From owner-freebsd-jail@FreeBSD.ORG Mon Jun 22 11:06:58 2009 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8C2F3106566C for ; Mon, 22 Jun 2009 11:06:58 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 78DD08FC1F for ; Mon, 22 Jun 2009 11:06:58 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n5MB6wt7018081 for ; Mon, 22 Jun 2009 11:06:58 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n5MB6v4G018077 for freebsd-jail@FreeBSD.org; Mon, 22 Jun 2009 11:06:57 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 22 Jun 2009 11:06:57 GMT Message-Id: <200906221106.n5MB6v4G018077@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jun 2009 11:06:59 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/133265 jail [jail] is there a solution how to run nfs client in ja o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with 4 problems total. From owner-freebsd-jail@FreeBSD.ORG Tue Jun 23 20:07:02 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 026C91065670 for ; Tue, 23 Jun 2009 20:07:02 +0000 (UTC) (envelope-from spermine@uniceltech.com) Received: from host86-1-static.34-79-b.business.telecomitalia.it (host86-1-static.34-79-b.business.telecomitalia.it [79.34.1.86]) by mx1.freebsd.org (Postfix) with SMTP id 871048FC1B for ; Tue, 23 Jun 2009 20:07:01 +0000 (UTC) (envelope-from spermine@uniceltech.com) Message-ID: <430b6a211a20090623200405@post.dbunet.dk> Date: Tue, 23 Jun 2009 20:06:44 +0100 Content-Type: text/plain; charset="iso-8859-5" MIME-Version: 1.0 To: freebsd-jail@freebsd.org From: "bookmakers" Subject: Should You Reveal Your sexual History - Trruth Vss Ignorance? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jun 2009 20:07:02 -0000 Snhould You Reveal Your sexual History - Truth Vs Ignoranyce? www . shop94 . net From owner-freebsd-jail@FreeBSD.ORG Tue Jun 23 20:27:20 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 14F7D1065676 for ; Tue, 23 Jun 2009 20:27:20 +0000 (UTC) (envelope-from tomh@motorsport.com) Received: from montecarlo.motorsport.com (montecarlo.motorsport.com [64.235.98.4]) by mx1.freebsd.org (Postfix) with ESMTP id B959D8FC15 for ; Tue, 23 Jun 2009 20:27:19 +0000 (UTC) (envelope-from tomh@motorsport.com) Received: from Cerbera (CPE000ded900fa2-CM001225449c2c.cpe.net.cable.rogers.com [99.254.169.57]) (authenticated bits=0) by montecarlo.motorsport.com (8.14.1/8.14.2) with ESMTP id n5NK6uvG060186 for ; Tue, 23 Jun 2009 16:06:57 -0400 (EDT) (envelope-from tomh@motorsport.com) From: "Tom Haapanen" To: Date: Tue, 23 Jun 2009 16:06:19 -0400 Message-ID: <0c1201c9f43e$166c8450$43458cf0$@com> MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: Acn0PhKf0b0yhgoCTBahsDjazy9pnQ== Content-Language: en-ca Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Memory usage across multiple jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jun 2009 20:27:20 -0000 I have been using FreeBSD (and other forms of *BSD) a long time, but I'm new to the world of jails. I have been doing reading on them, but there is one question I have not been able to find an answer to, and that's the efficiency of memory usage when using multiple jails on a single system. With "conventional" virtual machines (VMware, Virtual Server et al), essentially each VM is opaque to the host OS, and thus has to be allocated X MB of memory, which that VM then manages internally. However, since jails are based on the FreeBSD kernel, and both host and guest OSs are identical, I am wondering whether there are any comparative efficiencies in memory utilization. Will the jails share the disk cache, for example, or does each jail allocate its own? Will other kernel structures (and code!) be shared across jails, or allocated multiple times? And what about userland applications, like httpd, for example? (I suspect userland would not be able to benefit, but that's just a guess.) Thanks for any insight into this ... Tom From owner-freebsd-jail@FreeBSD.ORG Tue Jun 23 21:17:12 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 85D311065670 for ; Tue, 23 Jun 2009 21:17:12 +0000 (UTC) (envelope-from scheidell@secnap.net) Received: from mx1.bct.ionspam.net (mx1.bct.ionspam.net [204.89.241.173]) by mx1.freebsd.org (Postfix) with ESMTP id 1D77A8FC1A for ; Tue, 23 Jun 2009 21:17:12 +0000 (UTC) (envelope-from scheidell@secnap.net) Received: from localhost (mx1.bct.ionspam.net [204.89.241.173]) by mx1.bct.ionspam.net (Postfix) with ESMTP id 2BF14416F4F for ; Tue, 23 Jun 2009 16:56:09 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secnap.net; h= content-type:in-reply-to:references:subject:mime-version :user-agent:from:date:message-id; s=dkim; t=1245790566; x= 1247604966; bh=oLnl2HwIQWeBwg4yfUt1nyAYFrbwYsA9sjZ1lpWT8wc=; b=Q tRsDy7QnAqSgtR+6DjmA+histycTaoHo9jQETkDiR3ArXGpDE05AZicaDOmGDmXS WyjnR/0rAEFHQ3Yh1l6i6UMP2IV4TchOLSxSri3rXSUvbj0uoe7vTj7RQsTkgBes XiLl1mmHDOn/tyo7wWPihvG+i+DQ3g+npKT8BbyWNk= X-Amavis-Modified: Mail body modified (using disclaimer) - mx1.bct.ionspam.net X-Virus-Scanned: SpammerTrap(r) VPS-1500 2.03 at mx1.bct.ionspam.net Received: from secnap3.secnap.com (secnap3.secnap.com [204.89.241.130]) by mx1.bct.ionspam.net (Postfix) with ESMTP id A2339416C11 for ; Tue, 23 Jun 2009 16:56:06 -0400 (EDT) Received: from Mikes-Laptop.local ([10.70.3.3] RDNS failed) by secnap3.secnap.