From owner-freebsd-questions@FreeBSD.ORG Thu Apr 24 15:20:21 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2E835849 for ; Thu, 24 Apr 2014 15:20:21 +0000 (UTC) Received: from mail-pb0-f42.google.com (mail-pb0-f42.google.com [209.85.160.42]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0234E17D2 for ; Thu, 24 Apr 2014 15:20:20 +0000 (UTC) Received: by mail-pb0-f42.google.com with SMTP id un15so2085417pbc.1 for ; Thu, 24 Apr 2014 08:20:20 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=zZvn3TnIV31aYB4EBjKJ1xv1Yp0keGxJO6URK8YHEtY=; b=Y08wPKmED7AEGEGa87TjoyXXfAhILZ7cYlRRqwQ2auVhMZcaPDAjsv/5NXvQU98gTJ tP+oh0VoQ4MwCx/RHT9FA1VjODUqt8lSEkcIkKpBxaxBmVKJjVl1TAoWsMhK95LvJ8iO alNabyxva5Qe5oWm/tEhQlLfSFCpK1F1o3GB3mR959TmMVeNCZXXgg9KjJuVyiZB1Bma mz8hu7PxlmTD+JHAe8COXeEV2XoCwds6QBA1lZ+7WXU5680x5FjbOXCgYFDj2hZnEHFg 1YgOSiYjrVVAzMk0lc2oeiI5+OmI7jRUtaGqnw0jkrTffvCmcCutdy9WnkxqLZuAFj5O fliA== X-Gm-Message-State: ALoCoQmUL0AzjrPkYfm6Ux6dmynfiAElaUr/zZGBozgK5fBG7TPLWQIKZwBYd5h3wpHY1Nf6f7b8 MIME-Version: 1.0 X-Received: by 10.66.163.2 with SMTP id ye2mr761042pab.110.1398352820480; Thu, 24 Apr 2014 08:20:20 -0700 (PDT) Received: by 10.66.217.168 with HTTP; Thu, 24 Apr 2014 08:20:20 -0700 (PDT) In-Reply-To: References: <20140424090234.5636f9d19dbc478c9593e55b@yahoo.es> Date: Thu, 24 Apr 2014 11:20:20 -0400 Message-ID: Subject: Re: FBSD jail versus VMWare? What services do YOU run in a jail? From: Alejandro Imass To: Eduardo Morras Content-Type: text/plain; charset=UTF-8 Cc: FreeBSD Questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Apr 2014 15:20:21 -0000 On Thu, Apr 24, 2014 at 11:18 AM, Alejandro Imass wrote: > On Thu, Apr 24, 2014 at 3:02 AM, Eduardo Morras wrote: >> On Tue, 22 Apr 2014 14:47:45 -0700 >> "edflecko ." wrote: >>> >>> What type of services CAN be run from within a jail? >> >> I tried to run PostgreSQL8.4 (IIRC) in a jail under FreeBSD8.2. There were a lot of problems with SysV signals and semaphores (IIRC) and had to install it in host. Don't know if it's actually relevant. >> > > Yes SYSV IPC is _potentially_ problematic but the workaround is > usually easy if you just make sure that you don't repeat the uids of > the apps using SYSV IPC. > > So to run Pg on more than one Jail what I do is just change the Pg > user id by concatenating the default hid which is 70 to the last > numbers of the IP address of the jail. So for example if the IP of the > jail is 192.168.101.124 I would do this as soon as I install Pg on the > Jail: > > pw usermod pgsql -u 70124 > pw groupmod pgsql -g 70124 > pw usermod pgsql -g 70124 > chown -R pgsql /usr/local/pgsql/ > chgrp -R pgsql /usr/local/pgsql/ > You will also need this to run Pg in Jails: /etc/sysctl.conf security.jail.sysvipc_allowed=1 kern.ipc.shmall=65536 kern.ipc.shmmax=134217728 kern.ipc.semmap=4096 Best, Alejandro Imass