From owner-freebsd-virtualization@freebsd.org Thu Aug 16 07:25:41 2018 Return-Path: Delivered-To: freebsd-virtualization@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0C99C10803F1; Thu, 16 Aug 2018 07:25:41 +0000 (UTC) (envelope-from hausen@punkt.de) Received: from kagate.punkt.de (kagate.punkt.de [217.29.33.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8C29572016; Thu, 16 Aug 2018 07:25:40 +0000 (UTC) (envelope-from hausen@punkt.de) Received: from hugo10.ka.punkt.de (hugo10.ka.punkt.de [217.29.44.10]) by gate1.intern.punkt.de with ESMTP id w7G7Pc0R046541; Thu, 16 Aug 2018 09:25:38 +0200 (CEST) Received: from [217.29.44.49] ([217.29.44.49]) by hugo10.ka.punkt.de (8.14.2/8.14.2) with ESMTP id w7G7PbWu069056; Thu, 16 Aug 2018 09:25:37 +0200 (CEST) (envelope-from hausen@punkt.de) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: Why can't I dtrace processes running in a jail from the host? From: "Patrick M. Hausen" In-Reply-To: <20180810183419.GA52302@raichu> Date: Thu, 16 Aug 2018 09:25:37 +0200 Cc: David Powers via freebsd-virtualization , freebsd-dtrace@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <5BD4792C-D8AB-4598-BE7A-9D63A5757392@punkt.de> References: <20180809145258.GA68459@raichu> <8B1BDE9F-BDAD-4CEB-B7A2-8052497F50EA@punkt.de> <20180810183419.GA52302@raichu> To: Mark Johnston X-Mailer: Apple Mail (2.3273) X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Aug 2018 07:25:41 -0000 Good morning, I did some further investigation and with help from Mark was finally able to get it working. Took quite some effort - documentation on the PHP side - NULL :-/ BTW: has anyone ever successfully subscribed to one of the PHP mailing lists? Where is the community of the people developing that stuff? OK, back to topic, in fact I had two issues, one FreeBSD, one PHP related. 1. DTrace'ing jailed userland probes requires /dev/dtrace/* to be visible inside the jail. Hence: [devfsrules_proserver=3D100] add include $devfsrules_jail add path dtrace/* unhide iocage set devfs_ruleset=3D100 vpro0069 Voila - dtrace on the host, watch userland probes in the jail. 2. PHP > 5.6 needs the environment variable USE_ZEND_DTRACE to be set to register it's probes. Turned out that it was not sufficient to *configure* that into the PHP FPM worker but you need to set (and export) the variable on the shell before you start the FPM master daemon. Then everything works as = expected. What I regularly do in such a case is sh -x /usr/local/etc/rc.d/php-fpm start to find out what command is actually executed in the end. Then call that = directly after setting the environment. Result: setenv USE_ZEND_DTRACE 1 limits -C daemon /usr/local/sbin/php-fpm Bingo! Surprisingly enough it is *not* necessary to configure clear_env =3D no in PHP FPM ... DTrace is active as soon as the master daemon sees that environment variable. Kind regards Patrick --=20 punkt.de GmbH Internet - Dienstleistungen - Beratung Kaiserallee 13a Tel.: 0721 9109-0 Fax: -100 76133 Karlsruhe info@punkt.de http://punkt.de AG Mannheim 108285 Gf: Juergen Egeling