Bug 194379

Summary: Remove interface option from jail(8) example
Product: Documentation Reporter: wout
Component: Manual PagesAssignee: freebsd-bugs (Nobody) <bugs>
Status: New ---    
Severity: Affects Many People CC: doc
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   

Description wout 2014-10-15 13:37:47 UTC
In the section "Starting the Jail" of the jail(8) man page, it is suggested to use the "interface" option to start the jail.

This results in the IP (alias) that is being assigned to the jail to be automatically created and destroyed.

But, when you (by mistake or on purpose) assign the host's primary IP address to the jail, and you do not have any aliases configured on the interface, this results in the interface going down.

This is pretty dangerous, so I would suggest removing the "interface" option from the example.

Using the primary IP address for jails is not good practice, but it is legal to do so without using the "automatic IP alias" functionality of jail(8).

When you do have aliases set on the interface before the jail starts, the interface does not go down, so it might be a bug in the jail(8) command.

For more information, see https://forums.freebsd.org/viewtopic.php?f=7&t=48436