sysvipc only for one jail

Wed Aug 14 11:30:04 UTC 2013

On 12.08.2013 19:46, Trond Endrestøl wrote:
> On Mon, 12 Aug 2013 14:09+0200, Trond Endrestøl wrote:
>
>> On Mon, 12 Aug 2013 13:57+0200, David Demelier wrote:
>>
>>> 2013/8/12 Trond Endrestøl <Trond.Endrestol at fagskolen.gjovik.no>:
>>>> On Mon, 12 Aug 2013 12:40+0200, David Demelier wrote:
>>>>
>>>>> 2013/8/11 Maciej Suszko <maciej at suszko.eu>:
>>>>>> Maciej Suszko <maciej at suszko.eu> wrote:
>>>>>> [...]
>>>>>>>
>>>>>>> You can specify different params for each jail using _parameters, for
>>>>>>> example:
>>>>>>>
>>>>>>> jail_jailname_params="allow.chflags=1 allow.sysvipc=1"
>>>>>>
>>>>>> Sorry, my mistake - it should be jail_jailname_parameters= of course.
>>>>>> --
>>>>>> regards, Maciej Suszko.
>>>>>
>>>>> Thanks for your message,
>>>>>
>>>>> However, I could not find this setting in the manual of rc.conf(5)
>>>>> neither in /etc/rc.d/jail :(. It does not seems to be applied.
>>>>
>>>> Have a look at jail(8) and the last lines of /etc/default/rc.conf.
>>>
>>> I see,
>>>
>>> I've added what Maciej Suszko told me but the sysctls in the jail is
>>> not set as it should be :
>>>
>>> security.jail.param.allow.sysvipc: 0
>>> security.jail.param.allow.chflags: 0
>>>
>>> And thus, it's not enabled as postgresql tells:
>>>
>>> creating template1 database in /usr/local/pgsql/data/base/1 ... FATAL:
>>>   could not create shared memory segment: Function not implemented
>>
>> I'll look into this by creating a new jail for PostgreSQL 9.2 when I
>> get home.
>
> My host is running 9.2-PRERELEASE, r254150, in VirtualBox 4.2.16.
> The jails are running world, also at r254150.
>
> I added the following to the host's /etc/rc.conf:
>
> jail_enable="YES"
> jail_list="postgresql"
>
> jail_postgresql_rootdir="/jails/postgresql"
> jail_postgresql_hostname="postgresql.bsd.net"
> jail_postgresql_interface="vtnet0"
> jail_postgresql_fib="0"
> jail_postgresql_ip="10.0.2.103,2001:db8::103"
> jail_postgresql_exec_start="/bin/sh /etc/rc"
> jail_postgresql_exec_stop="/bin/sh /etc/rc.shutdown"
> jail_postgresql_devfs_enable="YES"
> jail_postgresql_parameters="enforce_statfs=1 allow.chflags=1 allow.sysvipc=1 allow.mount=1 allow.mount.zfs=1"
>
> I added the following to the host's /etc/jail.conf:
>
> postgresql {
>    path = /jails/postgresql;
>    enforce_statfs = 1;
>    allow.chflags;
>    allow.sysvipc;
>    allow.mount;
>    allow.mount.zfs;
>    mount.devfs;
>    host.hostname = postgresql.bsd.net;
>    ip4.addr = 10.0.2.103;
>    ip6.addr = 2001:db8::103;
>    interface = vtnet0;
>    exec.start = "/bin/sh /etc/rc";
>    exec.stop = "/bin/sh /etc/rc.shutdown";
> }
>
> PostgreSQL 9.2.4 had no problems running initdb nor running postgres
> inside the jail:
>
> root at freebsd-jails:/ # jexec 4 csh
> root at postgresql:/ # /usr/local/etc/rc.d/postgresql status
> pg_ctl: server is running (PID: 46623)
> /usr/local/bin/postgres "-D" "/usr/local/pgsql/data"
> root at postgresql:/ #
>
> If you start the jail manually using jail(8), then /etc/jail.conf
> comes into play, whereas the lines in /etc/rc.conf is used during
> automatic startup of the jails when the host is rebooted. The whole
> arrangement seems unnecessary redundant, and I truly wish this can be
> merged sooner rather than later.
>
>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>

I've updated to 9.2-RC1 and the _parameters did the trick, thanks!

Cheers,