Re: ezjail with vimage
Bjoern A. Zeeb wrote: *mumble* *tired* *again* .. Let me cite man rc.conf to not mess it up again: jail__exec_afterstart (str) Unset by default. This is the command run as Nth com- mand in a jail after jail startup, where N is 1, 2, and so on. jail__exec_poststart (str) Unset by default. This is the command run as Nth com- mand after jail startup, where N is 0, 1, and so on. It is run outside the jail. And that's it! I have my jails on 7.x (same machines as was in time of my first question about cpuset) and 7.2 have not exec_poststart in rc.conf or rc.d/jail. exec_poststart is available only on 8.0+ I can imagine solution with exec_poststart. Will it be merged to 7-STABLE or should I do it in my private copy? Thank you for your clarification of this issue. Miroslav Lachman ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: ezjail with vimage
On Mon, 7 Dec 2009, Miroslav Lachman wrote: Bjoern A. Zeeb wrote: On Mon, 7 Dec 2009, Miroslav Lachman wrote: Hi Miroslav, The last time I wrote with Bjoern A. Zeeb about jailname, cpuset etc. support in rc.conf (back in March 2009) he stated that "there is no need to add anything" because it can be done by jail_NAME_flags. AFAIK current system still doesn't allow me to set cpuset to jail from rc.conf Check /etc/defaults/rc.conf for jail_example_exec_afterstart. You already said that in the past and it was the reason why I found bug in cpuset. http://lists.freebsd.org/pipermail/freebsd-jail/2009-April/000830.html As I said, exec_afterstart is executed inside the jail and it means that I can not use it to bind the jail to specific CPU cores. ...but maybe I am blind. Can you correct me if I am wrong? *mumble* *tired* *again* .. Let me cite man rc.conf to not mess it up again: jail__exec_afterstart (str) Unset by default. This is the command run as Nth com- mand in a jail after jail startup, where N is 1, 2, and so on. jail__exec_poststart (str) Unset by default. This is the command run as Nth com- mand after jail startup, where N is 0, 1, and so on. It is run outside the jail. HTH /bz -- Bjoern A. Zeeb It will not break if you know what you are doing. ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: Jail's syslogd log to host's syslogd with unix socket
Manolis Tzanidakis wrote: > syslogd_flags="-ss -l /usr/jails/jail1/var/run/log" When starting syslogd from the shell you can add the -d flag, that might print an error message if the socket cannot be opened. > Jail's rc.conf: > syslogd_flags="-ss" The jails should not start any syslogd, use syslogd_enable="NO". -- Martin ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: ezjail with vimage
Bjoern A. Zeeb wrote: On Mon, 7 Dec 2009, Miroslav Lachman wrote: Hi Miroslav, The last time I wrote with Bjoern A. Zeeb about jailname, cpuset etc. support in rc.conf (back in March 2009) he stated that "there is no need to add anything" because it can be done by jail_NAME_flags. AFAIK current system still doesn't allow me to set cpuset to jail from rc.conf Check /etc/defaults/rc.conf for jail_example_exec_afterstart. You already said that in the past and it was the reason why I found bug in cpuset. http://lists.freebsd.org/pipermail/freebsd-jail/2009-April/000830.html As I said, exec_afterstart is executed inside the jail and it means that I can not use it to bind the jail to specific CPU cores. ...but maybe I am blind. Can you correct me if I am wrong? From my point of view, it can be done in rc.subr as more general way allowing to use cpuset for "any" process started by rc.subr similar to what is proposed in this patch for setfib http://www.kes.net.ua/softdev/fib_patch.html Miroslav Lachman ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: Jail's syslogd log to host's syslogd with unix socket
