From owner-freebsd-questions@FreeBSD.ORG Sat Mar 31 15:00:21 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9D5AD16A409 for ; Sat, 31 Mar 2007 15:00:21 +0000 (UTC) (envelope-from kimimeister@gmail.com) Received: from ik-out-1112.google.com (ik-out-1112.google.com [66.249.90.183]) by mx1.freebsd.org (Postfix) with ESMTP id 3454213C45E for ; Sat, 31 Mar 2007 15:00:20 +0000 (UTC) (envelope-from kimimeister@gmail.com) Received: by ik-out-1112.google.com with SMTP id c21so640422ika for ; Sat, 31 Mar 2007 08:00:20 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=tY1SMWCV8pe8xskf4IMUnvGEpwlSclspav0NLAsTJ3ZWyeYHSHWq3n00Qdhifses3KYTcNHaHKYlIC2HitXQkmwJWhiTo2t4c1HMMhuSmOV2BCM/pHDZqPUqiVSkxZzX1M3BxIGKKK0CwE/zFzsp91J7upatfb6wsnID2lln8MI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=fzKhqIHCq/HcSvL1/Lt7UzIzEkfq2zFI/b41dEUVcEzrmfriduEH+DS3Ot8GfM4SEBVyNt5msdZwIb4z4B+BJuIulry3rOqaM+/rWVRWjNCweK/xfOwt0iwcRzm3kzrVPPyHr7uNx/47AjCRxy4CBr3obfULAPj+YmRXv+UZLIE= Received: by 10.114.156.1 with SMTP id d1mr1182415wae.1175353219304; Sat, 31 Mar 2007 08:00:19 -0700 (PDT) Received: by 10.114.160.20 with HTTP; Sat, 31 Mar 2007 08:00:19 -0700 (PDT) Message-ID: <42b497160703310800m37440ae2h4c98c813e5f6da53@mail.gmail.com> Date: Sat, 31 Mar 2007 16:00:19 +0100 From: "Kimi Ostro" To: "Jonathan Horne" In-Reply-To: <20070331090326.5c0a836d.freebsd@dfwlp.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20070331090326.5c0a836d.freebsd@dfwlp.com> Cc: freebsd-questions@freebsd.org Subject: Re: updating a jail X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 Mar 2007 15:00:21 -0000 On 31/03/07, Jonathan Horne wrote: > im still working on updating 2 jails. i nullfs mounted /usr/src /usr/obj from my host into my jails, and tried to installworld, but got this error: > > ===> lib/libcrypt (install) > install -C -o root -g wheel -m 444 libcrypt.a /usr/lib > install -C -o root -g wheel -m 444 libcrypt_p.a /usr/lib > install -s -o root -g wheel -m 444 -fschg -S libcrypt.so.3 /lib > install: rename: /lib/INS@eggs to /lib/libcrypt.so.3: Operation not permitted > *** Error code 71 > > Stop in /usr/src/lib/libcrypt. > *** Error code 1 > > Stop in /usr/src/lib. > *** Error code 1 > > Stop in /usr/src. > *** Error code 1 > > Stop in /usr/src. > *** Error code 1 > > Stop in /usr/src. > *** Error code 1 > > Stop in /usr/src. > > the jail manpage is easy enough to follow, but IMO mastering management and maintenance is much more difficult to learn without good documented guidance. i know many have recommended that i try ezjail and such, but im one of those guys who refuses to pay someone to fix my own car until i fully understand why such an operation is too far above my head. same glutton for pain stance for me on computer stuff too... i force myself to understand the canonical methods first, before i start taking advantage of shortcuts. > > so... how do i get over or past this error? > do you fiddle with securelevels? check the file flags on /lib/libcrypt.so.3 with ls -lo also what is value of sysctl security.jail.chflags_allowed ? I used a different strategy: /var/jail/jail0 - contains a full buildworld /var/jail/jail1 - is a unionfs from jail0 /var/jail/jailX - as jail1 jail0 has nfs mounted /usr/src and /usr/obj - this way I can jexec 1 /bin/csh do the whole buildworld mergemaster dance - only thing that is nullfs mounted is /tmp. I also do a mksnap_ffs before updating just incase things break & change security.jail.chflags_allowed before and after the installworld part. > thanks, > jonathan -- Kimi