Date: Mon, 23 Aug 2010 13:36:47 +0900 From: Alexander Petrovsky <askjuise@gmail.com> To: freebsd-jail@freebsd.org Subject: sysvipc problem Message-ID: <AANLkTin9PXAgDUeeMiN9U1QMojVBZFLRKa-V_oUt4-sZ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi!
I have two servers for jail virtualization:
1. Only ezjail framework:
# uname -a
FreeBSD troll.golodnyj.ru 8.0-STABLE FreeBSD 8.0-STABLE #0 r199880: Thu Dec
3 13:35:21 IRKT 2009
alexander@troll.golodnyj.ru:/usr/obj/usr/src/sys/WEBKERNEL
i386
# cat /etc/rc.conf | grep jail
jail_sysvipc_allow=3D"YES"
ezjail_enable=3D"YES"
# less /usr/local/etc/ezjail/www
# To specify the start up order of your ezjails, use these lines to
# create a Jail dependency tree. See rcorder(8) for more details.
#
# PROVIDE: standard_ezjail
# REQUIRE:
# BEFORE:
#
export jail_www_hostname=3D"www"
export jail_www_ip=3D"84.237.22.15,192.168.47.15"
export jail_www_rootdir=3D"/var/jails/www"
export jail_www_exec=3D"/bin/sh /etc/rc"
export jail_www_mount_enable=3D"YES"
export jail_www_devfs_enable=3D"YES"
export jail_www_devfs_ruleset=3D"devfsrules_jail"
export jail_www_procfs_enable=3D"YES"
export jail_www_fdescfs_enable=3D"YES"
export jail_www_image=3D""
export jail_www_imagetype=3D""
export jail_www_attachparams=3D""
export jail_www_attachblocking=3D""
export jail_www_forceblocking=3D""
# jls -v
JID Hostname Path
Name State
CPUSetID
IP Address(es)
1 www /var/jails/www
1 ACTIVE
2
84.237.22.15
192.168.47.15
# sysctl security.jail.sysvipc_allowed
security.jail.sysvipc_allowed: 1
# jexec 1 sysctl security.jail.sysvipc_allowed
security.jail.sysvipc_allowed: 1
-------------------------------------------------------------------
2. ezjail framework and patched jail rc script
# uname -a
FreeBSD garem.golodnyj.ru 8.0-STABLE FreeBSD 8.0-STABLE #0: Fri Feb 19
16:36:58 IRKT 2010 alexander@:/usr/obj/usr/src/sys/GAREMKERNEL amd64
# cat /etc/rc.conf | grep jail
jail_enable=3D"YES"
jail_v2_enable=3D"YES"
ezjail_enable=3D"YES"
jail_sysvipc_allow=3D"YES"
jail_set_hostname_allow=3D"YES"
jail_list=3D""
jail_list=3D"$jail_list jail01"
jail_jail01_hostname=3D"propeller"
jail_jail01_rootdir=3D"/var/jails/${jail_jail01_name}"
jail_jail01_vnet_enable=3D"YES"
jail_jail01_mount_enable=3D"YES"
jail_jail01_devfs_enable=3D"YES"
jail_jail01_devfs_ruleset=3D"devfsrules_jail"
jail_jail01_exec_erlyprestart0=3D"mdconfig -a -t vnode -f
/var/jails/img/${jail_jail01_name} -u 1"
jail_jail01_exec_prestart0=3D"ifconfig epair1 create"
jail_jail01_exec_prestart1=3D"ifconfig epair2 create"
jail_jail01_exec_prestart2=3D"ifconfig epair1b up"
jail_jail01_exec_prestart3=3D"ifconfig epair2b up"
jail_jail01_exec_prestart4=3D"ifconfig bridge0 addm epair1b"
jail_jail01_exec_prestart5=3D"ifconfig bridge1 addm epair2b"
jail_jail01_exec_earlypoststart0=3D"ifconfig epair1a vnet ${jail_jail01_nam=
e}"
jail_jail01_exec_earlypoststart1=3D"ifconfig epair2a vnet ${jail_jail01_nam=
