Site Navigation

Date:      Mon, 12 Aug 2013 19:46:02 +0200 (CEST)
From:      =?ISO-8859-1?Q?Trond_Endrest=F8l?= <Trond.Endrestol@fagskolen.gjovik.no>
To:        David Demelier <demelier.david@gmail.com>
Cc:        Maciej Suszko <maciej@suszko.eu>, freebsd-questions@freebsd.org
Subject:   Re: sysvipc only for one jail
Message-ID:  <alpine.BSF.2.00.1308121928480.90799@mail.fig.ol.no>
In-Reply-To: <alpine.BSF.2.00.1308121407470.90799@mail.fig.ol.no>
References:  <CAO%2BPfDe3VDRpK9ALrsvwxBcAyejfN85FRvMLU3Q4CKmMgkG3%2BA@mail.gmail.com> <20130811173341.6d1cb2e7@arsenic> <20130811173630.24ed528c@arsenic> <CAO%2BPfDct3aXrrszdWOOu7KUPaxVKrPvboJJn29ipKUS9pCo%2B_g@mail.gmail.com> <alpine.BSF.2.00.1308121323550.90799@mail.fig.ol.no> <CAO%2BPfDfunKiUx=2SV678jZqzwWHoVPonUwi_MMyNvSJ_HCiUuQ@mail.gmail.com> <alpine.BSF.2.00.1308121407470.90799@mail.fig.ol.no>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--2055831798-2119261980-1376309398=:90799
Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-1
Content-Transfer-Encoding: 8BIT
Content-ID: <alpine.BSF.2.00.1308121928482.90799@mail.fig.ol.no>

On Mon, 12 Aug 2013 14:09+0200, Trond Endrestøl wrote:

> On Mon, 12 Aug 2013 13:57+0200, David Demelier wrote:
> 
> > 2013/8/12 Trond Endrestøl <Trond.Endrestol@fagskolen.gjovik.no>:
> > > On Mon, 12 Aug 2013 12:40+0200, David Demelier wrote:
> > >
> > >> 2013/8/11 Maciej Suszko <maciej@suszko.eu>:
> > >> > Maciej Suszko <maciej@suszko.eu> wrote:
> > >> > [...]
> > >> >>
> > >> >> You can specify different params for each jail using _parameters, for
> > >> >> example:
> > >> >>
> > >> >> jail_jailname_params="allow.chflags=1 allow.sysvipc=1"
> > >> >
> > >> > Sorry, my mistake - it should be jail_jailname_parameters= of course.
> > >> > --
> > >> > regards, Maciej Suszko.
> > >>
> > >> Thanks for your message,
> > >>
> > >> However, I could not find this setting in the manual of rc.conf(5)
> > >> neither in /etc/rc.d/jail :(. It does not seems to be applied.
> > >
> > > Have a look at jail(8) and the last lines of /etc/default/rc.conf.
> > 
> > I see,
> > 
> > I've added what Maciej Suszko told me but the sysctls in the jail is
> > not set as it should be :
> > 
> > security.jail.param.allow.sysvipc: 0
> > security.jail.param.allow.chflags: 0
> > 
> > And thus, it's not enabled as postgresql tells:
> > 
> > creating template1 database in /usr/local/pgsql/data/base/1 ... FATAL:
> >  could not create shared memory segment: Function not implemented
> 
> I'll look into this by creating a new jail for PostgreSQL 9.2 when I 
> get home.

My host is running 9.2-PRERELEASE, r254150, in VirtualBox 4.2.16.
The jails are running world, also at r254150.

I added the following to the host's /etc/rc.conf:

jail_enable="YES"
jail_list="postgresql"

jail_postgresql_rootdir="/jails/postgresql"
jail_postgresql_hostname="postgresql.bsd.net"
jail_postgresql_interface="vtnet0"
jail_postgresql_fib="0"
jail_postgresql_ip="10.0.2.103,2001:db8::103"
jail_postgresql_exec_start="/bin/sh /etc/rc"
jail_postgresql_exec_stop="/bin/sh /etc/rc.shutdown"
jail_postgresql_devfs_enable="YES"
jail_postgresql_parameters="enforce_statfs=1 allow.chflags=1 allow.sysvipc=1 allow.mount=1 allow.mount.zfs=1"

I added the following to the host's /etc/jail.conf:

postgresql {
  path = /jails/postgresql;
  enforce_statfs = 1;
  allow.chflags;
  allow.sysvipc;
  allow.mount;
  allow.mount.zfs;
  mount.devfs;
  host.hostname = postgresql.bsd.net;
  ip4.addr = 10.0.2.103;
  ip6.addr = 2001:db8::103;
  interface = vtnet0;
  exec.start = "/bin/sh /etc/rc";
  exec.stop = "/bin/sh /etc/rc.shutdown";
}

PostgreSQL 9.2.4 had no problems running initdb nor running postgres 
inside the jail:

root@freebsd-jails:/ # jexec 4 csh
root@postgresql:/ # /usr/local/etc/rc.d/postgresql status
pg_ctl: server is running (PID: 46623)
/usr/local/bin/postgres "-D" "/usr/local/pgsql/data"
root@postgresql:/ #

If you start the jail manually using jail(8), then /etc/jail.conf 
comes into play, whereas the lines in /etc/rc.conf is used during 
automatic startup of the jails when the host is rebooted. The whole 
arrangement seems unnecessary redundant, and I truly wish this can be 
merged sooner rather than later.

-- 
+-------------------------------+------------------------------------+
| Vennlig hilsen,               | Best regards,                      |
| Trond Endrestøl,              | Trond Endrestøl,                   |
| IT-ansvarlig,                 | System administrator,              |
| Fagskolen Innlandet,          | Gjøvik Technical College, Norway,  |
| tlf. mob.   952 62 567,       | Cellular...: +47 952 62 567,       |
| sentralbord 61 14 54 00.      | Switchboard: +47 61 14 54 00.      |
+-------------------------------+------------------------------------+
--2055831798-2119261980-1376309398=:90799
Content-Type: TEXT/PLAIN; CHARSET=us-ascii
Content-ID: <alpine.BSF.2.00.1308121928483.90799@mail.fig.ol.no>
Content-Description: 
Content-Disposition: INLINE

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
--2055831798-2119261980-1376309398=:90799--

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1308121928480.90799>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact