Bug 92626

Summary: jail manpage should mention disabling some periodic scripts that do not make sense in a jail
Product: Documentation Reporter: Philip Hallstrom <philip>
Component: Manual PagesAssignee: freebsd-bugs (Nobody) <bugs>
Status: Open ---    
Severity: Affects Only Me CC: doc
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description Philip Hallstrom 2006-01-31 17:30:03 UTC 
     I have recently setup a jail on 6.0-STABLE.  When reviewing the daily periodic emails "security run output" and "daily run output" it contained the following:

ipfw: socket: Operation not permitted
ip6fw: socket: Protocol not supported

Network interface status:
netstat: kvm not available
ifnet: symbol not defined

I think it might be worth mentioning in the manpage when setting up a jail to add the following to /etc/periodic.conf:

daily_status_network_enable="NO"
daily_status_security_ipfwdenied_enable="NO"
daily_status_security_ipfdenied_enable="NO"
daily_status_security_pfdenied_enable="NO"
daily_status_security_ipfwlimit_enable="NO"
daily_status_security_ip6fwdenied_enable="NO"
daily_status_security_ipf6denied_enable="NO"
daily_status_security_ip6fwlimit_enable="NO"

This will stop the tests that are trying to run commands that aren't valid inside of a jail because they don't have access to those resources.

Fix: 

see above
How-To-Repeat: Setup a full blown jail.  Let it run over night.  Examine the output of the periodic emails.
Comment 1 Eitan Adler freebsd_committer freebsd_triage 2017-12-31 08:00:23 UTC 
For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped