Date: Mon, 8 Mar 2010 17:28:14 -0500 From: John Nielsen <lists@jnielsen.net> To: freebsd-emulation@freebsd.org Subject: Re: linux-only jail possible? Message-ID: <201003081728.14735.lists@jnielsen.net> In-Reply-To: <201003041322.57875.lists@jnielsen.net> References: <201003021325.27197.lists@jnielsen.net> <20100304114050.00007a59@unknown> <201003041322.57875.lists@jnielsen.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 04 March 2010 13:22:57 John Nielsen wrote:
> On Thursday 04 March 2010 05:40:50 Alexander Leidinger wrote:
> > On Wed, 3 Mar 2010 19:06:36 +0100 Roman Divacky <rdivacky@freebsd.org>
> >
> > wrote:
> > > On Wed, Mar 03, 2010 at 11:59:49AM -0500, John Nielsen wrote:
> > > > On Wednesday 03 March 2010 03:00:50 Roman Divacky wrote:
> > > > > I succesfully ran chroot of linux environment on freebsd back in
> > > > > 2007/2008. I firmly believe jail should work fine too
> > > >
> > > > Good to know, thanks! Would you mind sharing some more details?
> > > > (Off-list is fine if you prefer.) Was it a more or less complete
> > > > environment? What distro / version of Linux?
> > >
> > > I downloaded gentoo 2007 untarred it into /compat/linux and
> > > chroot /compat/linux /bin/bash
> > >
> > > it just worked - nothing special was necessary
> > >
> > > dont remember much details but I had no problems with that setup
> >
> > It does not need to be in this directory off course. You can install
> > the gentoo-dist ports (not the gentoo-baase port). After that you can
> > copy all the files to the place where you want to have the jail.
>
> I went with CentOS 5.4 as that's the native environment I'm trying to
> match. I didn't use ports at all, just manually extracted enough RPM's
> from the DVD image to bootstrap the environment enough to run bash and
> rpm. From there I did a chroot into the environment and ran (Linux)
> bash. Running rpm natively I was able to get yum up and running and from
> there installing everything else I wanted was relatively easy.
>
> > Now you just need to configure a jail. It does not matter much if you
> > use the jail stuff in the base system or a framework like ezjail or
> > similar, as long as you configure an appropriate startup script in the
> > linux-jail. The linux-startup part you need to do yourself, I do not
> > think the default linux startup stuff is approrpiate. I suggest to
> > start at least a sshd before you start the software you want to
> > use. This way you can login into the linux-jail and investigate issues
> > like it is a real system.
>
> I actually did install the init scripts, etc. I was pleasantly surprised
> to find (after reading through them) that rc.sysinit can be skipped
> entirely while rc itself will do the right thing for the rest of the
> init scripts (starting services, etc). Here's what I'm using:
>
> jail_centos_exec_start="/bin/sh /etc/rc.d/rc 3"
> jail_centos_exec_stop="/bin/sh /etc/rc.d/rc 0"
>
> > I suggest to monitor the kernel messages on the FreeBSD host. There may
> > be linux-syscalls which are not implemented (e.g. epoll stuff).
>
> Thanks, I had forgotten about that. So far nothing seems to have blown up
> too terribly.
>
> The "consoletype" utility runs despite this message:
> linux: pid 2100 (consoletype): ioctl fd=0, cmd=0x541c ('T',28) is not
> implemented
>
> And sshd and crond both run despite this one:
> linux: pid 2221 (sshd): syscall keyctl not implemented
> linux: pid 2240 (crond): syscall keyctl not implemented
>
> Syslogd ran without complaint as well but didn't actually log anything. I
> had to run it with "-p /var/run/log" (inside the jail via
> /etc/sysconfig/syslog) and create a symlink to the socket in the jail's
> /dev/log (outside the jail via exec_poststart). That's not ideal since
> there's a period of time between when syslogd starts in the jail and the
> symlink is created, but it works after that. It would be better in the
> exec_prestart RC knob but the jail's devfs isn't necessarily mounted at
> that point.
>
> My current hurdle is sshd:
> Mar 3 22:20:51 centos sshd[88836]: fatal: openpty returns device for
> which ttyname fails.
>
> Apparently the Linux sshd isn't using /dev/ptmx appropriately. I'll
> probably just have to replace it with one that does..
>
> I haven't gotten as far as actually running Apache or our application yet
> but Python runs just fine (as evidenced by yum working) and I'm
> encouraged by my success thus far.
>
> > There
> > is currently no effort to implement those. There may be partial
> > implementations for some sysctls (Roman has something somewhere), but
> > nothing is in FreeBSD and no efforts are on the way to bring them in.
> > If your software needs something like this, you either need to
> > implement them yourself, switch the software to not use this (maybe
> > by changing the linux emulation to 2.4 instead of 2.6), or to forget
> > about using FreeBSD for this. emulation@ is a good address to ask
> > questions regarding the status of things,
> > http://wiki.freebsd.org/linux-kernel has some infos too.
>
> I seem to have lucked out in this aspect. You and Roman are just too
> on-the- ball it would seem (and my software needs aren't that
> extravagant..).
>
> Thanks again to all who have replied for the feedback and encouragement.
> I'll follow up if I manage to get sshd and apache running happily.
For those following along at home, sshd now works with Ed's recent openpty-
appeasing patch.
I hit another hurdle with Apache but I don't seem to be the first. httpd will
start but its forked connection-handling children die:
linux: pid 79586 (httpd): syscall epoll_create not implemented
pid 79586 (httpd), uid 48: exited on signal 11
I saw on the wiki that epoll_create support is in perforce. Is that still a
true statement? If so what is the most straightforward way to get a patch to
test against?
Thanks,
JN
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201003081728.14735.lists>