Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 16 Oct 2012 13:51:49 -0700
From:      David Wolfskill <david@catwhisker.org>
To:        freebsd-questions@freebsd.org
Subject:   IPCS resource access within a down-level jail?
Message-ID:  <20121016205149.GA1817@albert.catwhisker.org>
next in thread | raw e-mail | index | archive | help 

--r5Pyd7+fXNt84Ff3
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

[Please include me in responses; I've set Reply-To as a hint.  Thanks!]

A colleague had been running a program that makes use of IPCS message
queues in a 7.x/i386 environment.

He was moved to a 32-bit 7.x-based jail instantiated on an 8.x/amd64
host.

Within that jail, "ipcs -a" now fails to come anywhere near close to
reporting what it does outside the jail.

I then performed an experiment: I created a 7.x/i386 jail on my
9.x/i386 laptop.  I verified that "ipcs -a" (outside the jail) shows
Stuff:

d134(9.1-P)[1] ipcs -a
Message Queues:
T           ID          KEY MODE        OWNER    GROUP    CREATOR  CGROUP  =
               CBYTES                 QNUM               QBYTES        LSPI=
D        LRPID STIME    RTIME    CTIME  =20

Shared Memory:
T           ID          KEY MODE        OWNER    GROUP    CREATOR  CGROUP  =
       NATTCH        SEGSZ         CPID         LPID ATIME    DTIME    CTIM=
E  =20
m       393216            0 --rw------- david    david    david    david   =
            2       393216         3671         3147  8:23:37 no-entry  8:2=
3:37
m       851969            0 --rw------- david    david    david    david   =
            2       262080         3861         3147  9:24:09 no-entry  9:2=
4:09
m       458754            0 --rw------- david    david    david    david   =
            2       384000         3861         3147  9:24:09 no-entry  9:2=
4:09

Semaphores:
T           ID          KEY MODE        OWNER    GROUP    CREATOR  CGROUP  =
        NSEMS OTIME    CTIME  =20

d134(9.1-P)[2]=20


Inside the jail, using the 7.x version of ipcs, I get:

%ipcs -a
ipcs: sysctlbyname: kern.ipc.msqids: Cannot allocate memory
%

I then recompiled the 9.x versions of ipcs & ipcrm and linked them
statically; running that verion of ipcs, I see:

%~/bin/!!
~/bin/ipcs -a
Message Queues:
T           ID          KEY MODE        OWNER    GROUP    CREATOR  CGROUP  =
               CBYTES                 QNUM               QBYTES        LSPI=
D        LRPID STIME    RTIME    CTIME  =20

Shared Memory:
T           ID          KEY MODE        OWNER    GROUP    CREATOR  CGROUP  =
       NATTCH        SEGSZ         CPID         LPID ATIME    DTIME    CTIM=
E  =20
m       393216            0 --rw------- david    david    david    david   =
            2       393216         3671         3147 15:23:37 no-entry 15:2=
3:37
m       655362            0 --rw------- david    david    david    david   =
            2       262080         3861         3147 18:39:30 no-entry 18:3=
9:30

Semaphores:
T           ID          KEY MODE        OWNER    GROUP    CREATOR  CGROUP  =
        NSEMS OTIME    CTIME  =20

%

Is this (inability to access IPCS resources properly within a
"down-level" jail) expected behavior?

Is there a sane(?) way to provide IPCS resources inside a down-level
jail?

Thanks!

Peace,
david
--=20
David H. Wolfskill				david@catwhisker.org
Taliban: Evil men with guns afraid of truth from a 14-year old girl.

See http://www.catwhisker.org/~david/publickey.gpg for my public key.

--r5Pyd7+fXNt84Ff3
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)

iEYEARECAAYFAlB9yOQACgkQmprOCmdXAD3zMACeN5e1MYbb9Cl60uujvmZeJuqy
nNUAnji0HeQwQs4qjYiwW02e5R7jBVt3
=LNQN
-----END PGP SIGNATURE-----

--r5Pyd7+fXNt84Ff3--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20121016205149.GA1817>