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 23 Jun 2009 16:56:06 -0400 Message-ID: <4A41417A.9080805@secnap.net> Date: Tue, 23 Jun 2009 16:56:26 -0400 From: Michael Scheidell User-Agent: Thunderbird 2.0.0.21 (Macintosh/20090302) MIME-Version: 1.0 To: Tom Haapanen References: <0c1201c9f43e$166c8450$43458cf0$@com> In-Reply-To: <0c1201c9f43e$166c8450$43458cf0$@com> X-OriginalArrivalTime: 23 Jun 2009 20:56:06.0234 (UTC) FILETIME=[06E4ABA0:01C9F445] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-jail@freebsd.org Subject: Re: Memory usage across multiple jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jun 2009 21:17:12 -0000 Tom Haapanen wrote: > I have been using FreeBSD (and other forms of *BSD) a long time, but I'm new > to the world of jails. I have been doing reading on them, but there is one > question I have not been able to find an answer to, and that's the > efficiency of memory usage when using multiple jails on a single system. > > > > With "conventional" virtual machines (VMware, Virtual Server et al), > essentially each VM is opaque to the host OS, and thus has to be allocated X > MB of memory, which that VM then manages internally. > > > im been expermenting with some of this disk cache (malloc, etc) is shared. if httpd is different in each jail (even if its the same), then example: jail 1 has 4 httpd's running, one copy (of binary) will be in memory, 4 copies of data structure jail 2 has 10 httpd's running, its got one (more) copy of binary, and 10 copies of data structure. HOWEVER if you nullmount /usr/local/bin ../sbin .../libexec ../lib then you CAN share the one httpd binary. other issue is static libs. in /usr/lib these aren't likely shares, as when you build the jail, you made COPIES of /usr/lib so, nullfs mount /usr/lib /usr/bin /usr/sbin /sbin, /usr/libexec, maybe you can get the most out of it. (but, 6 freebsd jails use a heck of a lot ram than 6 vmware images) > However, since jails are based on the FreeBSD kernel, and both host and > guest OSs are identical, I am wondering whether there are any comparative > efficiencies in memory utilization. Will the jails share the disk cache, > for example, or does each jail allocate its own? Will other kernel > structures (and code!) be shared across jails, or allocated multiple times? > And what about userland applications, like httpd, for example? (I suspect > userland would not be able to benefit, but that's just a guess.) > > > > Thanks for any insight into this ... > > > > Tom > > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 > *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 _________________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _________________________________________________________________________ From owner-freebsd-jail@FreeBSD.ORG Tue Jun 23 21:17:58 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1C331106564A for ; Tue, 23 Jun 2009 21:17:58 +0000 (UTC) (envelope-from andrew@modulus.org) Received: from email.octopus.com.au (email.octopus.com.au [122.100.2.232]) by mx1.freebsd.org (Postfix) with ESMTP id D1FCF8FC0A for ; Tue, 23 Jun 2009 21:17:57 +0000 (UTC) (envelope-from andrew@modulus.org) Received: by email.octopus.com.au (Postfix, from userid 1002) id 2298B174DF; Wed, 24 Jun 2009 07:18:21 +1000 (EST) X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on email.octopus.com.au X-Spam-Level: X-Spam-Status: No, score=-1.4 required=10.0 tests=ALL_TRUSTED autolearn=failed version=3.2.3 Received: from [10.1.50.60] (ppp121-44-41-14.lns10.syd7.internode.on.net [121.44.41.14]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: admin@email.octopus.com.au) by email.octopus.com.au (Postfix) with ESMTP id EEF3817348; Wed, 24 Jun 2009 07:18:16 +1000 (EST) Message-ID: <4A41461D.4000009@modulus.org> Date: Wed, 24 Jun 2009 07:16:13 +1000 From: Andrew Snow User-Agent: Thunderbird 2.0.0.14 (X11/20080523) MIME-Version: 1.0 To: Tom Haapanen References: <0c1201c9f43e$166c8450$43458cf0$@com> In-Reply-To: <0c1201c9f43e$166c8450$43458cf0$@com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org Subject: Re: Memory usage across multiple jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jun 2009 21:17:58 -0000 Tom Haapanen wrote: > I am wondering whether there are any comparative > efficiencies in memory utilization. Will the jails share the disk cache, > for example, or does each jail allocate its own? Will other kernel > structures (and code!) be shared across jails, or allocated multiple times? > And what about userland applications, like httpd, for example? (I suspect > userland would not be able to benefit, but that's just a guess.) It is extremely efficient. It is as if the host system sees a single system with the processes of all the jails running. * the jails share disk cache * jails don't have any reserved memory so any unused memory returns to the free pool of the kernel, available for disk cache * there is a single kernel shared across all jails * userland code can also be shared across jails *if* you run the code from the same set of on-disk binaries (which is not the way most people set up jails) * since there is only a single kernel all network and disk I/O from the jails goes at the same speed as the host However, VMware installations are now able to achieve the same level of efficiency using the following measures: * "transparent page sharing" stores only a single copy of shared memory pages * free and unused memory in each guest can be used by installing the vmmemctl driver (part of VMware-tools) * disk cache can be "shared" by using shared storage (NAS) * paravirtualisation drivers for disk and networking in the guest can achieve full host speed & efficiency - Andrew From owner-freebsd-jail@FreeBSD.ORG Wed Jun 24 12:47:32 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DF0131065670 for ; Wed, 24 Jun 2009 12:47:32 +0000 (UTC) (envelope-from tomh@motorsport.com) Received: from montecarlo.motorsport.com (montecarlo.motorsport.com [64.235.98.4]) by mx1.freebsd.org (Postfix) with ESMTP id A04DF8FC19 for ; Wed, 24 Jun 2009 12:47:32 +0000 (UTC) (envelope-from tomh@motorsport.com) Received: from Cerbera (CPE000ded900fa2-CM001225449c2c.cpe.net.cable.rogers.com [99.254.169.57]) (authenticated bits=0) by montecarlo.motorsport.com (8.14.1/8.14.2) with ESMTP id n5OCm26k082095 for ; Wed, 24 Jun 2009 08:48:03 -0400 (EDT) (envelope-from tomh@motorsport.com) From: "Tom Haapanen" To: References: <0c1201c9f43e$166c8450$43458cf0$@com> <4A41461D.4000009@modulus.org> In-Reply-To: <4A41461D.4000009@modulus.org> Date: Wed, 24 Jun 2009 08:47:18 -0400 Message-ID: <0c9201c9f4c9$ec3d1640$c4b742c0$@com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: Acn0SCfXNxmz9alqR7a6xTJ1YmmHigAgQHkg Content-Language: en-ca Subject: RE: Memory usage across multiple jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jun 2009 12:47:33 -0000 Andrew Snow wrote: > * the jails share disk cache > * jails don't have any reserved memory so any unused memory returns to > the free pool of the kernel, available for disk cache > * there is a single kernel shared across all jails > * userland code can also be shared across jails *if* you run the code > from the same set of on-disk binaries (which is not the way most people > set up jails) > * since there is only a single kernel all network and disk I/O from the > jails goes at the same speed as the host Thanks, Andrew (and Michael) -- that sounds very good. It certainly looks like I should be able to achieve some resource efficiencies this way vs running multiple physical servers. I'm also further educated about VMware ... though that's less important for me at the moment as I would really prefer to run the host on FreeBSD as well (and I suspect those required guest drivers aren't available for FreeBSD, either). Tom From owner-freebsd-jail@FreeBSD.ORG Wed Jun 24 12:55:10 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4059C1065672 for ; Wed, 24 Jun 2009 12:55:10 +0000 (UTC) (envelope-from ltning@anduin.net) Received: from mail.anduin.net (mail.anduin.net [213.225.74.249]) by mx1.freebsd.org (Postfix) with ESMTP id F3C308FC18 for ; Wed, 24 Jun 2009 12:55:09 +0000 (UTC) (envelope-from ltning@anduin.net) Received: from [212.62.248.147] (helo=[192.168.2.10]) by mail.anduin.net with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1MJRyW-000N2v-2D; Wed, 24 Jun 2009 14:53:16 +0200 Mime-Version: 1.0 (Apple Message framework v1067.4) Content-Type: text/plain; charset=us-ascii; format=flowed; delsp=yes From: =?iso-8859-1?Q?Eirik_=D8verby?