On Wed, 03 Jun 2009 13:05:03 +0200 Henrik Lidström wrote:
Quoting Bjoern A. Zeeb b...@zabbadoz.net:
On Sun, 31 May 2009, Boris Samorodov wrote:
Hi,
has something changed at CURRENT with sysvipc jail handling?
This jail has been working fine for almost a year.
I've upgrade CURRENT to yesterday's sources and can't start
postgresql in a jail anymore:
- the jail -
% tail -2 /var/log/messages
May 31 18:22:47 pg postgres[55425]: [1-1] FATAL: could not create
shared memory segment: Function not implemented
May 31 18:22:47 pg postgres[55425]: [1-2] DETAIL: Failed system
call was shmget(key=5432001, size=30384128, 03600).
% sysctl security.jail.sysvipc_allowed
security.jail.sysvipc_allowed: 0
% grep sysvipc /etc/sysctl.conf
security.jail.sysvipc_allowed=1
- the host -
% uname -a
FreeBSD tba.bsam.ru 8.0-CURRENT FreeBSD 8.0-CURRENT #0: Sun May 31
11:28:31 MSD 2009 r...@tba.bsam.ru:/usr/obj/usr/src/sys/TBA
amd64
% sysctl security.jail.sysvipc_allowed
security.jail.sysvipc_allowed: 1
-
I'll look into that; possibly the default option is not properly taken
into account for the new jail framework.
/bz
--
Bjoern A. Zeeb The greatest risk is not taking one.
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Somehow I cant email to the mailinglist(it doesnt show up), so I send
directly to you.
I also noticed the problem with security.jail.sysvipc_allowed as above.
Also noticed that I from a jail now can see all filesystems (and that
jls -v is broken, probably a problem with cpuset?).
EXTBSD02-PROD# uname -a
FreeBSD EXTBSD02-PROD.digidoc.com 8.0-CURRENT FreeBSD 8.0-CURRENT #6:
Tue Jun 2 10:05:40 CEST 2009
r...@extbsd02-prod.digidoc.com:/data01/obj/usr/src/sys/EXTBSD02 i386
EXTBSD02-PROD# jls -v
jls: unknown parameter: cpuset
EXTBSD02-PROD#
EXTBSD02-PROD# jls
JID IP Address Hostname Path
1 195.67.11.41INTDB01-PROD
/data00/jails/INTDB01-PROD
2 195.67.11.9 INTLOG01-PROD.digidoc.com
/data00/jails/INTLOG01-PROD
3 62.20.119.164 EXTNS01-PROD
/data00/jails/EXTNS01-PROD
4 62.20.119.230 PROXY03.digidoc.com /data00/jails/PROXY03
EXTBSD02-PROD# jexec 1 /bin/csh
You have mail.
INTDB01-PROD# mount -v
/dev/da0s1a on / (ufs, local)
devfs on /dev (devfs, local)
/dev/da0s1e on /tmp (ufs, local, soft-updates)
/dev/da0s1f on /usr (ufs, local, noatime, soft-updates)
/dev/da0s1d on /var (ufs, local, noatime, soft-updates)
/dev/da0s2a on /data00 (ufs, local, noatime, soft-updates)
/dev/da1s1d on /data01 (ufs, local, noatime, soft-updates)
tmpfs on /data00/jails/PROXY03/usr/local/squid/scan_dir (tmpfs, local)
/data01/data/ports on /data00/jails/EXTNS01-PROD/usr/ports (nullfs,
local, noatime)
/data01/data/ports on /data00/jails/INTDB01-PROD/usr/ports (nullfs,
local, noatime)
/data01/data/ports on /data00/jails/INTLOG01-PROD/usr/ports (nullfs,
local, noatime)
/data01/data/ports on /data00/jails/INTSIM01-PROD/usr/ports (nullfs,
local, noatime)
/data01/data/ports on /data00/jails/PROXY03/usr/ports (nullfs, local, noatime)
/data01/backup/INTDB01PROD/databases on
/data00/jails/INTDB01-PROD/usr/backup (nullfs, local, noatime)
devfs on /data00/jails/INTDB01-PROD/dev (devfs, local)
procfs on /data00/jails/INTDB01-PROD/proc (procfs, local)
devfs on /data00/jails/INTLOG01-PROD/dev (devfs, local)
procfs on /data00/jails/INTLOG01-PROD/proc (procfs, local)
devfs on /data00/jails/EXTNS01-PROD/dev (devfs, local)
procfs on /data00/jails/EXTNS01-PROD/proc (procfs, local)
devfs on /data00/jails/PROXY03/dev (devfs, local)
procfs on /data00/jails/PROXY03/proc (procfs, local)
INTDB01-PROD#
There is definitely some inconsistency. JAIL(8) at recent
CURRENT talk about security.jail.param.allow.sysvipc and
it is listed via sysctl -d security.jail.param. But seems
not to be used:
- at the jail -
# sysctl security.jail.param.allow.sysvipc
#
-
WBR
--
Boris Samorodov (bsam)
Research Engineer, http://www.ipt.ru Telephone Internet SP
FreeBSD Committer, http://www.FreeBSD.org The Power To Serve
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org