Date: Tue, 14 May 2013 17:38:37 +0200 From: David Demelier <demelier.david@gmail.com> To: Joe <fbsd8@a1poweruser.com> Cc: freebsd-questions@freebsd.org Subject: Re: /etc/jail.conf for automatically started jails listed in /etc/rc.conf Message-ID: <CAO%2BPfDdh%2BA5PeXMb2YKZASH4=YsvsdFqt9c-Ec=Upr_cKTD7PA@mail.gmail.com> In-Reply-To: <51923A06.7020206@a1poweruser.com> References: <11698066.Kggl9cS1ZD@melon> <51914DC1.1050207@a1poweruser.com> <1990818.dWVxsxnVR3@melon> <519188FD.7010900@a1poweruser.com> <CAO%2BPfDeCpeDoNLo-E0g0rxL1uY%2B3iH5YUQXBMaBvsxrXO=NoSA@mail.gmail.com> <51923A06.7020206@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
2013/5/14 Joe <fbsd8@a1poweruser.com>:
> David Demelier wrote:
>>
>> 2013/5/14 Joe <fbsd8@a1poweruser.com>:
>>>
>>> David Demelier wrote:
>>>>
>>>> Le lundi 13 mai 2013 16:32:01 Joe a =C3=A9crit :
>>>>>
>>>>> David Demelier wrote:
>>>>>>
>>>>>> Hello dear,
>>>>>>
>>>>>> Does jail.conf(5) does not work for jails listed in the rc.conf ?
>>>>>>
>>>>>> I've added in /etc/jail.conf:
>>>>>>
>>>>>> foo {
>>>>>>
>>>>>> hostname=3DFoo;
>>>>>> path=3D/jails/foo;
>>>>>> allow.sysvipc=3D1;
>>>>>>
>>>>>> }
>>>>>>
>>>>>> And in /etc/rc.conf only foo in the jail_list parameter, but when I
>>>>>> try
>>>>>> to
>>>>>> start the jail it still complain about missing hostname.
>>>>>>
>>>>>> Regards,
>>>>>
>>>>> There are 2 methods for configuring jails.
>>>>>
>>>>> The legacy method which you put the jail config statements in the hos=
ts
>>>>> /etc/rc.conf file and start and stop control is done by the hosts
>>>>> /etc/rc.d/jail script at boot time.
>>>>>
>>>>> The jail(8) method which has it's own jail config statements in the
>>>>> hosts /etc/jail.conf file and uses the jail(8) program for starting a=
nd
>>>>> stopping. You can create a jail.conf file for each jail(8) and start =
it
>>>>> using jail -c -f "/etc/jailname.jail.conf" and stop by issuing
>>>>> jail -f "/etc/jailname.jail.conf" -r jailname
>>>>>
>>>>> You can not mix the 2 methods.
>>>>
>>>>
>>>> My real problem is that I wanted to add allow.sysvipc only for *one*
>>>> jail
>>>> and I can't find a real solution by jail_* flags in /etc/rc.conf
>>>>
>>>> There is jail_allow_sysvipc but it enable it for all jails.
>>>>
>>>>
>>>
>>> The jail(8) method does have a allow_sysvipc on a per jail basis. To us=
e
>>> it
>>> you have to use the jail(8) method. The 9.1-RELEASE legacy method is a
>>> work
>>> in process to incorporate the jail(8) parameters into the rc.conf confi=
g
>>> statements.
>>>
>>> About the allow_sysvipc parameter, this breaks the security the jail is
>>> designed to provide and should NOT be used on any jails having public
>>> internet access.
>>>
>>> What are you trying to do that you think you need to use the
>>> allow_sysvipc
>>> parameter?
>>>
>>
>> PostgreSQL, usually I install it on the host instead of jails, but I
>> needed a second instance on a different port for a public access..
>>
>> Regards,
>>
>> --
>> Demelier David
>>
>>
> That all sounds logical and is what jails are designed to do.
> Why would running PostgreSQL in a jail need sysvipc?
> Have you tried it? Did you get some PostgreSQL error?
>
Yes, unfortunately this is a very very old issue that has been
reported so much often..
--
Demelier David
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAO%2BPfDdh%2BA5PeXMb2YKZASH4=YsvsdFqt9c-Ec=Upr_cKTD7PA>