= In-Reply-To: <0c9201c9f4c9$ec3d1640$c4b742c0$@com> Date: Wed, 24 Jun 2009 14:55:07 +0200 Content-Transfer-Encoding: 7bit Message-Id: References: <0c1201c9f43e$166c8450$43458cf0$@com> <4A41461D.4000009@modulus.org> <0c9201c9f4c9$ec3d1640$c4b742c0$@com> To: "Tom Haapanen" X-Mailer: Apple Mail (2.1067.4) Cc: freebsd-jail@freebsd.org Subject: Re: Memory usage across multiple jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jun 2009 12:55:10 -0000 On 24. juni 2009, at 14.47, Tom Haapanen wrote: > Andrew Snow wrote: >> * the jails share disk cache >> * jails don't have any reserved memory so any unused memory returns >> to >> the free pool of the kernel, available for disk cache >> * there is a single kernel shared across all jails >> * userland code can also be shared across jails *if* you run the code >> from the same set of on-disk binaries (which is not the way most >> people >> set up jails) >> * since there is only a single kernel all network and disk I/O from >> the >> jails goes at the same speed as the host > > Thanks, Andrew (and Michael) -- that sounds very good. It certainly > looks > like I should be able to achieve some resource efficiencies this way > vs > running multiple physical servers. We are running a number of high-volume services on jails, and have been doing so since the days of FreeBSD 4.x. The hardware utilization has always been good, and has gotten significantly better with each of the releases of FreeBSD 6.x and, now, 7.x. > I'm also further educated about VMware ... though that's less > important for > me at the moment as I would really prefer to run the host on FreeBSD > as well > (and I suspect those required guest drivers aren't available for > FreeBSD, > either). No VMware running on top of another OS is going to perform anywhere near satisfactory. You'll need ESX or something else running on the bare iron (XEN?) to get anywhere near what jails (FreeBSD), vservers (Linux), zones (Solaris) etc. will give you. Of course it could be argued that the levels of separation and resource control will be different (sometimes better) with emulators, but in no other way than the intimacy of the host<->jail coupling on FreeBSD give you significant benefits too. For example, (security) auditing of jails can be done on the host, and the host can be considered a separate machine from the jails for most intents and purposes. For compliance (PCI-DSS) it is quite perfect. /Eirik From owner-freebsd-jail@FreeBSD.ORG Wed Jun 24 21:38:09 2009 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9509C1065676 for ; Wed, 24 Jun 2009 21:38:09 +0000 (UTC) (envelope-from scheidell@secnap.net) Received: from mx1.bct.ionspam.net (mx1.bct.ionspam.net [204.89.241.173]) by mx1.freebsd.org (Postfix) with ESMTP id E7A098FC0A for ; Wed, 24 Jun 2009 21:38:08 +0000 (UTC) (envelope-from scheidell@secnap.net) Received: from localhost (mx1.bct.ionspam.net [204.89.241.173]) by mx1.bct.ionspam.net (Postfix) with ESMTP id 06E69416FF2 for ; Wed, 24 Jun 2009 17:38:08 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secnap.net; h= content-type:subject:mime-version:user-agent:from:date :message-id; s=dkim; t=1245879486; x=1247693886; bh=63rKGZmtFW9P FE1QYrEhQbAXOEEZ4xCRShKH5HXYGiE=; b=TQ7yxCxM0G1RxXM+sRqnPSGJg86r ch+FdE448x1ETDdc5aKZ0gj2lqBKycfhdRZ1z2lNvXWXI8h7zBqXunasGOKZkh7C hDNRvL4Izrfu23hyxejbpuueCAffa8HXxBA53GiYs/jiJUeeGsyv6XFudY8wbXR+ LMicA9Uez6bMMyw= X-Amavis-Modified: Mail body modified (using disclaimer) - mx1.bct.ionspam.net X-Virus-Scanned: SpammerTrap(r) VPS-1500 2.03 at mx1.bct.ionspam.net Received: from secnap3.secnap.com (secnap3.secnap.com [204.89.241.130]) by mx1.bct.ionspam.net (Postfix) with ESMTP id 471B8416FC4 for ; Wed, 24 Jun 2009 17:38:06 -0400 (EDT) Received: from Mikes-Laptop.local ([10.70.3.3] RDNS failed) by secnap3.secnap.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 24 Jun 2009 17:38:05 -0400 Message-ID: <4A429CD2.3030302@secnap.net> Date: Wed, 24 Jun 2009 17:38:26 -0400 From: Michael Scheidell User-Agent: Thunderbird 2.0.0.22 (Macintosh/20090605) MIME-Version: 1.0 To: freebsd-jail@FreeBSD.org X-OriginalArrivalTime: 24 Jun 2009 21:38:06.0013 (UTC) FILETIME=[0F362ED0:01C9F514] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: tracking down problem: kill won't inside a jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jun 2009 21:38:10 -0000 I am tracking down a problem, inside a 7.1 amd64 jail, kill won't work (default -TERM) kill -QUIT does. outside of jail, TERM works fine on same box, and I have verified that same binaries and libraries are in use (i think) newly created 7.1 amd64 jails (used ezjail.. don't know if they has any issues) /etc/rc.d/cron stop won't (that is just the symptoms I have been able to track down). hardly anything will stop with TERM. by default, rc.subr (and kill) uses SIGTERM, so I do a: /etc/rc.d/cron stop and I get (60 seconds of this: /etc/rc.d/cron stop Stopping cron. Waiting for PIDS: 98104, 98104, 98104, 98104 (so, of course, if