IPCS resource access within a down-level jail?

Tue Oct 16 23:59:54 UTC 2012

David Wolfskill wrote:
> [Please include me in responses; I've set Reply-To as a hint.  Thanks!]
> 
> A colleague had been running a program that makes use of IPCS message
> queues in a 7.x/i386 environment.
> 
> He was moved to a 32-bit 7.x-based jail instantiated on an 8.x/amd64
> host.
> 
> Within that jail, "ipcs -a" now fails to come anywhere near close to
> reporting what it does outside the jail.
> 
> I then performed an experiment: I created a 7.x/i386 jail on my
> 9.x/i386 laptop.  I verified that "ipcs -a" (outside the jail) shows
> Stuff:
> 
> d134(9.1-P)[1] ipcs -a
> Message Queues:
> T           ID          KEY MODE        OWNER    GROUP    CREATOR  CGROUP                 CBYTES                 QNUM               QBYTES        LSPID        LRPID STIME    RTIME    CTIME   
> 
> Shared Memory:
> T           ID          KEY MODE        OWNER    GROUP    CREATOR  CGROUP         NATTCH        SEGSZ         CPID         LPID ATIME    DTIME    CTIME   
> m       393216            0 --rw------- david    david    david    david               2       393216         3671         3147  8:23:37 no-entry  8:23:37
> m       851969            0 --rw------- david    david    david    david               2       262080         3861         3147  9:24:09 no-entry  9:24:09
> m       458754            0 --rw------- david    david    david    david               2       384000         3861         3147  9:24:09 no-entry  9:24:09
> 
> Semaphores:
> T           ID          KEY MODE        OWNER    GROUP    CREATOR  CGROUP          NSEMS OTIME    CTIME   
> 
> d134(9.1-P)[2] 
> 
> 
> Inside the jail, using the 7.x version of ipcs, I get:
> 
> %ipcs -a
> ipcs: sysctlbyname: kern.ipc.msqids: Cannot allocate memory
> %
> 
> I then recompiled the 9.x versions of ipcs & ipcrm and linked them
> statically; running that verion of ipcs, I see:
> 
> %~/bin/!!
> ~/bin/ipcs -a
> Message Queues:
> T           ID          KEY MODE        OWNER    GROUP    CREATOR  CGROUP                 CBYTES                 QNUM               QBYTES        LSPID        LRPID STIME    RTIME    CTIME   
> 
> Shared Memory:
> T           ID          KEY MODE        OWNER    GROUP    CREATOR  CGROUP         NATTCH        SEGSZ         CPID         LPID ATIME    DTIME    CTIME   
> m       393216            0 --rw------- david    david    david    david               2       393216         3671         3147 15:23:37 no-entry 15:23:37
> m       655362            0 --rw------- david    david    david    david               2       262080         3861         3147 18:39:30 no-entry 18:39:30
> 
> Semaphores:
> T           ID          KEY MODE        OWNER    GROUP    CREATOR  CGROUP          NSEMS OTIME    CTIME   
> 
> %
> 
> Is this (inability to access IPCS resources properly within a
> "down-level" jail) expected behavior?
> 
> Is there a sane(?) way to provide IPCS resources inside a down-level
> jail?
> 
> Thanks!
> 
> Peace,
> david

Your problem is in the way you are trying to use jails. The jail has to 
be at the same major release level as the host. Host being 9.2 with a 
jail at 9.0 may work. But 9.x or 8.x host with 7.x jail for sure will 
not work.