From owner-freebsd-jail@FreeBSD.ORG Mon Mar 9 03:22:04 2015 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id F23AE6DA for ; Mon, 9 Mar 2015 03:22:04 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D7CB818F for ; Mon, 9 Mar 2015 03:22:04 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t293M4qf054100 for ; Mon, 9 Mar 2015 03:22:04 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 193129] [jail] exec.start with exec.system_user doesn't set gid Date: Mon, 09 Mar 2015 03:22:04 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 11.0-CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: jamie@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status cc resolution Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Mar 2015 03:22:05 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193129 Jamie Gritton changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |Closed CC| |jamie@FreeBSD.org Resolution|--- |DUPLICATE --- Comment #1 from Jamie Gritton --- Yes, this was filed first and technical 195984 is the duplicate. But I was aware of only 195984 when I fixed it. *** This bug has been marked as a duplicate of bug 195984 *** -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-jail@FreeBSD.ORG Mon Mar 9 19:24:03 2015 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3F1CFC62 for ; Mon, 9 Mar 2015 19:24:03 +0000 (UTC) Received: from internal.electricembers.net (internal.electricembers.net [208.90.215.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.electricembers.net", Issuer "DigiCert High Assurance CA-3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2994DBD7 for ; Mon, 9 Mar 2015 19:24:01 +0000 (UTC) Received: from mail.electricembers.net (npomail1 [208.90.215.73]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: ben) by internal.electricembers.net (Postfix) with ESMTPSA id 62D8B273A0 for ; Mon, 9 Mar 2015 12:23:55 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Mon, 09 Mar 2015 12:23:55 -0700 From: Benjamin Connelly To: freebsd-jail@freebsd.org Subject: ftasv and ScoreBoardFile on FreeBSD 10 with jails Message-ID: X-Sender: ben@electricembers.coop User-Agent: Roundcube Webmail/1.0.2 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Mar 2015 19:24:03 -0000 We recently upgraded some FreeBSD 9.1 servers to FreeBSD 10.1 and found it broke the scoreboard viewing utility we were using, the "ftasv" port (ftss). For that tool to work apache is supposed to be configured to use 'a "name based" shared memory segment' (from their README) by the directive ScoreBoardFile /var/run/apache_status That used to (on FreeBSD 9.1) create that "file". Then we could execute 'ftasv /var/run/apache_status' to interpret it and see what requests apache was working to serve. This even worked with many different apache instances running each in their own jail, where all the jails actually share the same basejail /usr/local/sbin/httpd binary. Inside each jail we could see just the requests that instance of apache was working on. But after the FreeBSD upgrade to 10.1 we no longer see the apache_status file in the filesystem, and ftasv seems to actually report the most recent hits from the most recently restarted instance of apache, even if that's in another jail!? (On a system with no jails and just the one instance of apache, it's not actually a problem!) Can anybody point me toward the right dials to turn if it's still possible to do this scoreboard viewing of each independent apache instance? (Like I think I may need security.jail.param.allow.sysvipc=1 in the jails, but I'm also finding with ezjail I'm not actually able to get that set because it's creating the /var/run/jail.JAILNAME.conf file with both these lines in it: allow.sysvipc = 0; allow.sysvipc=1; Ben From owner-freebsd-jail@FreeBSD.ORG Tue Mar 10 02:15:47 2015 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1FF5872F for ; Tue, 10 Mar 2015 02:15:47 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 05F759A5 for ; Tue, 10 Mar 2015 02:15:47 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t2A2FkqP092669 for ; Tue, 10 Mar 2015 02:15:46 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 192092] [jail(8)] allow.mount.tmpfs does not kldload tmpfs.ko if not present Date: Tue, 10 Mar 2015 02:15:46 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Mar 2015 02:15:47 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192092 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-bugs@FreeBSD.org |freebsd-jail@FreeBSD.org -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-jail@FreeBSD.ORG Tue Mar 10 02:52:58 2015 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 65C691EB for ; Tue, 10 Mar 2015 02:52:58 +0000 (UTC) Received: from m2.gritton.org (gritton.org [199.192.164.235]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3BE8ED8A for ; Tue, 10 Mar 2015 02:52:57 +0000 (UTC) Received: from m2.gritton.org (gritton.org [199.192.164.235]) by m2.gritton.org (8.14.9/8.14.9) with ESMTP id t2A2qp16061098 for ; Mon, 9 Mar 2015 20:52:51 -0600 (MDT) (envelope-from jamie@freebsd.org) Received: (from www@localhost) by m2.gritton.org (8.14.9/8.14.9/Submit) id t2A2qpqH061097; Mon, 9 Mar 2015 20:52:51 -0600 (MDT) (envelope-from