On Mon, Dec 07, 2009 at 06:27:50PM +0200, Manolis Tzanidakis wrote: > Hello all, > I want to log from a jail's syslogd to the host's syslogd using a unix > socket. I've added in host's rc.conf (followed by syslogd restart): > syslogd_flags="-ss -l /usr/jails/jail1/var/run/log" > > Jail's rc.conf: > syslogd_flags="-ss" > > but nothing is logged in host's syslogd. I'd like to avoid UDP if > possible. Any ideas? man syslogd "-s Operate in secure mode. Do not log messages from remote machines. If specified twice, no network socket will be opened at all, which also disables logging to remote machines." -- Scott LambertKC5MLE Unix SysAdmin lamb...@lambertfam.org ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: ezjail with vimage
On Mon, 7 Dec 2009, Miroslav Lachman wrote: Hi Miroslav, The last time I wrote with Bjoern A. Zeeb about jailname, cpuset etc. support in rc.conf (back in March 2009) he stated that "there is no need to add anything" because it can be done by jail_NAME_flags. AFAIK current system still doesn't allow me to set cpuset to jail from rc.conf Check /etc/defaults/rc.conf for jail_example_exec_afterstart. /bz -- Bjoern A. Zeeb It will not break if you know what you are doing. ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Jail's syslogd log to host's syslogd with unix socket
Hello all, I want to log from a jail's syslogd to the host's syslogd using a unix socket. I've added in host's rc.conf (followed by syslogd restart): syslogd_flags="-ss -l /usr/jails/jail1/var/run/log" Jail's rc.conf: syslogd_flags="-ss" but nothing is logged in host's syslogd. I'd like to avoid UDP if possible. Any ideas? Best regards, Manolis -- Manolis Tzanidakis mtzanida...@gmail.com ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: ezjail with vimage
Quoting Miroslav Lachman <000.f...@quip.cz> (from Mon, 07 Dec 2009 13:27:31 +0100): Alexander Leidinger wrote: Quoting Alexander Petrovsky (from Mon, 7 Dec 2009 17:04:04 +0800): Hello! I want merge all my jails (ezjail framework) working under freebsd 7.2 to freebsd 8.0 with support vimage. Ezjail don't support jail_NAME_flags="" http://www.leidinger.net/FreeBSD/current-patches/jail.diff Take only the part for the first two files. After that you have jail_NAME_jailname, jail_NAME_securelevel and jail_NAME_startparams. It also makes more sanity checks for the fstab entries. Hi, is this patch just for your private use or is it something commitable? It is for my private use, as bz does not want to have it in the official rc.d script. At least this was the case shortly after the functionality appeared and I needed something like this. Bye, Alexander. -- Freedom is slavery. Ignorance is strength. War is peace. -- George Orwell http://www.Leidinger.netAlexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: ezjail with vimage
Alexander Leidinger wrote: Quoting Alexander Petrovsky (from Mon, 7 Dec 2009 17:04:04 +0800): Hello! I want merge all my jails (ezjail framework) working under freebsd 7.2 to freebsd 8.0 with support vimage. Ezjail don't support jail_NAME_flags="" http://www.leidinger.net/FreeBSD/current-patches/jail.diff Take only the part for the first two files. After that you have jail_NAME_jailname, jail_NAME_securelevel and jail_NAME_startparams. It also makes more sanity checks for the fstab entries. Hi, is this patch just for your private use or is it something commitable? The last time I wrote with Bjoern A. Zeeb about jailname, cpuset etc. support in rc.conf (back in March 2009) he stated that "there is no need to add anything" because it can be done by jail_NAME_flags. AFAIK current system still doesn't allow me to set cpuset to jail from rc.conf Miroslav Lachman ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: ezjail with vimage
