Skip to content

Commit 505cac4

Browse files
committed
allow_vmm requires vnet or at least one IPv4 address
1 parent 9909f78 commit 505cac4

File tree

1 file changed

+18
-1
lines changed

1 file changed

+18
-1
lines changed

ioc/Jail.py

Lines changed: 18 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1603,9 +1603,18 @@ def devfs_ruleset(self) -> ioc.DevfsRules.DevfsRuleset:
16031603
devfs_ruleset.append("add path zfs unhide")
16041604

16051605
if self.config["allow_vmm"] is True:
1606+
if (self.config["vnet"] or self.__has_network_address) is False:
1607+
raise ioc.errors.InvalidJailConfigAddress(
1608+
property_name="allow_vmm",
1609+
jail=self,
1610+
reason=(
1611+
"VMs in jails require VNET "
1612+
"or at least one network address"
1613+
),
1614+
logger=self.logger
1615+
)
16061616
devfs_ruleset.append("add path vmm unhide")
16071617
devfs_ruleset.append("add path vmm/* unhide")
1608-
devfs_ruleset.append("add path tap* unhide")
16091618
devfs_ruleset.append("add path nmdm* unhide")
16101619

16111620
# create if the final rule combination does not exist as ruleset
@@ -1619,6 +1628,14 @@ def devfs_ruleset(self) -> ioc.DevfsRules.DevfsRuleset:
16191628
ruleset_line_position = self.host.devfs.index(devfs_ruleset)
16201629
return self.host.devfs[ruleset_line_position].number
16211630

1631+
@property
1632+
def __has_network_address(self) -> bool:
1633+
"""Return True when at least one network address is configured."""
1634+
for network in self.networks:
1635+
if len(network.ipv4_addresses) > 0:
1636+
return True
1637+
return False
1638+
16221639
@property
16231640
def _launch_command(self) -> typing.List[str]:
16241641

0 commit comments

Comments
 (0)