you reboot the system, and have 15 jails, all with cron, none of the stop, and it times out) going to another tty and typeing: kill 98104 doen't help kill -TERM 98104 doesn't help state is: ps -auxwwp 98104 USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 98104 0.0 0.0 6692 1228 ?? SsJ 5:20PM 0:00.01 /usr/sbin/cron -s ps -auxwwp 98104 USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 98104 0.0 0.0 6692 1228 ?? IsJ 5:20PM 0:00.01 /usr/sbin/cron -s kill -QUIT 98104 does! (so does INT, again, inside jail, I need SIGQUIT, or INT outside, default TERM works also, /etc/rc.d/cron start && sleep 2 && /etc/rc.d/cron stop seems to work but sleep 60 seconds or more and it doesn't stop anymore. outside jail, cron ps looks like this: ps -auxwwp 98197 USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 98197 0.0 0.0 6692 1116 ?? Is 5:21PM 0:00.01 /usr/sbin/cron -s inside: (I guess the J means in jail? root 98104 0.0 0.0 6692 1228 ?? SsJ 5:20PM 0:00.01 /usr/sbin/cron -s ps -auxwwp 98104 USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 98104 0.0 0.0 6692 1228 ?? IsJ 5:20PM 0:00.01 /usr/sbin/cron -s where do I start looking? id hate to put hundreds of /etc/rc.conf.d files with sigstop=SIGQUIT in just to workaround it. -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 > *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 _________________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _________________________________________________________________________ From owner-freebsd-jail@FreeBSD.ORG Sat Jun 27 10:40:58 2009 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 850AA1065675 for ; Sat, 27 Jun 2009 10:40:58 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from mail.ebusiness-leidinger.de (mail.ebusiness-leidinger.de [217.11.53.44]) by mx1.freebsd.org (Postfix) with ESMTP id 3E6818FC13 for ; Sat, 27 Jun 2009 10:40:58 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from outgoing.leidinger.net (pD954FA84.dip.t-dialin.net [217.84.250.132]) by mail.ebusiness-leidinger.de (Postfix) with ESMTPSA id 848B9844020 for ; Sat, 27 Jun 2009 12:25:27 +0200 (CEST) Received: from unknown (unknown [192.168.2.1]) by outgoing.leidinger.net (Postfix) with ESMTP id 019701BF221 for ; Sat, 27 Jun 2009 12:25:22 +0200 (CEST) Date: Sat, 27 Jun 2009 12:25:19 +0200 From: Alexander Leidinger To: jail@freebsd.org Message-ID: <20090627122519.00002b84@unknown> X-Mailer: Claws Mail 3.7.1 (GTK+ 2.10.13; i586-pc-mingw32msvc) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-EBL-MailScanner-Information: Please contact the ISP for more information X-EBL-MailScanner-ID: 848B9844020.51021 X-EBL-MailScanner: Found to be clean X-EBL-MailScanner-SpamCheck: not spam, spamhaus-ZEN, SpamAssassin (not cached, score=-0.84, required 6, autolearn=disabled, ALL_TRUSTED -1.44, J_CHICKENPOX_57 0.60) X-EBL-MailScanner-From: alexander@leidinger.net X-EBL-MailScanner-Watermark: 1246703127.97189@634IsbEYY9Jqj4QP/7FLEA X-EBL-Spam-Status: No Cc: Subject: Switching /etc/rc.d/jail to new syntax (+ new features) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jun 2009 10:40:58 -0000 Hi, at http://www.leidinger.net/FreeBSD/current-patches/jail.diff I have a patch to switch the jail rc script to the new jail (8-current) syntax. This includes new config options for a jail (see etc/defaults/rc.conf after patching). The patch also contains my X-in-a-jail stuff (feel free to ignore this part, it's disabled by default). If you do not make any config change, you will be able to see all mounted filesystems of the entire machine. To get back to the previous behavior, you have to add a config option: jail_XXX_startparams="enforce_statfs=2" This config option can also take other jail parameters like allow.sysvipc and other ones described in the jail man-page (additional parameters need to be space separated). Feedback welcome. Bye, Alexander. From owner-freebsd-jail@FreeBSD.ORG Sat Jun 27 11:05:57 2009 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 64D97106567E for ; Sat, 27 Jun 2009 11:05:57 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [195.88.108.3]) by mx1.freebsd.org (Postfix) with ESMTP id 1F0E08FC15 for ; Sat, 27 Jun 2009 11:05:56 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id C112241C6A3; Sat, 27 Jun 2009 12:50:07 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([195.88.108.3]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id jPYx1oj3NKmR; Sat, 27 Jun 2009 12:50:05 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 7274B41C6B4; Sat, 27 Jun 2009 12:50:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id CF2624448E6; Sat, 27 Jun 2009 10:47:47 +0000 (UTC) Date: Sat, 27 Jun 2009 10:47:47 