Alexander Petrovsky wrote: Hello! I want merge all my jails (ezjail framework) working under freebsd 7.2 to freebsd 8.0 with support vimage. Ezjail don't support jail_NAME_flags="" Whether, I can simply change the line in /usr/local/etc/rc.d/ezjail: # Pass control to jail script which does the actual work [ "${ezjail_pass}" ]&& sh /etc/rc.d/jail one${action%crypto} ${ezjail_pass} and add some parametres like: "jail -c vnet name=*vnet1* host.hostname=*vnet1.example.net* path=/ persist" You can add what ever variables you want in to /usr/local/etc/ezjail/vnet1_example_net It will be exported to /etc/rc.d/jail, so you can use: export jail_vnet1_example_net_flags="my special flags here" Or you can try to set it in /etc/rc.conf. Ezjail is not so special as it looks. Miroslav Lachman ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: ezjail with vimage
Miroslav Lachman, Alexander Leidinger - big thanks! -- Петровский Александр / Alexander Petrovsky, ICQ: 350342118 Jabber: ju...@jabber.ru Phone: +7 914 8 820 815 ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: ezjail with vimage
Quoting Alexander Petrovsky (from Mon, 7 Dec 2009 17:04:04 +0800): Hello! I want merge all my jails (ezjail framework) working under freebsd 7.2 to freebsd 8.0 with support vimage. Ezjail don't support jail_NAME_flags="" http://www.leidinger.net/FreeBSD/current-patches/jail.diff Take only the part for the first two files. After that you have jail_NAME_jailname, jail_NAME_securelevel and jail_NAME_startparams. It also makes more sanity checks for the fstab entries. Bye, Alexander. -- BOFH excuse #172: pseudo-user on a pseudo-terminal http://www.Leidinger.netAlexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Current problem reports assigned to freebsd-jail@FreeBSD.org
Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description o kern/133265 jail [jail] is there a solution how to run nfs client in ja o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566jail [jail] [patch] fstat(1) according to specified jid o bin/32828jail [jail] w(1) incorrectly handles stale utmp slots with 4 problems total. ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: Cant't access mysql.sock (running on a jail) from a separate jail
Thanks a lot for answering. The hard link method works (all jails in the same fs). I' ve also tried unionfs but never managed to get it working. Anyone care to share a working example with unionfs? It might be useful in future projects. -- Manolis Tzanidakis mtzanida...@gmail.com 07 Δεκ 2009, 0:32, ο/η Miroslav Lachman <000.f...@quip.cz> έγραψε: Manolis Tzanidakis wrote: Hello all, maybe this is already answered, but searching the list's archives was not working at the moment. Anyway, I've got a server running 8.0-RELEASE with various jails, all setup with ezjail. One jail is running mysql and another is running apache. I have a directory /usr/jails/mysqltmp (owned by mysql:mysql) on the host system, which is mounted in both jails as /mysqltmp with: /etc/fstab.mysqljail: /usr/jails/mysqltmp /usr/jails/mysqljail/mysqltmp nullfs rw 0 0 /etc/fstab.apachejail: /usr/jails/mysqltmp /usr/jails/mysqlapache/mysqltmp nullfs ro 0 0 (tried it also with 'rw', same results) I've setup my.cnf in mysqljail to write the mysql.sock socket in /mysqltmp and I can access mysql from this jail without problems, as expected. On the apachejail the socket shows up in /mysqltmp, however I can't connect: # mysql -S /mysqltmp/mysql.sock -u root -p ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/mysqltmp/mysql.socket' (2) You can use hardlink if you have your jails on one filesystem, or you can try unionfs instead of nullfs. Miroslav Lachman ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
ezjail with vimage
Hello! I want merge all my jails (ezjail framework) working under freebsd 7.2 to freebsd 8.0 with support vimage. Ezjail don't support jail_NAME_flags="" Whether, I can simply change the line in /usr/local/etc/rc.d/ezjail: # Pass control to jail script which does the actual work [ "${ezjail_pass}" ] && sh /etc/rc.d/jail one${action%crypto} ${ezjail_pass} and add some parametres like: "jail -c vnet name=*vnet1* host.hostname=*vnet1.example.net* path=/ persist" -- Петровский Александр / Alexander Petrovsky, ICQ: 350342118 Jabber: ju...@jabber.ru Phone: +7 914 8 820 815 ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"