Date: Tue, 14 May 2013 17:38:37 +0200 From: David Demelier <demelier.david@gmail.com> To: Joe <fbsd8@a1poweruser.com> Cc: freebsd-questions@freebsd.org Subject: Re: /etc/jail.conf for automatically started jails listed in /etc/rc.conf Message-ID: <CAO%2BPfDdh%2BA5PeXMb2YKZASH4=YsvsdFqt9c-Ec=Upr_cKTD7PA@mail.gmail.com> In-Reply-To: <51923A06.7020206@a1poweruser.com> References: <11698066.Kggl9cS1ZD@melon> <51914DC1.1050207@a1poweruser.com> <1990818.dWVxsxnVR3@melon> <519188FD.7010900@a1poweruser.com> <CAO%2BPfDeCpeDoNLo-E0g0rxL1uY%2B3iH5YUQXBMaBvsxrXO=NoSA@mail.gmail.com> <51923A06.7020206@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
2013/5/14 Joe <fbsd8@a1poweruser.com>: > David Demelier wrote: >> >> 2013/5/14 Joe <fbsd8@a1poweruser.com>: >>> >>> David Demelier wrote: >>>> >>>> Le lundi 13 mai 2013 16:32:01 Joe a =C3=A9crit : >>>>> >>>>> David Demelier wrote: >>>>>> >>>>>> Hello dear, >>>>>> >>>>>> Does jail.conf(5) does not work for jails listed in the rc.conf ? >>>>>> >>>>>> I've added in /etc/jail.conf: >>>>>> >>>>>> foo { >>>>>> >>>>>> hostname=3DFoo; >>>>>> path=3D/jails/foo; >>>>>> allow.sysvipc=3D1; >>>>>> >>>>>> } >>>>>> >>>>>> And in /etc/rc.conf only foo in the jail_list parameter, but when I >>>>>> try >>>>>> to >>>>>> start the jail it still complain about missing hostname. >>>>>> >>>>>> Regards, >>>>> >>>>> There are 2 methods for configuring jails. >>>>> >>>>> The legacy method which you put the jail config statements in the hos= ts >>>>> /etc/rc.conf file and start and stop control is done by the hosts >>>>> /etc/rc.d/jail script at boot time. >>>>> >>>>> The jail(8) method which has it's own jail config statements in the >>>>> hosts /etc/jail.conf file and uses the jail(8) program for starting a= nd >>>>> stopping. You can create a jail.conf file for each jail(8) and start = it >>>>> using jail -c -f "/etc/jailname.jail.conf" and stop by issuing >>>>> jail -f "/etc/jailname.jail.conf" -r jailname >>>>> >>>>> You can not mix the 2 methods. >>>> >>>> >>>> My real problem is that I wanted to add allow.sysvipc only for *one* >>>> jail >>>> and I can't find a real solution by jail_* flags in /etc/rc.conf >>>> >>>> There is jail_allow_sysvipc but it enable it for all jails. >>>> >>>> >>> >>> The jail(8) method does have a allow_sysvipc on a per jail basis. To us= e >>> it >>> you have to use the jail(8) method. The 9.1-RELEASE legacy method is a >>> work >>> in process to incorporate the jail(8) parameters into the rc.conf confi= g >>> statements. >>> >>> About the allow_sysvipc parameter, this breaks the security the jail is >>> designed to provide and should NOT be used on any jails having public >>> internet access. >>> >>> What are you trying to do that you think you need to use the >>> allow_sysvipc >>> parameter? >>> >> >> PostgreSQL, usually I install it on the host instead of jails, but I >> needed a second instance on a different port for a public access.. >> >> Regards, >> >> -- >> Demelier David >> >> > That all sounds logical and is what jails are designed to do. > Why would running PostgreSQL in a jail need sysvipc? > Have you tried it? Did you get some PostgreSQL error? > Yes, unfortunately this is a very very old issue that has been reported so much often.. -- Demelier David
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAO%2BPfDdh%2BA5PeXMb2YKZASH4=YsvsdFqt9c-Ec=Upr_cKTD7PA>