e}"
jail_jail01_exec_afterstart0=3D"ifconfig lo0 127.0.0.1"
jail_jail01_exec_afterstart1=3D"ifconfig epair1a name igb0"
jail_jail01_exec_afterstart2=3D"ifconfig epair2a name igb1"
jail_jail01_exec_afterstart3=3D"ifconfig igb0 84.237.22.14 netmask 0xffffff=
80"
jail_jail01_exec_afterstart4=3D"ifconfig igb1 192.168.6.14 netmask 0xffffff=
00"
jail_jail01_exec_afterstart5=3D"route add default 84.237.22.1"
jail_jail01_exec_afterstart6=3D"route add -net 192.168.0.0/16 192.168.6.1"
jail_jail01_exec_afterstart7=3D"/bin/sh /etc/rc"
jail_jail01_exec_poststop0=3D"ifconfig bridge0 deletem epair1b"
jail_jail01_exec_poststop1=3D"ifconfig bridge1 deletem epair2b"
jail_jail01_exec_poststop2=3D"ifconfig epair1b destroy"
jail_jail01_exec_poststop3=3D"ifconfig epair2b destroy"
jail_jail01_exec_poststop4=3D"mdconfig -d -u 1"
# cat /usr/local/etc/ezjail/gerda
# To specify the start up order of your ezjails, use these lines to
# create a Jail dependency tree. See rcorder(8) for more details.
#
# PROVIDE: standard_ezjail
# REQUIRE:
# BEFORE:
#
export jail_gerda_hostname=3D"gerda"
export jail_gerda_ip=3D"84.237.22.5,192.168.6.5"
export jail_gerda_rootdir=3D"/var/jails/gerda"
export jail_gerda_exec_start=3D"/bin/sh /etc/rc"
export jail_gerda_exec_stop=3D""
export jail_gerda_mount_enable=3D"YES"
export jail_gerda_devfs_enable=3D"YES"
export jail_gerda_devfs_ruleset=3D"devfsrules_jail"
export jail_gerda_procfs_enable=3D"YES"
export jail_gerda_fdescfs_enable=3D"YES"
export jail_gerda_image=3D""
export jail_gerda_imagetype=3D""
export jail_gerda_attachparams=3D""
export jail_gerda_attachblocking=3D""
export jail_gerda_forceblocking=3D""
export jail_gerda_zfs_datasets=3D""
export jail_gerda_cpuset=3D"2"
export jail_gerda_fib=3D"0"
# jls -v
JID Hostname Path
Name State
CPUSetID
IP Address(es)
4 gerda /var/jails/gerda
4 ACTIVE
5
84.237.22.5
........
8 propeller /var/jails/jail01
jail01 ACTIVE
9
# sysctl security.jail.sysvipc_allowed
security.jail.sysvipc_allowed: 1
# jexec 4 sysctl security.jail.sysvipc_allowed
security.jail.sysvipc_allowed: 0
# jexec 8 sysctl security.jail.sysvipc_allowed
-------------------------------------------------------------------
Why in 8.0 I have
# sysctl security.jail.sysvipc_allowed
security.jail.sysvipc_allowed: 1
# jexec 1 sysctl security.jail.sysvipc_allowed
security.jail.sysvipc_allowed: 1
But In 8.1 I have
# sysctl security.jail.sysvipc_allowed
security.jail.sysvipc_allowed: 1
# jexec 4 sysctl security.jail.sysvipc_allowed
security.jail.sysvipc_allowed: 0
# jexec 8 sysctl security.jail.sysvipc_allowed
I was doing wrong?
--=20
=D0=9F=D0=B5=D1=82=D1=80=D0=BE=D0=B2=D1=81=D0=BA=D0=B8=D0=B9 =D0=90=D0=BB=
=D0=B5=D0=BA=D1=81=D0=B0=D0=BD=D0=B4=D1=80 / Alexander Petrovsky,
ICQ: 350342118
Jabber: juise@jabber.ru
Phone: +7 914 8 820 815
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTin9PXAgDUeeMiN9U1QMojVBZFLRKa-V_oUt4-sZ>