Re: Signal 11 messages showing in all jails?
Quoting Andrew Snow <[EMAIL PROTECTED]> (from Mon, 19 May 2008 21:08:38 +1000): Sorry for previous message, it wasn't devfs rules at all that solved this problem. The rules you posted are part of some kind of workaround. The rules didn't include the "syslog pipe" for kernel messages (depends upon your version of FreeBSD), so there should be no messages from the kernel (like sig 11) in the syslog anymore with this. Instead you should set this in /etc/sysctl.conf: security.bsd.unprivileged_read_msgbuf=0 This also has implication for the jail-host. You need to be root to read the dmesg. All this is just a workaround, but not really a solution to the problem. Ideally each jail gets messages from the kernel which _belong_ into this jail (e.g. sig 11, if a process from _this_ jail dies in this way). Bye, Alexander. -- Pure drivel tends to drive ordinary drivel off the TV screen. http://www.Leidinger.netAlexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Signal 11 messages showing in all jails?
Sorry for previous message, it wasn't devfs rules at all that solved this problem. Instead you should set this in /etc/sysctl.conf: security.bsd.unprivileged_read_msgbuf=0 ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Current problem reports assigned to freebsd-jail@FreeBSD.org
Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description s kern/89528 jail [jail] [patch] impossible to kill a jail o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail 2 problems total. Non-critical problems S Tracker Resp. Description o bin/32828jail [jail] w(1) incorrectly handles stale utmp slots with o kern/68192 jail [quotas] [jail] Cannot use quotas on jailed systems o kern/72498 jail [libc] [jail] timestamp code on jailed SMP machine gen o kern/74314 jail [resolver] [jail] DNS resolver broken under certain ja o kern/84215 jail [jail] [patch] wildcard ip (INADDR_ANY) should not bin o kern/89989 jail [jail] [patch] Add option -I (ASCII 73) PID to specif o kern/97071 jail [jail] [patch] add security.jail.jid sysctl o bin/99566jail [jail] [patch] fstat(1) according to specified jid o bin/119305 jail [jail] [patch] jexec(8): jexec -n prisonname: selectio o kern/120753 jail [jail] Zombie jails (jailed child process exits while 10 problems total. ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Signal 11 messages showing in all jails?
Here are the devfs rules I use, which is one workaround for the problem (among other things..) "hide", "path null unhide", "path zero unhide", "path crypto unhide", "path random unhide", "path urandom unhide", "path 'ptyp*' unhide", "path 'ptyq*' unhide", "path 'ptyr*' unhide", "path 'ptys*' unhide", "path 'ptyP*' unhide", "path 'ptyQ*' unhide", "path 'ptyR*' unhide", "path 'ptyS*' unhide", "path 'ttyp*' unhide", "path 'ttyq*' unhide", "path 'ttyr*' unhide", "path 'ttys*' unhide", "path 'ttyP*' unhide", "path 'ttyQ*' unhide", "path 'ttyR*' unhide", "path 'ttyS*' unhide", "path fd unhide", "path 'fd/*' unhide", "path stdin unhide", "path stdout unhide", "path stderr unhide" ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Signal 11 messages showing in all jails?
Quoting Scott Lambert <[EMAIL PROTECTED]> (from Mon, 19 May 2008 00:17:07 -0500): Is this supposed to happen? FreeBSD 6.2 order.cgi is only installed in one jail on this system, but I see this report in all the jail on that system. The below lines are from the daily security run output for one of the other jails. I just want to make sure this is operating as expected rather than a bug. It's not only the signal 11 messages, it's all kernel messages. There's no jail filter for the kernel messages, so this is expected behavior (this doesn't mean this behavior is the right one). Bye, Alexander. -- Most people need some of their problems to help take their mind off some of the others. http://www.Leidinger.netAlexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[EMAIL PROTECTED]"
