From owner-freebsd-x11@freebsd.org Wed Oct 5 11:46:12 2016 Return-Path: Delivered-To: freebsd-x11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E72F3AF5962 for ; Wed, 5 Oct 2016 11:46:12 +0000 (UTC) (envelope-from petr.fischer@me.com) Received: from pv33p00im-asmtp003.me.com (pv33p00im-asmtp003.me.com [17.142.194.252]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CB877220 for ; Wed, 5 Oct 2016 11:46:12 +0000 (UTC) (envelope-from petr.fischer@me.com) Received: from process-dkim-sign-daemon.pv33p00im-asmtp003.me.com by pv33p00im-asmtp003.me.com (Oracle Communications Messaging Server 7.0.5.38.0 64bit (built Feb 26 2016)) id <0OEK00800O0G6X00@pv33p00im-asmtp003.me.com> for freebsd-x11@freebsd.org; Wed, 05 Oct 2016 11:46:02 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=me.com; s=4d515a; t=1475667962; bh=ToIwk79SoBQS9HqmPYSnPswpNdDQb7ankJ0Pn6gBn+o=; h=Date:From:To:Subject:Message-id:MIME-version:Content-type; b=d9A1Mh4yLVBi1NhVKCxgdY+8TX/wzFKHEmzzE0DriHRh2nUEPHgj7wnD5Au1eO6d3 Pe+FPE5CwboyZ4TD4fZ+Y4eQOHOf0Zuf/+KKKL7yNRHjw+Kvhl2j2Kbt/7MKPRdu7z m0sOjhDuwhnmBqkqK3QLrfiC5Z0MdHwpnsr/L3fJlSfliBduq2rIOF/6mTaGwFJPpW uDTU6mqQlAa/G+cK/kL/ukgPOch54eCC9E+bTeA19xBXU/nvIg9tLoW89bFOaaOx+E /EDXEtWd7O+z3kWRRnszhsRu04UGQxrbl6kzHXhD/WLEUoWbEk3bKSKqV9znPvSfQO nYpRmoFcB5sgQ== Received: from localhost (109.2.broadband2.iol.cz [83.208.2.109]) by pv33p00im-asmtp003.me.com (Oracle Communications Messaging Server 7.0.5.38.0 64bit (built Feb 26 2016)) with ESMTPSA id <0OEK00A84OOMW930@pv33p00im-asmtp003.me.com> for freebsd-x11@freebsd.org; Wed, 05 Oct 2016 11:46:01 +0000 (GMT) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2016-10-05_04:,, signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 clxscore=1034 suspectscore=3 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1603290000 definitions=main-1610050201 Date: Wed, 05 Oct 2016 13:45:57 +0200 From: Petr Fischer To: freebsd-x11@freebsd.org Subject: Re: NVidia + run X apps from jail Message-id: <20161005114557.oczljtesfneyi3dc@pf-bsd.local> References: <20161003021517.GB92917@pf-bsd.local> <07be07151f0b51498e9e9d4e2c518fdd@kapsi.fi> <20161005034549.34ib275kgav3bunw@pf-bsd.local> <201610050928.u959SvQH084767@kx.openedu.org> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-disposition: inline In-reply-to: <201610050928.u959SvQH084767@kx.openedu.org> User-Agent: NeoMutt/20161003 (1.7.0) X-BeenThere: freebsd-x11@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: X11 on FreeBSD -- maintaining and support List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Oct 2016 11:46:13 -0000 > Petr Fischer wrote: > > > > So I gave up OpenGL in a jail and installed everything (whole desktops + kodi + all deps) on the base host (server:0). > > > > A also tried to run whole Xorg in a jail, configured many devfs rules (nvidia devs, mixer devs etc etc), but also no luck - there was some error like: "Can't get extended write mode on /dev/io" (or something like this). > > See [1]. But in Japanese. So, show briefly `How to use X in > Jail'. > > Note: I assume that Jail uses by ezjail because I don't know > jail configuration except for ezjail ;-p > > (1) Apply patch [2] in your kernel and rebuild > If patch failed, check manually and tell me :-) > (2) Install sysutils/ezjail > (3) Rewrite /usr/local/etc/ezjail.conf with your enviroment > (4) Create and configure Jail environment > (5) Set /etc/devfs.rules like [3] > (6) Edit /usr/local/etc/ezjail/foo which you want to XIJ as > follows: > 1) set devfs ruleset with it's number like: > export jail_desktop_devfs_ruleset=11 > 2) set `allow.kmem' with jail_desktop_parameters like: > export jail_desktop_parameters="allow.kmem;allow.sysvipc;" > 3) if you thorough ICMP packet set > jail_JID_socket_unixiproute_only="NO" > where JID is the `jail name' of XIJ > (6) Start ezjail > > [1] https://people.freebsd.org/~kiri/kbug/bof/2016/No.2/ > [2] https://people.freebsd.org/~kiri/jail/12.0-CURRENT-r303086.diff > [3] https://people.freebsd.org/~kiri/jail/devfs.rules I found some "kmem" patches in OpenBSD world, it's nice that it's possible also in FreeBSD. I will wait for 12-RELEASE, then I will test it. Thanks for info! > > > > > But thanks Scot + Arto for your answers, I learned a lot of small details. > > > > > -- > > > Arto Pekkanen > > _______________________________________________ > > freebsd-x11@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-x11 > > To unsubscribe, send any mail to "freebsd-x11-unsubscribe@freebsd.org" > > > --- > KIRIYAMA Kazuhiko