From owner-freebsd-jail@freebsd.org Wed May 3 14:05:39 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 81FD4D5C93F for ; Wed, 3 May 2017 14:05:39 +0000 (UTC) (envelope-from joris.dedieu@gmail.com) Received: from mail-it0-x22d.google.com (mail-it0-x22d.google.com [IPv6:2607:f8b0:4001:c0b::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4FD7316FE for ; Wed, 3 May 2017 14:05:39 +0000 (UTC) (envelope-from joris.dedieu@gmail.com) Received: by mail-it0-x22d.google.com with SMTP id e65so36233536ita.1 for ; Wed, 03 May 2017 07:05:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=FCIiuEJPxtGAWFh+phKtkVkzeYFCPKlHWMvLRd/v3zQ=; b=prGVF3h9Gpli3ODXa+nQ98Kj8C0NArqO9MuxIRFg+BVZYW37RsHOCF0fZJroMyfNYl SzVn2owFMS+DEaKYRE4ZrORN47sBKhTZqvq5dMk8Ir8fdnq0gxog5r4KVXgM2RphKsv3 rXY8a+dVUqGHDmyrw3CCHdUylg81e3mNHi2iNsLT54wW2LFaGl787zbaBHZ1oxdyDzF4 TuJSS885jkFyuy5XXbYI5mIXeNmV3RnRkYUk5E/7KYogGGAalW5ncHvdzg177CCl84lD nAYj3QXCaWVUux4KWPcy3OCh3hrjqImU0sUHD8muuqGahB6joxz1Pk/yA+XsXXxup+rG 0sEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=FCIiuEJPxtGAWFh+phKtkVkzeYFCPKlHWMvLRd/v3zQ=; b=tBfvGTLh96S9iUDECwlXW04aAc94tRqP3Rhnkf6FFN7ktcteRIEG2Z2rxW6T/uosNX bTT4lZk3yTovh+rPxg/z5xK6RYbANCMhuuEq0bpZHgcB/XFddG0FSG2kaVKa6n2Xc1wr HqVX94vmHmZwbJDB93tfz/YbL1VLm+9PKGT0RhusEp25CA+UFAUwDm+Sp6DwgBBeVVKF f/WbyxWsymFRDjhaoIi2RA0h5Hfm1+6lO1oqlAd43YceDFYInR9FOGspiyMx6rfGt8Ry +UpR0aXGiuXlLmktNqnkH+JcIccLe1yfsI0IpWN0b2OulosbOTmF/+vD3iwL5A41Tnih B9YQ== X-Gm-Message-State: AN3rC/7wA9OF82WBxOeAcEliTV6Cz1vwpz84nVlhUbSDMpRT+tz5rIKV YT0qXaDiVXJB5lmawbSivVT+WZWX2bC8NLw= X-Received: by 10.36.217.71 with SMTP id p68mr729736itg.49.1493820338639; Wed, 03 May 2017 07:05:38 -0700 (PDT) MIME-Version: 1.0 Received: by 10.79.13.13 with HTTP; Wed, 3 May 2017 07:05:38 -0700 (PDT) From: joris dedieu Date: Wed, 3 May 2017 16:05:38 +0200 Message-ID: Subject: Proper way to execute zfs jail at jail startup To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 May 2017 14:05:39 -0000 Hi guys, Is there a clean way to execute _zfs jail $jid $dataset_ at jail startup ? I have tried with an exec.poststart script but it's too late in start order. I also tried to use a prefixed jid and exec.prestart, but zfs complains that jail does not exists. Any idea ? Something I missed ? Thanks Joris From owner-freebsd-jail@freebsd.org Thu May 4 05:45:31 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F2737D5D754 for ; Thu, 4 May 2017 05:45:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E1F701A67 for ; Thu, 4 May 2017 05:45:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v445jTS6066852 for ; Thu, 4 May 2017 05:45:31 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 219055] nice jail anomoly - values not passed into jailed processes when using jexec -U username Date: Thu, 04 May 2017 05:45:29 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 11.0-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 May 2017 05:45:32 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219055 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-bugs@FreeBSD.org |freebsd-jail@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-jail@freebsd.org Thu May 4 13:04:27 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E890FD5E849 for ; Thu, 4 May 2017 13:04:27 +0000 (UTC) (envelope-from jamie@gritton.org) Received: from gritton.org (gritton.org [199.192.165.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "gritton.org", Issuer "Let's Encrypt Authority X3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id CC3B3664 for ; Thu, 4 May 2017 13:04:27 +0000 (UTC) (envelope-from jamie@gritton.org) Received: from gritton.org (gritton.org [199.192.165.131]) by gritton.org (8.15.2/8.15.2) with ESMTP id v44D4Ks5074548; Thu, 4 May 2017 07:04:20 -0600 (MDT) (envelope-from jamie@gritton.org) Received: (from www@localhost) by gritton.org (8.15.2/8.15.2/Submit) id v44D4KcA074547; Thu, 4 May 2017 07:04:20 -0600 (MDT) (envelope-from jamie@gritton.org) X-Authentication-Warning: gritton.org: www set sender to jamie@gritton.org using -f To: freebsd-jail@freebsd.org Subject: Re: Proper way to execute zfs jail at jail startup X-PHP-Originating-Script: 0:rcube.php MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Thu, 04 May 2017 07:04:20 -0600 From: James Gritton In-Reply-To: References: Message-ID: X-Sender: jamie@gritton.org User-Agent: Roundcube Webmail/1.2.3 X-Greylist: inspected by milter-greylist-4.6.2 (gritton.org [199.192.165.131]); Thu, 04 May 2017 07:04:20 -0600 (MDT) for