From owner-freebsd-questions@FreeBSD.ORG  Tue Oct 16 23:59:53 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id E3FE7C1F
 for <freebsd-questions@freebsd.org>; Tue, 16 Oct 2012 23:59:53 +0000 (UTC)
 (envelope-from fbsd8@a1poweruser.com)
Received: from mail-03.name-services.com (mail-03.name-services.com
 [69.64.155.195])
 by mx1.freebsd.org (Postfix) with ESMTP id 80FBF8FC08
 for <freebsd-questions@freebsd.org>; Tue, 16 Oct 2012 23:59:53 +0000 (UTC)
Received: from [10.0.10.3] ([173.88.213.199]) by mail-03.name-services.com
 with Microsoft SMTPSVC(6.0.3790.4675); 
 Tue, 16 Oct 2012 16:58:41 -0700
Message-ID: <507DF4AC.3000003@a1poweruser.com>
Date: Tue, 16 Oct 2012 19:58:36 -0400
From: Fbsd8 <fbsd8@a1poweruser.com>
User-Agent: Thunderbird 2.0.0.17 (Windows/20080914)
MIME-Version: 1.0
To: freebsd-questions@freebsd.org, David Wolfskill <david@catwhisker.org>
Subject: Re: IPCS resource access within a down-level jail?
References: <20121016205149.GA1817@albert.catwhisker.org>
In-Reply-To: <20121016205149.GA1817@albert.catwhisker.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 16 Oct 2012 23:58:41.0409 (UTC)
 FILETIME=[2AEEF710:01CDABFA]
X-Sender: fbsd8@a1poweruser.com
X-Authenticated-Sender: fbsd8@a1poweruser.com
X-EchoSenderHash: [fbsd8]-[a1poweruser*com]
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Oct 2012 23:59:54 -0000

David Wolfskill wrote:
> [Please include me in responses; I've set Reply-To as a hint.  Thanks!]
> 
> A colleague had been running a program that makes use of IPCS message
> queues in a 7.x/i386 environment.
> 
> He was moved to a 32-bit 7.x-based jail instantiated on an 8.x/amd64
> host.
> 
> Within that jail, "ipcs -a" now fails to come anywhere near close to
> reporting what it does outside the jail.
> 
> I then performed an experiment: I created a 7.x/i386 jail on my
> 9.x/i386 laptop.  I verified that "ipcs -a" (outside the jail) shows
> Stuff:
> 
> d134(9.1-P)[1] ipcs -a
> Message Queues:
> T           ID          KEY MODE        OWNER    GROUP    CREATOR  CGROUP                 CBYTES                 QNUM               QBYTES        LSPID        LRPID STIME    RTIME    CTIME   
> 
> Shared Memory:
> T           ID          KEY MODE        OWNER    GROUP    CREATOR  CGROUP         NATTCH        SEGSZ         CPID         LPID ATIME    DTIME    CTIME   
> m       393216            0 --rw------- david    david    david    david               2       393216         3671         3147  8:23:37 no-entry  8:23:37
> m       851969            0 --rw------- david    david    david    david               2       262080         3861         3147  9:24:09 no-entry  9:24:09
> m       458754            0 --rw------- david    david    david    david               2       384000         3861         3147  9:24:09 no-entry  9:24:09
> 
> Semaphores:
> T           ID          KEY MODE        OWNER    GROUP    CREATOR  CGROUP          NSEMS OTIME    CTIME   
> 
> d134(9.1-P)[2] 
> 
> 
> Inside the jail, using the 7.x version of ipcs, I get:
> 
> %ipcs -a
> ipcs: sysctlbyname: kern.ipc.msqids: Cannot allocate memory
> %
> 
> I then recompiled the 9.x versions of ipcs & ipcrm and linked them
> statically; running that verion of ipcs, I see:
> 
> %~/bin/!!
> ~/bin/ipcs -a
> Message Queues:
> T           ID          KEY MODE        OWNER    GROUP    CREATOR  CGROUP                 CBYTES                 QNUM               QBYTES        LSPID        LRPID STIME    RTIME    CTIME   
> 
> Shared Memory:
> T           ID          KEY MODE        OWNER    GROUP    CREATOR  CGROUP         NATTCH        SEGSZ         CPID         LPID ATIME    DTIME    CTIME   
> m       393216            0 --rw------- david    david    david    david               2       393216         3671         3147 15:23:37 no-entry 15:23:37
> m       655362            0 --rw------- david    david    david    david               2       262080         3861         3147 18:39:30 no-entry 18:39:30
> 
> Semaphores:
> T           ID          KEY MODE        OWNER    GROUP    CREATOR  CGROUP          NSEMS OTIME    CTIME   
> 
> %
> 
> Is this (inability to access IPCS resources properly within a
> "down-level" jail) expected behavior?
> 
> Is there a sane(?) way to provide IPCS resources inside a down-level
> jail?
> 
> Thanks!
> 
> Peace,
> david


Your problem is in the way you are trying to use jails. The jail has to 
be at the same major release level as the host. Host being 9.2 with a 
jail at 9.0 may work. But 9.x or 8.x host with 7.x jail for sure will 
not work.