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Alexander Leidinger In-Reply-To: <20090627122519.00002b84@unknown> Message-ID: <20090627104704.Y22887@maildrop.int.zabbadoz.net> References: <20090627122519.00002b84@unknown> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: jail@freebsd.org Subject: Re: Switching /etc/rc.d/jail to new syntax (+ new features) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jun 2009 11:05:57 -0000 On Sat, 27 Jun 2009, Alexander Leidinger wrote: > at http://www.leidinger.net/FreeBSD/current-patches/jail.diff I have a > patch to switch the jail rc script to the new jail (8-current) syntax. > This includes new config options for a jail (see etc/defaults/rc.conf > after patching). The patch also contains my X-in-a-jail stuff (feel > free to ignore this part, it's disabled by default). > > If you do not make any config change, you will be able to see all > mounted filesystems of the entire machine. To get back to the previous > behavior, you have to add a config option: > jail_XXX_startparams="enforce_statfs=2" > > This config option can also take other jail parameters like > allow.sysvipc and other ones described in the jail man-page (additional > parameters need to be space separated). > > Feedback welcome. 1) it break various things that will no longer work 2) it's not a poper solution /bz -- Bjoern A. Zeeb The greatest risk is not taking one. From owner-freebsd-jail@FreeBSD.ORG Sat Jun 27 12:08:17 2009 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CD3781065677 for ; Sat, 27 Jun 2009 12:08:17 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from mail.ebusiness-leidinger.de (mail.ebusiness-leidinger.de [217.11.53.44]) by mx1.freebsd.org (Postfix) with ESMTP id 84C6A8FC12 for ; Sat, 27 Jun 2009 12:08:17 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from outgoing.leidinger.net (pD954FA84.dip.t-dialin.net [217.84.250.132]) by mail.ebusiness-leidinger.de (Postfix) with ESMTPSA id BC314844020; Sat, 27 Jun 2009 14:08:10 +0200 (CEST) Received: from unknown (unknown [192.168.2.1]) by outgoing.leidinger.net (Postfix) with ESMTP id 6B901143642; Sat, 27 Jun 2009 14:08:07 +0200 (CEST) Date: Sat, 27 Jun 2009 14:08:03 +0200 From: Alexander Leidinger To: "Bjoern A. Zeeb" Message-ID: <20090627140803.00006830@unknown> In-Reply-To: <20090627104704.Y22887@maildrop.int.zabbadoz.net> References: <20090627122519.00002b84@unknown> <20090627104704.Y22887@maildrop.int.zabbadoz.net> X-Mailer: Claws Mail 3.7.1 (GTK+ 2.10.13; i586-pc-mingw32msvc) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-EBL-MailScanner-Information: Please contact the ISP for more information X-EBL-MailScanner-ID: BC314844020.82EAA X-EBL-MailScanner: Found to be clean X-EBL-MailScanner-SpamCheck: not spam, spamhaus-ZEN, SpamAssassin (not cached, score=-0.84, required 6, autolearn=disabled, ALL_TRUSTED -1.44, J_CHICKENPOX_57 0.60) X-EBL-MailScanner-From: alexander@leidinger.net X-EBL-MailScanner-Watermark: 1246709292.68105@QXfYuBGYk2EcYztLXQEGsw X-EBL-Spam-Status: No Cc: jail@freebsd.org Subject: Re: Switching /etc/rc.d/jail to new syntax (+ new features) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jun 2009 12:08:18 -0000 On Sat, 27 Jun 2009 10:47:47 +0000 (UTC) "Bjoern A. Zeeb" wrote: > On Sat, 27 Jun 2009, Alexander Leidinger wrote: > > > at http://www.leidinger.net/FreeBSD/current-patches/jail.diff I > > have a patch to switch the jail rc script to the new jail > > (8-current) syntax. This includes new config options for a jail > > (see etc/defaults/rc.conf after patching). The patch also contains > > my X-in-a-jail stuff (feel free to ignore this part, it's disabled > > by default). > > > > If you do not make any config change, you will be able to see all > > mounted filesystems of the entire machine. To get back to the > > previous behavior, you have to add a config option: > > jail_XXX_startparams="enforce_statfs=2" > > > > This config option can also take other jail parameters like > > allow.sysvipc and other ones described in the jail man-page > > (additional parameters need to be space separated). > > > > Feedback welcome. > > 1) it break various things that will no longer work As mentioned, it "breaks" the statfs part. If there's anything else, be more specific please. > 2) it's not a poper solution The proper solution for the statfs part would be, that jail(8) defaults to =2 if nothing is specified. Alternatively I can get convinced that we should do a default for it in defaults/rc.conf if nothing is specied for startparams for a particular jail (like we have for some other things), but this would not be as good as if jail(8) would handle it itself. If you do not talk about the statfs part but in a more