IP:'199.192.165.131' DOMAIN:'gritton.org' HELO:'gritton.org' FROM:'jamie@gritton.org' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (gritton.org [199.192.165.131]); Thu, 04 May 2017 07:04:20 -0600 (MDT) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 May 2017 13:04:28 -0000 On 2017-05-03 08:05, joris dedieu wrote: > Hi guys, > Is there a clean way to execute _zfs jail $jid $dataset_ at jail > startup ? I have tried with an exec.poststart script but it's too late > in start order. I also tried to use a prefixed jid and exec.prestart, > but zfs complains that jail does not exists. > > Any idea ? Something I missed ? It sounds like what you need is a hook for running host-level commands after the jail is created but before anything is run from exec.start. Unfortunately there is no such parameter - there probably should be. There probably also should be a simpler zfs option to jail(8). But those are future concerns. A workaround is to have nothing in exec.start. exec.poststart would first run the "zfs jail" command, and then do the exec.start work. Something like: exec.poststart += "zfs jail $jid $dataset"; exec.poststart += "jexec $jid sh /etc/rc"; It's not a particularly clean solution, but it should work. - Jamie From owner-freebsd-jail@freebsd.org Thu May 4 13:28:33 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5715FD5EE1C for ; Thu, 4 May 2017 13:28:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 468BD15CF for ; Thu, 4 May 2017 13:28:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v44DSW4m054985 for ; Thu, 4 May 2017 13:28:33 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 219055] nice jail anomoly - values not passed into jailed processes when using jexec -U username Date: Thu, 04 May 2017 13:28:32 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 11.0-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: fk@fabiankeil.de X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 May 2017 13:28:33 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219055 Fabian Keil changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fk@fabiankeil.de --- Comment #1 from Fabian Keil --- If one of its options is set, jexec(8) uses the login class information which overrides the initial priority of jexec(8) itself. While the man page could make this more obvious (I had to look at the code), this is the "expected" behaviour and not a bug in the tool. I frequently use commands like: sudo jexec -U root poudriere env PS1=3D'\u@\h \w \$' nice -n 20 /usr/local/bin/bash They work as expected and don't rely on any "workarounds" or undocumented jexec(8) behaviour. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-jail@freebsd.org Fri May 5 06:54:53 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6FFC0D5E2F5 for ; Fri, 5 May 2017 06:54:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5F4161D84 for ; Fri, 5 May 2017 06:54:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v456srD5066859 for ; Fri, 5 May 2017 06:54:53 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 219055] nice jail anomoly - values not passed into jailed processes when using jexec -U username Date: Fri, 05 May 2017 06:54:53 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 11.0-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: dewayne@heuristicsystems.com.au X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 May 2017 06:54:53 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219055 --- Comment #2 from dewayne@heuristicsystems.com.au --- (In reply to Fabian Keil from comment #1) Thanks Fabian, you're quite right. And the example that you provided did h= ave the same successful outcome for me. Unfortunately I'm trying to elevate the priority of a database over all other activies. So setting any priority le= ss than 0 doesn't work, whether I use=20 JAIL=3Db2 in my base or for you, (hint to cut/paste) ;) JAIL=3Dpoudriere=20 nice -n -1 jexec -U root $JAIL ps -l or=20 jexec -U root $JAIL nice -n -1 ps -l The NI and PRI values remain 0 and 72 respectively, that is default (no nic= e) value. I kinda get it that within the jail context the priority can't be elevated, but with executing the process from within the context of the base system should work. This successful result also suggests that elevating via nice should work. # rtprio 0 jexec -U root b2 ps -l UID PID PPID CPU PRI NI VSZ RSS MWCHAN STAT TT TIME COMMAND 0 97468 90697 0 -52 0 21140 2276 - R+J 7 0:00.00 ps -l --=20 You are receiving this mail because: You are the assignee for the bug.=