jamie@freebsd.org) X-Authentication-Warning: gritton.org: www set sender to jamie@freebsd.org using -f To: freebsd-jail@freebsd.org Subject: Re: ftasv and ScoreBoardFile on FreeBSD 10 with jails X-PHP-Originating-Script: 0:rcube.php MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Mon, 09 Mar 2015 20:52:51 -0600 From: James Gritton In-Reply-To: References: Message-ID: <88a082c0bbf3a1bae7e5a6864f73884d@gritton.org> X-Sender: jamie@freebsd.org User-Agent: Roundcube Webmail/1.0.3 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Mar 2015 02:52:58 -0000 On 2015-03-09 13:23, Benjamin Connelly wrote: > We recently upgraded some FreeBSD 9.1 servers to FreeBSD 10.1 and > found it broke the scoreboard viewing utility we were using, the > "ftasv" port (ftss). > > For that tool to work apache is supposed to be configured to use 'a > "name based" shared memory segment' (from their README) by the > directive > > ScoreBoardFile /var/run/apache_status > > That used to (on FreeBSD 9.1) create that "file". Then we could > execute 'ftasv /var/run/apache_status' to interpret it and see what > requests apache was working to serve. > > This even worked with many different apache instances running each in > their own jail, where all the jails actually share the same basejail > /usr/local/sbin/httpd binary. Inside each jail we could see just the > requests that instance of apache was working on. > > But after the FreeBSD upgrade to 10.1 we no longer see the > apache_status file in the filesystem, and ftasv seems to actually > report the most recent hits from the most recently restarted instance > of apache, even if that's in another jail!? (On a system with no jails > and just the one instance of apache, it's not actually a problem!) > > Can anybody point me toward the right dials to turn if it's still > possible to do this scoreboard viewing of each independent apache > instance? (Like I think I may need security.jail.param.allow.sysvipc=1 > in the jails, but I'm also finding with ezjail I'm not actually able > to get that set because it's creating the /var/run/jail.JAILNAME.conf > file with both these lines in it: > allow.sysvipc = 0; > allow.sysvipc=1; > > Ben You definitely don't want to try setting anything under security.jail.param.* - those are just informational, used by jail(8) to know the identities and formats of the currently available parameters. One of the two lines that is ending up in /var/run/jail.JAILNAME.conf is correct, though it's not immediately obvious which one. ftss claims you need name-based shared memory, i.e. memory-mapped files. This has nothing to do with SYSV-style shared memory, except that it's the modern (i.e. right) way to do shared memory and SYSV IPC is the old (i.e. wrong) way. So that would make me think it doesn't matter what you do with allow.sysvipc. Maybe ftss first tries SYSV, and if that works it goes with that, and if it doesn't then it tries the memory-mapped file (which isn't what it says it does, but that's neither here nor there). Jails that allow SYSV IPC don't segregate it into per-jail namespaces, which is IMHO a bug and which would explain it seeing some other jail's status. Memory-mapped files on the other hand depend on the file being the same (and not just the same name), so a typical jail will not be able to share another jail's memory-mapped files because it can't see another jail's filesystem namespace. This is making me think you want allow.syscipc=0. I'm not sure how you would set that in ezjail, but I would assume it's ... well ... easy. - Jamie From owner-freebsd-jail@FreeBSD.ORG Thu Mar 12 05:12:07 2015 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 161835FF for ; Thu, 12 Mar 2015 05:12:07 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id F0DB9A29 for ; Thu, 12 Mar 2015 05:12:06 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t2C5C6vM049941 for ; Thu, 12 Mar 2015 05:12:06 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 196574] Bug in parsing jail.conf Date: Thu, 12 Mar 2015 05:12:05 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: conf X-Bugzilla-Version: 10.1-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Mar 2015 05:12:07 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196574 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-bugs@FreeBSD.org |freebsd-jail@FreeBSD.org -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-jail@FreeBSD.ORG Thu Mar 12 05:24:26 2015 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C3816A1 for ; Thu, 12 Mar 2015 05:24:26 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A99EABCB for ; Thu, 12 Mar 2015 05:24:26 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t2C5OQbP017262 for ; Thu, 12 Mar 2015 05:24:26 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 196152] jail_list is not reversed when stopping jails Date: Thu, 12 Mar 2015 05:24:26 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: conf X-Bugzilla-Version: 10.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Mar 2015 05:24:26 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196152 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-bugs@FreeBSD.org |freebsd-jail@FreeBSD.org -- You are receiving this mail because: You are the assignee for the bug.