generic way, what would be a proper solution in your eyes? Bye, Alexander. From owner-freebsd-jail@FreeBSD.ORG Sat Jun 27 12:40:57 2009 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EE02E1065672 for ; Sat, 27 Jun 2009 12:40:57 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from mail.cksoft.de (mail.cksoft.de [195.88.108.3]) by mx1.freebsd.org (Postfix) with ESMTP id A67CE8FC2F for ; Sat, 27 Jun 2009 12:40:57 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 009BE41C648; Sat, 27 Jun 2009 14:25:05 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([195.88.108.3]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id ICSG8qS36emf; Sat, 27 Jun 2009 14:25:05 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 5A8BA41C677; Sat, 27 Jun 2009 14:25:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id A12C84448E6; Sat, 27 Jun 2009 12:21:09 +0000 (UTC) Date: Sat, 27 Jun 2009 12:21:09 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Alexander Leidinger In-Reply-To: <20090627140803.00006830@unknown> Message-ID: <20090627121818.P22887@maildrop.int.zabbadoz.net> References: <20090627122519.00002b84@unknown> <20090627104704.Y22887@maildrop.int.zabbadoz.net> <20090627140803.00006830@unknown> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: jail@freebsd.org Subject: Re: Switching /etc/rc.d/jail to new syntax (+ new features) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jun 2009 12:40:58 -0000 On Sat, 27 Jun 2009, Alexander Leidinger wrote: > On Sat, 27 Jun 2009 10:47:47 +0000 (UTC) "Bjoern A. Zeeb" > wrote: > > >> On Sat, 27 Jun 2009, Alexander Leidinger wrote: >> >>> at http://www.leidinger.net/FreeBSD/current-patches/jail.diff I >>> have a patch to switch the jail rc script to the new jail >>> (8-current) syntax. This includes new config options for a jail >>> (see etc/defaults/rc.conf after patching). The patch also contains >>> my X-in-a-jail stuff (feel free to ignore this part, it's disabled >>> by default). >>> >>> If you do not make any config change, you will be able to see all >>> mounted filesystems of the entire machine. To get back to the >>> previous behavior, you have to add a config option: >>> jail_XXX_startparams="enforce_statfs=2" >>> >>> This config option can also take other jail parameters like >>> allow.sysvipc and other ones described in the jail man-page >>> (additional parameters need to be space separated). >>> >>> Feedback welcome. >> >> 1) it break various things that will no longer work > > As mentioned, it "breaks" the statfs part. If there's anything else, be > more specific please. v6, noIP, ... >> 2) it's not a poper solution > > The proper solution for the statfs part would be, that jail(8) defaults > to =2 if nothing is specified. Alternatively I can get convinced that > we should do a default for it in defaults/rc.conf if nothing is specied > for startparams for a particular jail (like we have for some other > things), but this would not be as good as if jail(8) would handle it > itself. > > If you do not talk about the statfs part but in a more generic way, > what would be a proper solution in your eyes? A proper solution would be a proper mgmt system ready for the future instead of continuting to hack up rc.d/jail via option fo bar baz and another 17000 of them. But this is nothing I'll discuss today while things aren't fully shaken out yet. For now what used to work should continue to work and not break. Everything else on top of that needs to be done properly and not in a rainy-midnight-drive-by. /bz -- Bjoern A. Zeeb The greatest risk is not taking one. From owner-freebsd-jail@FreeBSD.ORG Sat Jun 27 14:24:36 2009 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C9546106566C for ; Sat, 27 Jun 2009 14:24:36 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from mail.ebusiness-leidinger.de (mail.ebusiness-leidinger.de [217.11.53.44]) by mx1.freebsd.org (Postfix) with ESMTP id 469D38FC08 for ; Sat, 27 Jun 2009 14:24:36 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from outgoing.leidinger.net (pD954FA84.dip.t-dialin.net [217.84.250.132]) by mail.ebusiness-leidinger.de (Postfix) with ESMTPSA id EED12844020; Sat, 27 Jun 2009 16:24:30 +0200 (CEST) Received: from unknown (unknown [192.168.2.1]) by outgoing.leidinger.net (Postfix) with ESMTP id D7C7B1BC7F3; Sat, 27 Jun 2009 16:24:27 +0200 (CEST) Date: Sat, 27 Jun 2009 16:24:24 +0200 From: Alexander Leidinger To: "Bjoern A. Zeeb" , jail@freebsd.org Message-ID: <20090627162424.00007289@unknown> In-Reply-To: <20090627121818.P22887@maildrop.int.zabbadoz.net> References: <20090627122519.00002b84@unknown> <20090627104704.Y22887@maildrop.int.zabbadoz.net> <20090627140803.00006830@unknown> <20090627121818.P22887@maildrop.int.zabbadoz.net> X-Mailer: