194379 – Remove interface option from jail(8) example

Bug 194379 - Remove interface option from jail(8) example

Summary: Remove interface option from jail(8) example

Status:	New

Alias:	None

Product:	Documentation
Classification:	Unclassified
Component:	Manual Pages (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	freebsd-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-10-15 13:37 UTC by Wout Decré
Modified:	2018-04-09 07:16 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Wout Decré 2014-10-15 13:37:47 UTC

In the section "Starting the Jail" of the jail(8) man page, it is suggested to use the "interface" option to start the jail.

This results in the IP (alias) that is being assigned to the jail to be automatically created and destroyed.

But, when you (by mistake or on purpose) assign the host's primary IP address to the jail, and you do not have any aliases configured on the interface, this results in the interface going down.

This is pretty dangerous, so I would suggest removing the "interface" option from the example.

Using the primary IP address for jails is not good practice, but it is legal to do so without using the "automatic IP alias" functionality of jail(8).

When you do have aliases set on the interface before the jail starts, the interface does not go down, so it might be a bug in the jail(8) command.

For more information, see https://forums.freebsd.org/viewtopic.php?f=7&t=48436