1Known Issues 2============ 3 4This is a short list of known issues. 5 688 character mount path limitation 7---------------------------------- 8 9There is a know mountpoint path length limitation issue on FreeBSD which is set to a historical 88 character limit. 10 11This issue does not affect iocell jails from functioning properly, but can present challenges 12when diving into ZFS snapshots (cd into .zfs/snapshots, tar, etc.). 13 14ZFS snapshot creation and rollback is not affected. 15 16To workaround this issue iocell 1.6.0 introduced a ``hack88`` property. 17 18Example: 19 20Shut down jail: 21 22``iocell stop myjail`` 23 24Set the ``hack88`` property to "1": 25 26``iocell set hack88=1`` 27 28Start jail: 29 30``iocell start myjail`` 31 32To revert back to full paths repeat the procedure but set ``hack88=0``. 33 34To create a system wide default (introduced in 1.6.0) for all newly created jails use: 35 36``iocell set hack88=1 default`` 37 38Property validation 39------------------- 40 41iocell does not validate properties right now. Please refer to man page to see what is supported 42for each property. By default iocell pre-configures each property with a safe default. 43 44VNET/VIMAGE issues 45------------------ 46 47VNET/VIMAGE can cause unexpected system crashes when VNET enabled jails are destroyed - that is when the 48jail process is killed, removed, stopped. 49 50As a workaround iocell allows a warm restart without destroying the jail. 51By default the restart sub-command will execute a warm restart. 52 53Example: 54 55``iocell restart UUID`` 56 57FreeBSD 10.1-RELEASE is stable enough to run with VNET and warm restarts. 58There are production machines with iocell and VNET jails running well beyond 100 days of uptime 59running both PF and IPFW. 60 61VNET/VIMAGE issues w/ ALTQ 62-------------------------- 63 64As recent as FreeBSD 10.1-RELEASE-p10, there is some *interesting* interaction between VNET/VIMAGE and ALTQ, 65which is an ALTernate Queueing system used by PF and other routing software. Should you compile a kernel, make 66sure that you do not have any of the following lines in your kernconf (unless you want to disable VNET): 67 68:: 69 70 options ALTQ 71 options ALTQ_CBQ 72 options ALTQ_RED 73 options ALTQ_RIO 74 options ALTQ_HFSC 75 options ALTQ_CDNR 76 options ALTQ_PRIQ 77 78Otherwise, should you try to start a jail with VNET support enabled, your host system will more than likely crash. 79You can read a little more at the mailing list post `here <http://lists.freebsd.org/pipermail/freebsd-jail/2014-July/002635.html>`_. 80 81IPv6 host bind failures 82----------------------- 83 84In some cases a jail with an ip6 address may take too long adding the address 85to the interface, and services defined to bind specifically to that address 86may fail. In such cases, adding the following sysctl do disable DAD (duplicate 87address detection) probe packets. 88 89To set, ``sysctl net.inet6.ip6.dad_count=0``. To make it permanent, add the 90setting to sysctl.conf. 91 92:: 93 94 # disable duplicated address detection probe packets for jails 95 net.inet6.ip6.dad_count=0 96 97You can read a little more about this `here <https://github.com/iocell/iocell/issues/119>`_ and at the mailing list post `here <https://lists.freebsd.org/pipermail/freebsd-jail/2013-July/002347.html>`_. 98 99