usr/local/appjail/cache/images/badwolf/13.3-amd64-image.appjail as badwolf1 ...
[00:00:28] [ info ] [badwolf1] Done.
[00:00:28] [ debug ] [badwolf1] Adding files ("/etc/rc.conf") to the list of files to copy ...
[00:00:28] [ debug ] [badwolf1] (1/1): Checking /etc/rc.conf ...
[00:00:28] [ debug ] [badwolf1] (1/1): Copying etc/rc.conf ...
[00:00:28] [ debug ] [badwolf1] Copying /etc/localtime as /usr/local/appjail/jails/badwolf1/jail/etc/localtime
[00:00:28] [ debug ] [badwolf1] Copying /usr/local/etc/appjail/resolv.conf as /usr/local/appjail/jails/badwolf1/jail/etc/resolv.conf
[00:00:28] [ debug ] [badwolf1] Reserving an IPv4 address for badwolf1 in ajnet ...
[00:00:29] [ debug ] [badwolf1] VNET Interface:e[ab]_badwolf Description:
[00:00:29] [ debug ] [badwolf1] ajnet is the default router.
[00:00:29] [ debug ] [badwolf1] Creating NAT rules ...
[00:00:29] [ debug ] [badwolf1] Setting NAT rule: network:ajnet ext_if:wlan0 logopts:0 () on_if:wlan0
[00:00:30] [ error ] [badwolf1] The nat command requires appjail-nat/jail/ and appjail-nat/network/ anchors to work.
buckbucks%
I have the anchors in my pf.conf:
buckbucks% cat /etc/pf.conf /usr/src
nat-anchor "appjail-nat/jail/"
nat-anchor "appjail-nat/network/"
rdr-anchor "appjail-rdr/*"
anchor "appjail-nat/jail/"
anchor "appjail-nat/network/"
anchor "appjail-rdr/*"
buckbucks% /usr/src
buckbucks%
pf is running i dont know why i keep getting the errors.
The text was updated successfully, but these errors were encountered: