Am Thu, Sep 11, 2008 at 07:47:21PM +0200 schrieb Tobias Rehbein:
> I have net/skype installed on my workstation and it just works fine. Now I
> wonder if it's possible to run skype in a jail.
> Before I start investing time in this I would like to know if someone has
> done it before or if it would be just a waste of time.

Hello all.

As nobody seems to have experience with this I decided to set up a simple jail
to test this. Unfortunately skype keeps dumping core when I'm trying to start
it. Perhaps someone has a hint for me how to deal with this.

I tried to set up a jail as unrestrictve as possible. My goal was to get whole
thing running and lock down the jail later.

        #uname -a
        FreeBSD sushi.pseudo.local 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #17: 
        Thu Sep 11 19:04:40 CEST 2008     
        [EMAIL PROTECTED]:/usr/obj/usr/src/sys/SUSHI  i386

        #sysctl security.jail.
        security.jail.jailed: 1
        security.jail.mount_allowed: 0
        security.jail.chflags_allowed: 0
        security.jail.allow_raw_sockets: 1
        security.jail.enforce_statfs: 2
        security.jail.sysvipc_allowed: 1
        security.jail.socket_unixiproute_only: 0
        security.jail.set_hostname_allowed: 1

        #sysctl compat.linux
        compat.linux.oss_version: 198144
        compat.linux.osrelease: 2.6.16
        compat.linux.osname: Linux

        #pkg_info | grep linux_base
        linux_base-fc6-6_5  Base set of packages needed in Linux mode (for 
        #grep LINUX /etc/make.conf

devfs is mounted and I use the same ruleset as in the host system.

        #kdump -f ktrace.out | head
        84180 skype    CALL  access(0x292b2b61,R_OK)
        84180 skype    NAMI  "/compat/linux/etc/"
        84180 skype    NAMI  "/etc/"
        84180 skype    RET   access JUSTRETURN
        84180 skype    CALL  open(0x292b2d49,O_RDONLY,<unused>0)
        84180 skype    NAMI  "/compat/linux/etc/"
        84180 skype    NAMI  "/compat/linux"
        84180 skype    NAMI  "/compat/linux/etc/"
        84180 skype    RET   open 3
        84180 skype    CALL  
 (lots of '0,'s)

The funny thing is kdump itself coredumps when dumping the whole thing out (I
guess that has something todo with this endless '...0,0,0,0,0...' sequence).

Last but not least my kernel config:

        cpu             I686_CPU
        ident           SUSHI
        options         SCHED_ULE               # ULE scheduler
        options         PREEMPTION              # Enable kernel thread 
        options         INET                    # InterNETworking
        options         INET6                   # IPv6 communications protocols
        options         SCTP                    # Stream Control Transmission 
        options         FFS                     # Berkeley Fast Filesystem
        options         SOFTUPDATES             # Enable FFS soft updates 
        options         UFS_DIRHASH             # Improve performance on big 
        options         MSDOSFS                 # MSDOS Filesystem
        options         CD9660                  # ISO 9660 Filesystem
        options         PSEUDOFS                # Pseudo-filesystem framework
        options         GEOM_LABEL              # Provides labelization
        options         COMPAT_43TTY            # BSD 4.3 TTY compat [KEEP 
        options         SCSI_DELAY=5000         # Delay (in ms) before probing 
        options         KTRACE                  # ktrace(1) support
        options         STACK                   # stack(9) support
        options         SYSVSHM                 # SYSV-style shared memory
        options         SYSVMSG                 # SYSV-style message queues
        options         SYSVSEM                 # SYSV-style semaphores
        options         _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time 
        options         KBD_INSTALL_CDEV        # install a CDEV entry in /dev
        options         ADAPTIVE_GIANT          # Giant mutex is adaptive.
        options         STOP_NMI                # Stop CPUS using NMI instead 
of IPI
        options         SMP                     # Symmetric MultiProcessor 
        device          apic                    # I/O APIC
        device          cpufreq
        device          eisa
        device          pci
        device          ata
        device          atadisk         # ATA disk drives
        device          atapicd         # ATAPI CDROM drives
        options         ATA_STATIC_ID   # Static device numbering
        options         AHC_REG_PRETTY_PRINT    # Print register bitfields in 
                                                # output.  Adds ~128k to driver.
        options         AHD_REG_PRETTY_PRINT    # Print register bitfields in 
                                                # output.  Adds ~215k to driver.
        device          scbus           # SCSI bus (required for SCSI)
        device          da              # Direct Access (disks)
        device          cd              # CD
        device          pass            # Passthrough device (direct SCSI 
        device          atkbdc          # AT keyboard controller
        device          atkbd           # AT keyboard
        device          psm             # PS/2 mouse
        device          vga             # VGA video card driver
        device          splash          # Splash screen and screen saver support
        device          sc
        device          agp             # support several AGP chipsets
        device          sio             # 8250, 16[45]50 based serial ports
        device          ppc
        device          ppbus           # Parallel port bus (required)
        device          miibus          # MII bus support
        device          re              # RealTek 8139C+/8169/8169S/8110S
        device          wlan            # 802.11 support
        device          wlan_wep        # 802.11 WEP support
        device          wlan_ccmp       # 802.11 CCMP support
        device          wlan_tkip       # 802.11 TKIP support
        device          wlan_amrr       # AMRR transmit rate control algorithm
        device          wlan_scan_ap    # 802.11 AP mode scanning
        device          wlan_scan_sta   # 802.11 STA mode scanning
        device          loop            # Network loopback
        device          random          # Entropy device
        device          ether           # Ethernet support
        device          pty             # Pseudo-ttys (telnet etc)
        device          md              # Memory "disks"
        device          firmware        # firmware assist module
        device          bpf             # Berkeley packet filter
        device          uhci            # UHCI PCI->USB interface
        device          ehci            # EHCI PCI->USB interface (USB 2.0)
        device          usb             # USB Bus (required)
        device          umass           # Disks/Mass storage - Requires scbus 
and da
        device          ums             # Mouse
        device          firewire        # FireWire bus code
        device          sbp             # SCSI over FireWire (Requires scbus 
and da)
        device          atapicam
        device          sound
        device          snd_hda
        device          wpi
        device          drm
        device          radeondrm
        options         NULLFS
        options         ATKBD_DFLT_KEYMAP
        makeoptions     ATKBD_DFLT_KEYMAP=german.iso.acc
        options         IPFIREWALL
        options         IPDIVERT
        options         COMPAT_LINUX

Any help would be appreciated.

Regards Tobias

Tobias Rehbein

PGP key:         4F2AE314
    fingerprint: ECDA F300 1B6E 9B87 8524  8663 E8B6 3138 4F2A E314
_______________________________________________ mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to