Date: Wed, 14 Aug 2013 13:29:28 +0200 From: David Demelier <demelier.david@gmail.com> To: =?ISO-8859-1?Q?Trond_Endrest=F8l?= <Trond.Endrestol@fagskolen.gjovik.no> Cc: Maciej Suszko <maciej@suszko.eu>, freebsd-questions@freebsd.org Subject: Re: sysvipc only for one jail Message-ID: <520B6A18.2060502@gmail.com> In-Reply-To: <alpine.BSF.2.00.1308121928480.90799@mail.fig.ol.no> References: <CAO%2BPfDe3VDRpK9ALrsvwxBcAyejfN85FRvMLU3Q4CKmMgkG3%2BA@mail.gmail.com> <20130811173341.6d1cb2e7@arsenic> <20130811173630.24ed528c@arsenic> <CAO%2BPfDct3aXrrszdWOOu7KUPaxVKrPvboJJn29ipKUS9pCo%2B_g@mail.gmail.com> <alpine.BSF.2.00.1308121323550.90799@mail.fig.ol.no> <CAO%2BPfDfunKiUx=2SV678jZqzwWHoVPonUwi_MMyNvSJ_HCiUuQ@mail.gmail.com> <alpine.BSF.2.00.1308121407470.90799@mail.fig.ol.no> <alpine.BSF.2.00.1308121928480.90799@mail.fig.ol.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12.08.2013 19:46, Trond Endrestøl wrote:
> On Mon, 12 Aug 2013 14:09+0200, Trond Endrestøl wrote:
>
>> On Mon, 12 Aug 2013 13:57+0200, David Demelier wrote:
>>
>>> 2013/8/12 Trond Endrestøl <Trond.Endrestol@fagskolen.gjovik.no>:
>>>> On Mon, 12 Aug 2013 12:40+0200, David Demelier wrote:
>>>>
>>>>> 2013/8/11 Maciej Suszko <maciej@suszko.eu>:
>>>>>> Maciej Suszko <maciej@suszko.eu> wrote:
>>>>>> [...]
>>>>>>>
>>>>>>> You can specify different params for each jail using _parameters, for
>>>>>>> example:
>>>>>>>
>>>>>>> jail_jailname_params="allow.chflags=1 allow.sysvipc=1"
>>>>>>
>>>>>> Sorry, my mistake - it should be jail_jailname_parameters= of course.
>>>>>> --
>>>>>> regards, Maciej Suszko.
>>>>>
>>>>> Thanks for your message,
>>>>>
>>>>> However, I could not find this setting in the manual of rc.conf(5)
>>>>> neither in /etc/rc.d/jail :(. It does not seems to be applied.
>>>>
>>>> Have a look at jail(8) and the last lines of /etc/default/rc.conf.
>>>
>>> I see,
>>>
>>> I've added what Maciej Suszko told me but the sysctls in the jail is
>>> not set as it should be :
>>>
>>> security.jail.param.allow.sysvipc: 0
>>> security.jail.param.allow.chflags: 0
>>>
>>> And thus, it's not enabled as postgresql tells:
>>>
>>> creating template1 database in /usr/local/pgsql/data/base/1 ... FATAL:
>>> could not create shared memory segment: Function not implemented
>>
>> I'll look into this by creating a new jail for PostgreSQL 9.2 when I
>> get home.
>
> My host is running 9.2-PRERELEASE, r254150, in VirtualBox 4.2.16.
> The jails are running world, also at r254150.
>
> I added the following to the host's /etc/rc.conf:
>
> jail_enable="YES"
> jail_list="postgresql"
>
> jail_postgresql_rootdir="/jails/postgresql"
> jail_postgresql_hostname="postgresql.bsd.net"
> jail_postgresql_interface="vtnet0"
> jail_postgresql_fib="0"
> jail_postgresql_ip="10.0.2.103,2001:db8::103"
> jail_postgresql_exec_start="/bin/sh /etc/rc"
> jail_postgresql_exec_stop="/bin/sh /etc/rc.shutdown"
> jail_postgresql_devfs_enable="YES"
> jail_postgresql_parameters="enforce_statfs=1 allow.chflags=1 allow.sysvipc=1 allow.mount=1 allow.mount.zfs=1"
>
> I added the following to the host's /etc/jail.conf:
>
> postgresql {
> path = /jails/postgresql;
> enforce_statfs = 1;
> allow.chflags;
> allow.sysvipc;
> allow.mount;
> allow.mount.zfs;
> mount.devfs;
> host.hostname = postgresql.bsd.net;
> ip4.addr = 10.0.2.103;
> ip6.addr = 2001:db8::103;
> interface = vtnet0;
> exec.start = "/bin/sh /etc/rc";
> exec.stop = "/bin/sh /etc/rc.shutdown";
> }
>
> PostgreSQL 9.2.4 had no problems running initdb nor running postgres
> inside the jail:
>
> root@freebsd-jails:/ # jexec 4 csh
> root@postgresql:/ # /usr/local/etc/rc.d/postgresql status
> pg_ctl: server is running (PID: 46623)
> /usr/local/bin/postgres "-D" "/usr/local/pgsql/data"
> root@postgresql:/ #
>
> If you start the jail manually using jail(8), then /etc/jail.conf
> comes into play, whereas the lines in /etc/rc.conf is used during
> automatic startup of the jails when the host is rebooted. The whole
> arrangement seems unnecessary redundant, and I truly wish this can be
> merged sooner rather than later.
>
>
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
>
I've updated to 9.2-RC1 and the _parameters did the trick, thanks!
Cheers,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?520B6A18.2060502>