Date: Mon, 8 Mar 2010 17:28:14 -0500 From: John Nielsen <lists@jnielsen.net> To: freebsd-emulation@freebsd.org Subject: Re: linux-only jail possible? Message-ID: <201003081728.14735.lists@jnielsen.net> In-Reply-To: <201003041322.57875.lists@jnielsen.net> References: <201003021325.27197.lists@jnielsen.net> <20100304114050.00007a59@unknown> <201003041322.57875.lists@jnielsen.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 04 March 2010 13:22:57 John Nielsen wrote: > On Thursday 04 March 2010 05:40:50 Alexander Leidinger wrote: > > On Wed, 3 Mar 2010 19:06:36 +0100 Roman Divacky <rdivacky@freebsd.org> > > > > wrote: > > > On Wed, Mar 03, 2010 at 11:59:49AM -0500, John Nielsen wrote: > > > > On Wednesday 03 March 2010 03:00:50 Roman Divacky wrote: > > > > > I succesfully ran chroot of linux environment on freebsd back in > > > > > 2007/2008. I firmly believe jail should work fine too > > > > > > > > Good to know, thanks! Would you mind sharing some more details? > > > > (Off-list is fine if you prefer.) Was it a more or less complete > > > > environment? What distro / version of Linux? > > > > > > I downloaded gentoo 2007 untarred it into /compat/linux and > > > chroot /compat/linux /bin/bash > > > > > > it just worked - nothing special was necessary > > > > > > dont remember much details but I had no problems with that setup > > > > It does not need to be in this directory off course. You can install > > the gentoo-dist ports (not the gentoo-baase port). After that you can > > copy all the files to the place where you want to have the jail. > > I went with CentOS 5.4 as that's the native environment I'm trying to > match. I didn't use ports at all, just manually extracted enough RPM's > from the DVD image to bootstrap the environment enough to run bash and > rpm. From there I did a chroot into the environment and ran (Linux) > bash. Running rpm natively I was able to get yum up and running and from > there installing everything else I wanted was relatively easy. > > > Now you just need to configure a jail. It does not matter much if you > > use the jail stuff in the base system or a framework like ezjail or > > similar, as long as you configure an appropriate startup script in the > > linux-jail. The linux-startup part you need to do yourself, I do not > > think the default linux startup stuff is approrpiate. I suggest to > > start at least a sshd before you start the software you want to > > use. This way you can login into the linux-jail and investigate issues > > like it is a real system. > > I actually did install the init scripts, etc. I was pleasantly surprised > to find (after reading through them) that rc.sysinit can be skipped > entirely while rc itself will do the right thing for the rest of the > init scripts (starting services, etc). Here's what I'm using: > > jail_centos_exec_start="/bin/sh /etc/rc.d/rc 3" > jail_centos_exec_stop="/bin/sh /etc/rc.d/rc 0" > > > I suggest to monitor the kernel messages on the FreeBSD host. There may > > be linux-syscalls which are not implemented (e.g. epoll stuff). > > Thanks, I had forgotten about that. So far nothing seems to have blown up > too terribly. > > The "consoletype" utility runs despite this message: > linux: pid 2100 (consoletype): ioctl fd=0, cmd=0x541c ('T',28) is not > implemented > > And sshd and crond both run despite this one: > linux: pid 2221 (sshd): syscall keyctl not implemented > linux: pid 2240 (crond): syscall keyctl not implemented > > Syslogd ran without complaint as well but didn't actually log anything. I > had to run it with "-p /var/run/log" (inside the jail via > /etc/sysconfig/syslog) and create a symlink to the socket in the jail's > /dev/log (outside the jail via exec_poststart). That's not ideal since > there's a period of time between when syslogd starts in the jail and the > symlink is created, but it works after that. It would be better in the > exec_prestart RC knob but the jail's devfs isn't necessarily mounted at > that point. > > My current hurdle is sshd: > Mar 3 22:20:51 centos sshd[88836]: fatal: openpty returns device for > which ttyname fails. > > Apparently the Linux sshd isn't using /dev/ptmx appropriately. I'll > probably just have to replace it with one that does.. > > I haven't gotten as far as actually running Apache or our application yet > but Python runs just fine (as evidenced by yum working) and I'm > encouraged by my success thus far. > > > There > > is currently no effort to implement those. There may be partial > > implementations for some sysctls (Roman has something somewhere), but > > nothing is in FreeBSD and no efforts are on the way to bring them in. > > If your software needs something like this, you either need to > > implement them yourself, switch the software to not use this (maybe > > by changing the linux emulation to 2.4 instead of 2.6), or to forget > > about using FreeBSD for this. emulation@ is a good address to ask > > questions regarding the status of things, > > http://wiki.freebsd.org/linux-kernel has some infos too. > > I seem to have lucked out in this aspect. You and Roman are just too > on-the- ball it would seem (and my software needs aren't that > extravagant..). > > Thanks again to all who have replied for the feedback and encouragement. > I'll follow up if I manage to get sshd and apache running happily. For those following along at home, sshd now works with Ed's recent openpty- appeasing patch. I hit another hurdle with Apache but I don't seem to be the first. httpd will start but its forked connection-handling children die: linux: pid 79586 (httpd): syscall epoll_create not implemented pid 79586 (httpd), uid 48: exited on signal 11 I saw on the wiki that epoll_create support is in perforce. Is that still a true statement? If so what is the most straightforward way to get a patch to test against? Thanks, JN
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201003081728.14735.lists>