Claws Mail 3.7.1 (GTK+ 2.10.13; i586-pc-mingw32msvc) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-EBL-MailScanner-Information: Please contact the ISP for more information X-EBL-MailScanner-ID: EED12844020.8D3C3 X-EBL-MailScanner: Found to be clean X-EBL-MailScanner-SpamCheck: not spam, spamhaus-ZEN, SpamAssassin (not cached, score=-0.84, required 6, autolearn=disabled, ALL_TRUSTED -1.44, J_CHICKENPOX_57 0.60) X-EBL-MailScanner-From: alexander@leidinger.net X-EBL-MailScanner-Watermark: 1246717471.73659@wcbIusd5ZNboZ2/mcghleg X-EBL-Spam-Status: No Cc: Subject: Re: Switching /etc/rc.d/jail to new syntax (+ new features) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jun 2009 14:24:37 -0000 On Sat, 27 Jun 2009 12:21:09 +0000 (UTC) "Bjoern A. Zeeb" wrote: > On Sat, 27 Jun 2009, Alexander Leidinger wrote: > > > On Sat, 27 Jun 2009 10:47:47 +0000 (UTC) "Bjoern A. Zeeb" > > wrote: > > > > > >> On Sat, 27 Jun 2009, Alexander Leidinger wrote: > >> > >>> at http://www.leidinger.net/FreeBSD/current-patches/jail.diff I > >>> have a patch to switch the jail rc script to the new jail > >>> (8-current) syntax. This includes new config options for a jail > >>> (see etc/defaults/rc.conf after patching). The patch also contains > >>> my X-in-a-jail stuff (feel free to ignore this part, it's disabled > >>> by default). > >>> > >>> If you do not make any config change, you will be able to see all > >>> mounted filesystems of the entire machine. To get back to the > >>> previous behavior, you have to add a config option: > >>> jail_XXX_startparams="enforce_statfs=2" > >>> > >>> This config option can also take other jail parameters like > >>> allow.sysvipc and other ones described in the jail man-page > >>> (additional parameters need to be space separated). > >>> > >>> Feedback welcome. > >> > >> 1) it break various things that will no longer work > > > > As mentioned, it "breaks" the statfs part. If there's anything > > else, be more specific please. > > v6, noIP, ... I didn't change the IP handling in the rc script. Does this mean jail(8) works differently regarding the address parsing when called with the new parameters instead of the old options? I didn't test anything regarding ipv6, but as long as jail(8) doesn't behave differently with the new calling syntax compared with what we have in the tree, then the behavior is not differnt from what we have. If it behaves differently, this can be fixed in the script. > >> 2) it's not a poper solution > > > > The proper solution for the statfs part would be, that jail(8) > > defaults to =2 if nothing is specified. Alternatively I can get > > convinced that we should do a default for it in defaults/rc.conf if > > nothing is specied for startparams for a particular jail (like we > > have for some other things), but this would not be as good as if > > jail(8) would handle it itself. > > > > If you do not talk about the statfs part but in a more generic way, > > what would be a proper solution in your eyes? > > A proper solution would be a proper mgmt system ready for the future > instead of continuting to hack up rc.d/jail via option fo bar baz and > another 17000 of them. > But this is nothing I'll discuss today while things aren't fully > shaken out yet. And I assume from what you say, that such a new mgmt system will not be ready for 8.0. Whatever it will be, it sounds like it will be different from what we have ATM, so I don't think it will be something which will replace the current approach in 8-stable, but will be available additionally, if at all. > For now what used to work should continue to work and not break. > Everything else on top of that needs to be done properly and not in a > rainy-midnight-drive-by. This is not a drive-by. I provide a patch for discussion which allows to use some new features in 8.0 which doesn't break when someone updates from 7.x. Some small enhancement which doesn't break backwards compatibility is always better than no improvement at all. It may not handle all cases, but for this reason I ask people to test it. After that some things can maybe fixed, and after that it can be evaluated if it is worth to commit or not. I don't even urge to rush this in before 8.0. I just offer it now, so that people can actually use some new features. I had to write this anyway, as without the new syntax I wouldn't have been able to use my enhancement to run X in a jail, which I ported to the new syntax. If people think it is useful for 8.0 and nothing better is available for 8.0, it should be shipped with 8.0 IMO (if nothing breaks), but if it isn't, I don't care, as I have it for where I need it. Bye, Alexander.